question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

what is the proper way to authenticate SPFX Web-parts?

See original GitHub issue

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.14.2

Wrapper Library

Not Applicable

Wrapper Library Version

N/A

Public or Confidential Client?

Public

Description

We currently use MSAL 2.14.2 to get our AAD token to be able to get an access token from our own API. The problem is that ITP on Safari breaks the authentication flow and the only solution there seems to be is to rely on pop ups and redirects.

This Microsoft article states that AadHttpClient with the implicit flow should be used instead to bypass 3rd party blocker issues, but it seems like it too uses a hidden iFrame and ends up relying on redirects (We have implemented it and we get a redirect after the SP page has loaded, then it works).

What is the best way to get a token from SPFX web-parts then without impacting the user experience? Having in mind that all browsers seem to be adding this type of feature, will pop ups and redirects become the standard if there is no other solution?

Thanks.

UPDATE: We were able to run this Microsoft tutorial locally that implements AadHttpClient on SPFX and it does the login redirect after SP login.

MSAL Configuration

No response

Relevant Code Snippets

No response

Identity Provider

Azure AD

Source

External (Customer)

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
hectormmgcommented, Sep 26, 2022

@levisalarcon it does currently use an older version of MSAL I believe (I think the docs are outdated, it actually uses MSAL v1 and will probably migrate to MSAL v2 soon).

Regarding this part of your quesiton:

Having in mind that all browsers seem to be adding this type of feature, will pop ups and redirects become the standard if there is no other solution?

Yes, interaction is always necessary if MSAL cannot renew the tokens silently, this is because of 3p cookies being blocked by browsers. I believe the AadHttpClient already takes care of falling back to interaction. There’s no way to guarantee tokens will always be fetched silently.

0reactions
levisalarconcommented, Sep 27, 2022

thanks for the answer @hectormmg.

Read more comments on GitHub >

github_iconTop Results From Across the Web

SharePoint Framework (SPFx), Authenticating to Api's and ...
Microsoft has made it quite easy to implement this on the SPFx side. You just use the aadHttpClientFactory and the authentication part is...
Read more >
SPFx web-part authentication with REST API not secured with ...
Currently, SPFX is only available to autentcate with Azure AD, get access token and set related permission in Azure AD App, not supported...
Read more >
SPFx isolated web parts – the right way to connect to your ...
Here's a summary of what you need to do: Create your Azure Function app and secure with AAD authentication. Create your SPFx project...
Read more >
Different ways of consuming organizational data ... - SharePoint
In this post, I'm going to cover different options when it comes to accessing organizational data from SPFx web parts.
Read more >
Using MSAL.js 2.0 in SharePoint Framework (SPFx)
This should match your page later where you want to instantiate your webpart (Hey this sounds like showstopper?) and is case sensitive but...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found