search

AzureAD / microsoft-authentication-library-for-android

Microsoft Authentication Library (MSAL) for Android
http://aka.ms/aadv2
MIT License
206 stars 120 forks source link

Allow Prompt.None when acquiring a token after logging in #2065

Open ravindu-edg opened 3 months ago

ravindu-edg commented 3 months ago

I use MSAL in an app that supports login and edit profile features via Azure B2c. However, when the user logs in and tries to go to edit their profile via a different Policy, they are asked to enter the password again.

Is there a way to avoid this second login by perhaps setting "Prompt.None" or &prompt=none when calling the acquireToken() method in the SDK.

I have already tried

All the available Prompt types and not adding a prompt at all Passing a token (from silent token acquisition) as a id_token_hint query parameter to acquire token It seems that the .Net and Web SDKs have the ability to pass prompt=none but we are not able to do that with the native app sdks. Is there a possibility of adding this to the mobile SDKs? Also, would setting this allow the user to skip the second login?

negoe commented 3 months ago

@ravindu-edg This is functioning as anticipated. You will experience Single Sign-On (SSO), once you've completed the sign-in process, you will not need to sign in again for the Profile Edit journey.

Here's how to verify this:

  1. Initiate a new browser session and complete the sign-in process.
  2. In a new tab, navigate to the Profile Edit page by pasting its link. Ensure you remove the prompt=login query parameter from the URL.
  3. Upon accessing the link, you'll be directed immediately to your profile modification page, bypassing the sign-in page.
ravindu-edg commented 3 months ago

Hi @negoe, the issue is that I'm unable to remove the prompt=login query parameter from the URL when using the SDK.

When I omit the withPrompt value as below, I still get &prompt=select_account in the URL. 

val params = AcquireTokenParameters.Builder()
            .startAuthorizationFromActivity(activity)
            .fromAuthority(authority)
            .withScopes(listOf(BuildConfig.B2C_SCOPE))
            //.withPrompt(Prompt.LOGIN)
            .withCallback(authenticationCallback)
            .build()
        client.acquireToken(params)
negoe commented 3 months ago

@ravindu-edg Thank you for the clarification. I confirmed with our team, that as of today, we do not offer support for prompt=none. This is recognized as a request for a new feature. We will monitor the demand for this requirement closely and consider prioritizing it in the future should more customers express a need for it.

VolodaUa commented 1 week ago

@ravindu-edg Hi,

If i am not mistaken, you can reach the desired result by using this function - forAccount. The account you can get from library (application class)

https://learn.microsoft.com/en-us/java/api/com.microsoft.identity.client.tokenparameters.builder?view=azure-java-stable#com-microsoft-identity-client-tokenparameters-builder-foraccount(iaccount)