search

AzureAD / microsoft-authentication-library-for-js

Microsoft Authentication Library (MSAL) for JS
http://aka.ms/aadv2
MIT License
3.67k stars 2.65k forks source link

Scenario where `loginPopup` and `loginRedirect` should respect the `responseMode` parameter. #3862

Closed dse closed 3 years ago

dse commented 3 years ago

Core Library

MSAL.js v2 (@azure/msal-browser)

Wrapper Library

Not Applicable

Description

Regarding #2228.

I'm working on a serverless web app that currently uses an AWS Lambda function as a redirect URI. It receives the Microsoft authentication tokens, validates them, generates an AWS STS token, and sends the STS token back to the browser. The browser then uses that token for subsequent calls to a different Lambda function. Right now we are using whatever they call the authentication method that involves URLs like https://account.activedirectory.windowsazure.com/applications/signin/<clientId>?tenantId=<tenantId>.

My current mission is to switch to the Microsoft Graph API as per this tutorial.

Lambda functions are entirely server side, and do not have access to the fragment portion of the URL. (The #bob in https://example.com/#bob) Unfortunately, when I specify responseMode: 'query', msal-browser ignores it and will always redirect to <redirectUri>#<fragment>.

As workarounds, I can either set up a page that redirects to a URL with its fragment as the query string, or I can do some mad science JavaScript monkeypatching. A better solution would be nice.

Source

External (Customer)

jasonnutter commented 3 years ago

@dse MSAL Browser is only intended to support client-side authentication flows. If you need the response to be available server side, you should use a server-side auth library, such as MSAL Node. Have you looked at our samples for MSAL Node?

tnorling commented 3 years ago

Closing as answered.