Better workaround for silent token refresh failure in Safari

Library

[x] msal@1.x.x or @azure/msal@1.x.x
[ ] @azure/msal-browser@2.x.x
[ ] @azure/msal-angular@0.x.x
[ ] @azure/msal-angular@1.x.x
[ ] @azure/msal-angularjs@1.x.x

Description

Current work around for silent token renewal failure in safari requires user intervention i.e to completely disable the third party cookie blocking in Safari Preferences.However it appears a better alternative exists in the form of Storage Access API.

From MDN doc

In addition, sandboxed s cannot be granted storage access by default for security reasons. The API therefore also adds the allow-storage-access-by-user-activation sandbox token. The embedding website needs to add this to allow storage access requests to be successful, along with allow-scripts and allow-same-origin to allow it to call the API, and execute in an origin that can have cookies</p> </blockquote> <p>From <a rel="noreferrer nofollow" target="_blank" href="https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/">webkit blog</a></p> <blockquote> <p>To keep supporting cross-site integration, we shipped the Storage Access API two years ago to provide the means for authenticated embeds to get cookie access with mandatory user control.</p> </blockquote> <p>Is this something we can look into as a possible alternative ?</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/pkanher617"><img src="https://avatars.githubusercontent.com/u/6913227?v=4" />pkanher617</a> commented <strong> 4 years ago</strong> </div> <div class="markdown-body"> <p>@niwsa Thanks for posting this. We have looked at the Storage API and we are currently exploring options that will require changes to both the auth client library and server. </p> <p>The current workaround we are using is to introduce the authorization code flow for browsers, which limits the usage of iframes. We have introduced this in the @azure/msal-browser package which is currently in beta. We recommend using this package to get token exchange working in Safari browsers.</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/niwsa"><img src="https://avatars.githubusercontent.com/u/3107922?v=4" />niwsa</a> commented <strong> 4 years ago</strong> </div> <div class="markdown-body"> <p>@pkanher617 Thanks for the reply.However I understand that @azure/msal-browser is not available for B2C tenants which is really my use case.For now thinking of using <a href="https://github.com/AzureAD/passport-azure-ad">https://github.com/AzureAD/passport-azure-ad</a> with server side rendering (Next JS).</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/pkanher617"><img src="https://avatars.githubusercontent.com/u/6913227?v=4" />pkanher617</a> commented <strong> 4 years ago</strong> </div> <div class="markdown-body"> <p>@niwsa We are hoping to have support for B2C tenants by the end of this month, keep an eye out for new releases!</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/ukcoderj"><img src="https://avatars.githubusercontent.com/u/4604271?v=4" />ukcoderj</a> commented <strong> 4 years ago</strong> </div> <div class="markdown-body"> <p>@pkanher617 - re your comment on 14th May - are B2C tenants now supported please?</p> </div> </div> <div class="page-bar-simple"> </div> <div class="footer"> <ul class="body"> <li>© <script> document.write(new Date().getFullYear()) </script> Githubissues.</li> <li>Githubissues is a development platform for aggregating issues.</li> </ul> </div> <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js"></script> <script src="/githubissues/assets/js.js"></script> <script src="/githubissues/assets/markdown.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/go.min.js"></script> <script> hljs.highlightAll(); </script> </body> </html>

AzureAD / microsoft-authentication-library-for-js

Better workaround for silent token refresh failure in Safari #1656

Library

Description