Pop-up redirected to /null instead of closing itself

[nvigne]

I'm submitting a...

• [ ] Regression (a behavior that used to work and stopped working in a new release)
• [x] Bug report
• [ ] Performance issue
• [ ] Feature request
• [ ] Documentation issue or request
• [ ] Other... Please describe:

Browser:

• [x] Chrome version 72.XX
• [ ] Firefox version XX
• [ ] IE version XX
• [ ] Edge version XX
• [ ] Safari version XX

Library Name

• [x] adal.js 1.0.17
• [ ] adal-angular XX

Library version

Library version: 1.0.17

Current behavior

The current behavior was reproducted in Chrome, but could probably happens in other browser as well.

Our login flow is happening in a pop-up for multiple reason. When you try to open the window for the first time, Chrome (and other browser) are blocking the pop-up (we open the pop-up by calling the login method in a programmatic way without user interaction).

The user is asked to either allow all the popups for the specific domain or he can click on the link to open the specific pop-up.

If the user click on the link, the pop-up will open and he will be able to complete the login flow in the login.onmicrosoft.com domain. Then he is redirected to the redirect url page where we simply call the handleWindowCallback.

Calling this method should not be necessary for pop-up, however, for Adal.js library, since the browser blocked the pop-up, we lost the reference on the pop-up from the main window, so the main window will not handle the callback. At that point we enter the code in handleWindowCallback, in line 1365, the library does the following logic:

if (window.parent === window && !isPopup) {
                if (self.config.navigateToLoginRequestUrl) {
                    window.location.href = self._getItem(self.CONSTANTS.STORAGE.LOGIN_REQUEST);
                } else window.location.hash = '';
            }

We enter the firs if condition, because the pop-up does'nt know this is a popUp, then goes to the second if, and since we didn't provide any value for navigateToLoginRequestUrl, it is set to true by default. At that point we set the window.location.href to the value stored in the local storage. Infortuantelly, this value is set to nothing, which cause the window.location.href to be set to null.

Expected behavior

I would expected the pop-up to close nicely.

I think there is globally two issues here:

• If the pop-up is not opened by Adal.js, we are redirected to /null, we should handle this case more properly.
• If there is a pop-up blocker, which cause the popUp to be null, we should try to do more clever things, but it may require more work.

Minimal reproduction of the problem with instructions

Steps are detailed in the expected behaviour. Basically, if the pop-up is not directly open by Adal.js, in that case it is the browser which opened the pop-up, then we loose reference on the parent window, which cause the redirection to /null.

[nvigne]

The popUp was redirecting to /null because the redirect Uri was using the session storage when the caller was using the local Storage.

It does not solve the issue where the popUp does not close by itself when the login process finish, due to the fact that the main window lose reference on the popUp

[NaveenK-J]

Any updates on this? We are running into similar issues

[jmckennon]

This bug is fixed in msal js. All current authentication work from Microsoft is delivered through the msal js library here. adal js is still supported only for security fixes. We recommend moving to msal js for any advanced feature requests and bugfixes.