Workaround for Third Party Storage Partitioning

[szahn]

There is a new feature in browsers called Storage Partitioning which prevents iframes in pages that rely on a login popup to authenticate. Logging into an identity provider via a popup window from an iframe within a host window causes browser storage partitioning to break the authentication flow. For example, when developing a Microsoft Teams Tab single page application, and logging into a third party identity provider with OAuth 2.0 Authorization Code PKCE flow from a popup window, breaks the process. Disabling this feature via chrome://flags/#third-party-storage-partitioning seems to resolve it in Chrome but not in Chromium or other browsers. This issue seems to affect other applications, including PowerBI embedding. There are some workarounds such as using url parameters or postMessage mentioned in this article. It would be great if there was an option to use a state provider that did not rely on partitioned storage somehow.

[miketaylr]

There is a new feature in browsers called Storage Partitioning which prevents iframes in pages that rely on a login popup to authenticate

Note that this behavior has shipped in Safari and Firefox for quite some time - Chrome is just catching up. How does this library work in those browsers?

[szahn]

We found a temporary workaround by using postMessage to send the oidc session from the storage in the popup back to the iframe in the host window. However, it would be ideal if the library would have built-in support for partitioned storage.

[pamapa]

@szahn Can you post the workaround here? And it would be nice if you can provide support for this via a merge request.

[deanmaster]

hi @szahn it would be great if you can post workaround here and perfectly as @pamapa said if you provide with merge request