Open areddy294 opened 1 year ago
Thank you for reporting this issue, we are actively working on it. We will let you know once we have any progress.
We noticed the same issue with our Taskpane app in Word (custom authentication provider, not MSAL)
https://learn.microsoft.com/en-us/office/dev/add-ins/testing/runtimes#share-data-across-runtimes https://developers.google.com/privacy-sandbox/3pcd/storage-partitioning
all the browser change this behaviour. i think MS office should provide a solution for us. not just told us to disable it!!! how we told all the customer to let them do that?
go to chrome://flags or edge://flags, then set the Experimental third-party storage partitioning (#third-party-storage-partitioning) flag to Disabled.
Any key value pairs stored in the Local Storage are not accessible between the dialog and Taskpane RHP
Your Environment
Expected behavior
We have followed the official MSFT documentation here 'https://learn.microsoft.com/en-us/office/dev/add-ins/develop/auth-with-office-dialog-api' and designed our Excel OfficeJS Addin login mechanism relying solely on the msal package and local storage being shared between dialog and RHP.
Current behavior
Until a week ago, the local storage was shared between the dialog and RHP and our login mechanism worked fine. From 11/03/2023, we noticed that our login mechanism isn't finishing, and upon debugging, we noticed that the issue is with localstorage no longer being shared between dialog and RHP. We also noticed that the same link mentioned above, that suggests to use Local Storage, has a "note" added, which says there is a bug with local storage, but that note doesn't have any further info, or potential resolution plan.
Steps to reproduce
Any local storage values set from RHP are not accessible in OfficeDialog opened by the same RHP, and vice versa.
Context
Without the local storage being shared, although msal logs-in the user using the office dialog and the msal redirect approach, the RHP is not aware of the logged in user. We understand messageParent is an alternative, but messageParent can only be used to send one-off messages from parent to child, but for something like auth which needs to be put in longer term storage, adding it to local storage is the most common approach and is also the approach suggested from the docs. Also, MSAL can be configured to automatically use the LocalStorage, which is what we have used, but with the current change, although the Dialog's instance of MSAL sets the auth context in LocalStorage, RHP is not aware of it, as it is not sharing the same local storage.
This is directly affecting our login flow and all our users. The docs seem to acknowledge this as a bug here: https://learn.microsoft.com/en-us/office/dev/add-ins/develop/auth-with-office-dialog-api#you-usually-cannot-use-the-librarys-internal-cache-to-store-tokens and here: https://learn.microsoft.com/en-us/office/dev/add-ins/develop/parent-to-dialog but there is no further information and workarounds for this.