AuthenticationService.ts used in Microsoft.Authentication.WebAssembly.Msal missing popup-Api

[tts-jwiebe]

The AuthenticationService.ts used in namespace Microsoft.Authentication.WebAssembly.Msal does not try to use the popup api on signout. I would assume that the redirect_in_iframe error would be resolved by adding the popup mechanism.

This is AuthenticationService.ts i looked at.

The general problem is that i am able to sign in with my Blazor Wasm application which does fallback to the popup api (in an iframe) for signing in. But for signout it doesn't.

The AuthenticationService.ts doesn't include any signout specific popup calls. For log in it does fallback though. Adding the fallback mechanism therefore should resolve redirect_in_iframe thrown in an iframe while signing out.

Originally posted by @tts-jwiebe in https://github.com/dotnet/aspnetcore/issues/54665#issuecomment-2012798739

[ihkN]

I would be happy to implement those changes. Before I begin though i would like to know if you guys have anything special to consider.

For now I'd try to replicate the login behaviour to logout.

In C# there is a MsalProviderOption Property called "LoginMode" should a "LogoutMode" exist as well or should the value of LoginMode be used? If so I feel like the naming is odd.

[ihkN]

I have done my best to match the code. I've used the v8.0.3 tag as base, because that's my target. Signing in and out within an iFramed application works for me now. If you have any suggestions please tell me.

[tts-jwiebe]

The change https://github.com/ihkN/aspnetcore/commit/39b9c4270e3f1db73f30b0fd5a2a7b95a21b2942 seems to work but there is a catch. The WASM App is not being notified by the popup about a successful logout. I am not sure right now how the callback is being handled. After a user picks a an account to singout, the popup closes as expected but the wasm app itself just stays at /authentication/logout. But it never finishes.

The issues https://github.com/dotnet/aspnetcore/issues/53131 https://github.com/dotnet/aspnetcore/issues/34990 and https://github.com/dotnet/aspnetcore/issues/49956 seem to be kind of related. At least the symptom is similiar, which is "stuck at 'processing logout...'. Also i've read that wasm specifically does not support "Front-Channel-Logout" right now. Is this information still valid? I think @javiercn did mention this in an Issue i am sadly unable to find at the moment.

Right now my only solution to atleast apparently logout is the following: (Please remember i am in an iframed environment, i did provide a demo project in my first issue https://github.com/dotnet/aspnetcore/issues/54665#issue-2199955313) It is not updated yet to add the popup api enabled AuthenticationService.ts.

<!-- This site is just for testing purposes -->
@page "/signout"
@inject IJSRuntime JSRuntime

<!--  ... --->

@code {
   protected override async Task OnInitializedAsync()
   {
        Navigation.NavigateToLogout("authentication/logout", "/");
        // as wasm is not being notified by the signout popup i try to wait, which of course is far from ideal. 
        await Task.Delay(2_500).ContinueWith(async x => {
            // dirty way to atleast get the illusion of signing out
            await JSRuntime.InvokeVoidAsync("sessionStorage.clear");
            // redirect to / with reload, to update everything. A clear alone isn't enough and would allow the user to use the authorized endpoints even after the seamingly successful logout
            Navigation.NavigateTo("/", true);
        });
    }
}

I know that it is advised to use "NavigationManager.NavigateToLogout(...)", but it won't redirect at all. And it is lacking the ForceReload Property, effectively not singing out. Pay attention to the true at NavigateTo. It is required to at least get the illusion of a signout, otherwise nothing happens.

I feel like this is a bigger problem than just missing the popup api in AuthenticationService.ts.

[tts-sdrissen]

I also have this issue.

[ihkN]

@mkArtakMSFT can you give me any information about the state of this issue? As it's been six months so far without any movement on that matter at all, i just need to know if it is being investigated at all.

This is a security issue and shouldn't be treated as a enhancement!