search

AzureAD / azure-activedirectory-library-for-js

The code for ADAL.js and ADAL Angular has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/maintenance/adal-angular
Apache License 2.0
627 stars 372 forks source link

After blocking third party cookies in the browser, browser treating login.microsoftonline.com as third party cookies and blocking it. #900

Closed m-sunilkumar closed 4 years ago

m-sunilkumar commented 4 years ago

After blocking third party cookies in the browser.Login is not happening because "login.microsoftonline.com" is blocked to set cookies as it is treated as third party cookies.Is there any way to configure the authentication setup so that "login.microsoftonline.com" will not be treated as third party cookies and login actually happens even with blocked third party cookie settings. I have used react-adal for authentication service with standard adal-config object with client id ,tenant-id,and cacheLocation. how i can allow this login.microsoftonline site to set cookies even with third party cookies block from client side script. adalConfig = { // instance: https://login.microsoftonline.com/${tenantid}/, tenant: tenantid, clientId: clientId, redirectUri: redirectUri, endpoints: {}, cacheLocation: "sessionStorage", extraQueryParameter: "scope=openid,https://graph.microsoft.com/.default" };

using authContext object iam handling login process. authContext = new AuthenticationContext(adalConfig);

Please help me with this to solve this third party cookie problem

Browser:chrome

Mhbuur commented 4 years ago

Facing the same challenge here.

The browser development trend of blocking third party cookies is on a rise. Recently Chrome launched an update blocking third party cookies in In Cognito mode by default, and Mozilla is taking it further for standard sessions too.

https://venturebeat.com/2020/05/19/google-chrome-83/

https://venturebeat.com/2019/06/04/firefox-enhanced-tracking-protection-blocks-third-party-cookies-by-default/

How do we get around this without telling the clients to add "login.microsoftonline.com" to trusted sites?

jasonnutter commented 4 years ago

We are solving this for most scenarios in MSAL.js v2 by switching from the Auth Code Flow. See https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/1000 for more details (this work will not be done ADAL.js).

Mhbuur commented 4 years ago

@jasonnutter so no updates to ADAL in this regard?

jasonnutter commented 4 years ago

@jasonnutter so no updates to ADAL in this regard?

No, you will need to upgrade to MSAL.js v2 to address problems with third-party cookies.