Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Sign in flow does not complete when running MSAL 2.0 in iframe

See original GitHub issue

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.16.1

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

2.0.2

Description

I am building an Angular based SPA using MSAL-angular 2.0 and integrating with an Azure B2C custom policy.

I have been able to integrate several policies, including sign up, sign in, forgot password, etc. without any issue as long as the angular application is running in it’s own browser window.

However, we have a requirement to use ‘journey framing’ to perform a sign in when this application is loaded in an iframe. Unfortunately, whenever the application is loaded in an iframe, MSAL triggers a sign in flow, completes the B2C portion, but after returning to the SPA, MSAL fails to complete the sign in flow (session storage shows interaction_in_progress and URL bar contains B2C return values).

There is no error output in console or any warning to suggest why MSAL will not proceed to complete the flow using the values passed in the return URL from B2C. This works completely fine and completes the flow if not running in an iframe.

I have noted the requirements and information in this support article: https://docs.microsoft.com/en-us/azure/active-directory-b2c/embedded-login?pivots=b2c-custom-policy

The article does state that “Running MSAL 2.0 in an iframe is not currently supported.”. Does this mean that the issue I am observing is considered normal because MSAL is currently not designed to handle this use case? If so, is there any workaround at this stage?

Thanks

MSAL Configuration

{
    auth: {
      clientId: config.clientId,
      authority: config.signInAuthority,
      redirectUri: "/loading",
      postLogoutRedirectUri: "/",
      knownAuthorities: [config.authorityDomain]
    },
    cache: {
      cacheLocation: BrowserCacheLocation.LocalStorage,
      storeAuthStateInCookie: isIE,
    },
    system: {
      allowRedirectInIframe: true,
      loggerOptions: {
        loggerCallback,
        logLevel: LogLevel.Verbose,
        piiLoggingEnabled: true
      }
    }
}

Relevant Code Snippets

No response

Identity Provider

Azure B2C Custom Policy

Source

External (Customer)

Issue Analytics

State:
Created 2 years ago
Comments:7 (2 by maintainers)

Top GitHub Comments

1reaction

tnorlingcommented, Oct 7, 2021

@danspano Thanks for confirming! Looks like there’s another place we need update to allow redirects in iframes, we made a note but never implemented it. I’ll reopen this issue until the work is complete, merging the linked PR will close.

0reactions

msftbot[bot]commented, Nov 2, 2021

🎉This issue was addressed in #4142, which has now been successfully released as @azure/msal-browser@v2.19.0.🎉

Handy links: