adal login failed on SharePoint Document library

[vasanthtt]

• [ ] Question
• [ ] Typo
• [x] Bug
• [ ] Additional article idea

Expected or Desired Behavior

I have used adal in ListView Command Set extension. When I am opening a document library, adal inside extension is trying to login, that redirects the page to below

https://login.microsoftonline.com/abc.onmicrosoft.com/oauth2/authorize?response_type=id_token&client_id=xxxx-xxx-xxx-xx&redirect_uri=https://abc.sharepoint.com/teams/TestSite/Shared%20Documents/Forms/AllItems.aspx&state=ce1d0369-543a-475b-a057-c8c70e337bb7&prompt=none&login_hint=name@abc.com&client-request-id=55dad306-f57e-427c-a7f6-37befba748c8&x-client-SKU=Js&x-client-Ver=1.0.17&nonce=4661c42f-f98f-40be-bb4c-d0c40dac5f51

after authentication, it should redirects back to the original page with id_token in hash (window.location.hash)

Observed Behavior

after authentication, it is redirected back to the original page with id_token in search (window.location.search).

https://abc.sharepoint.com/teams/TestSite/Shared%20Documents/Forms/AllItems.aspx?id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1d...&session_state=837cdd5f-d189-48f9-8fbe-ab0325f8c788

This is happening only when I trying with redirect contains '/Forms/AllItems.aspx'

i.e.,

• &redirect_uri=https://abc.sharepoint.com/teams/TestSite/Shared%20Documents/Forms/AllItems.aspx Result: not working - id_token in search

• &redirect_uri=https://abc.sharepoint.com/teams/TestSite/Shared%20Documents Result: working - id_token in hash

Due to this adal library failed to consume id_token in handleWindowCallback method, as this method looking id_token in hash.

[jmckennon]

Can you try switching to msal js here?

adal js is no longer being supported outside of high-priority security fixes. We recommend everyone switch to msal js for these sorts of advanced fixes and better features.

[jasonnutter]

Closing due to inactivity.