search

AzureAD / azure-activedirectory-library-for-js

The code for ADAL.js and ADAL Angular has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/maintenance/adal-angular
Apache License 2.0
627 stars 374 forks source link

AADSTS50058: A silent sign-in request was sent but no user is signed in #741

Closed prashantharshi closed 4 years ago

prashantharshi commented 6 years ago

Hi

We have a use case where in we want to fetch user's id_token. We have not used ADAL in our project but we are leveraging ADAL.js renewIdTokenMethod() to call v2 endpoint with reponse_type as id_token in hidden iframe. in browser we check keep me sign in checkbox so that authentication cookies is persisted and AAD successfully returns me id_token in the url fragment.

but when i try running my add-in in word desktop , AAD gives me the error AADSTS50058.

1) Is there a way we can set authentication cookies in desktop client since there is no keep me signed in checkbox when i log in to word desktop.

2) Does ADAL.js works only with javascript client running on browser and not for desktop clients ?

I have attached the method which we have used

`static getOfficeIdToken() {

    return new Promise((resolve, reject) => {
        let iframeTimeout;
        var iframe = document.createElement('iframe');

        iframe.setAttribute('id', 'iframeId');
        iframe.style.visibility = 'hidden';
        iframe.style.position = 'absolute';
        iframe.style.width = iframe.style.height = iframe.borderWidth = '0px';
        iframe.src = AppConfig.getOfficeIdTokenUri();

        document.getElementsByTagName('body')[0].appendChild(iframe);

        iframe.onload = function (iframeData) {

            let frameHref = "";
            try {
                frameHref = iframeData.currentTarget.contentWindow.location.href;
                let id_token = AppUtils.getQueryStringParameterByName("id_token", frameHref);
                clearTimeout(iframeTimeout);
                let iframe = jQuery(iframeData.currentTarget);
                iframe.remove();
                if (id_token) {
                    resolve(id_token);
                }
                else {
                    let error_desc = AppUtils.getQueryStringParameterByName("error_description", frameHref);
                    reject({
                        code: ErrorCodes.CLIENT.UNABLE_TO_FETCH_OFFICE_ID_TOKEN,
                        message: error_desc
                    });
                }

            }
            catch (error) {
                clearTimeout(iframeTimeout);
                let iframe = jQuery(iframeData.currentTarget);
                iframe.remove();
                reject({
                    code: ErrorCodes.CLIENT.UNABLE_TO_FETCH_OFFICE_ID_TOKEN,
                    message: "Failed to load iframe due to timeout"
                });
            }
        };

        iframeTimeout = setTimeout(function () {
            iframe.remove();
            reject({
                code: ErrorCodes.CLIENT.IFRAME_LOAD_TIMED_OUT,
                message: "Failed to load iframe due to timeout"
            })
        }, AppConstants.IFRAME_LOAD_TIMEOUT);
    });
}`
sameerag commented 4 years ago

adal js and msal js are only for browser based clients; For native there are various solutions and some environments support webview in which msal js or adal js can run. All current authentication work from microsoft is delivered through msal js library here. adal js is still supported only for security fixes. We would recommend to move to msal js for any advanced feature asks.