SignInInteractive returns result without authenticating.

wrobins / cordova-plugin-msal

Use the newest Microsoft MSAL library in your Cordova-based project!

Apache License 2.0

23 stars 66 forks source link

SignInInteractive returns result without authenticating. #106

Open ggGoblin opened 1 year ago

ggGoblin commented 1 year ago

When using Active directory to sign into App authentication can be skipped.

Steps to reproduce.

Sign in once using Active Directory login screen.
Logout
Open sign in page then close it when it asks for email/password
Open sign in page a second time, and no need for email/password you are logged in successfully.

Noticed the issue when I started testing with corporate account.

Interested to know if anyone has come across this, and what solution they used.

peitschie commented 1 year ago

@ggGoblin this can be caused by the external browser caching the login credentials itself. The sign-out from the application itself is not communicated to the browser again, I believe.