This is probably not safe to merge immediately into the 2.x version since it will change the default behavior, but after banging my head against why I couldn't get the "normal" auth flow to work in a downstream fork, I found that prompt is being set to "none" by default.
prompt is an optional attribute. Defaulting to "none" prevents the default SSO flow from taking place if the user isn't logged in or hasn't authenticated the app. If it is undefined then the "normal" flow happens: MS figures out if they are logged in and if they have granted consent and handles prompting as needed.
For anyone else who runs into this issue, you can override back to the default SSO flow by setting prompt to an empty string so the ?? doesn't catch, but that seems pretty clunky.
This is probably not safe to merge immediately into the 2.x version since it will change the default behavior, but after banging my head against why I couldn't get the "normal" auth flow to work in a downstream fork, I found that prompt is being set to "none" by default.
prompt
is an optional attribute. Defaulting to "none" prevents the default SSO flow from taking place if the user isn't logged in or hasn't authenticated the app. If it is undefined then the "normal" flow happens: MS figures out if they are logged in and if they have granted consent and handles prompting as needed.See: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow
For anyone else who runs into this issue, you can override back to the default SSO flow by setting
prompt
to an empty string so the??
doesn't catch, but that seems pretty clunky.