Reputation: 2007
Single sign-on with MSAL.js?
It it possible to get single sign-on for my application when already authenticated to AzureAD?
Prossible flow:
- Signed in as an AzureAD user
- Go to my app
- Redirected to https://login.microsoftonline.com/tenantid/oauth2/authorize?client_id=clientid (ish) -> which returns a token and redirects back to my application
Next time i use my application if i got a valid cookie i'm not redirected to microsoftonline.com and can start using my app directly.
In short, I would like to get to the callback without displaying the popup for the end user:
var userAgentApplication = new Msal.UserAgentApplication("your_client_id", null, function (errorDes, token, error, tokenType) {
// this callback is called after loginRedirect OR acquireTokenRedirect (not used for loginPopup/aquireTokenPopup)
})
userAgentApplication.loginPopup(["user.read"]).then( function(token) {
var user = userAgentApplication.getUser();
if (user) {
// signin successful
} else {
// signin failure
}
}, function (error) {
// handle error
});
Upvotes: 2
Views: 3890
Answers (2)
Reputation: 4199
Use acquireTokenSilent instead of loginPopup, and pass your client ID as the scope. If the promise is rejected, then you need to call one of the other functions to log in.
Upvotes: 2
Reputation: 27538
If specify the tenant and only one user is signed into azure ad before , you could directly sign into your app if prompt=none(by default) . You can't achieve that with MSAL.JS , refer to source code of MSAL.JS :
var urlNavigate = authenticationRequest.createNavigateUrl(scopes) + "&prompt=select_account" + "&response_mode=fragment";
It will set prompt=select_account will redirect user to select account page . If you are using Azure AD accounts and just want to login a specific tenant , you could try ADAL.JS (will not force prompt=select_account). If that is a multi-tenant app(use common instead of tenant id ) , you can't avoid user selecting page with azure ad v2.0 endpoint .
Notice :If the user is signed into azure ad with multiple accounts , you can't avoid user selecting page , that is by design , user should has the opportunity to choose which account he or she wants to use for signing into the application .
Upvotes: 1
Related Questions
- Implement MSAL in Javascript
- MSAL B2C Browser signup sign in user flow
- Problem with Azure AD B2C MSAL authentication
- How to sign in azure ad from node.js script(without browser flow)
- using third-party identity provider with Azure AD and MSAL.js
- Login with AAD MSAL - Login is already in progress
- use MSAL.js for NodeJs
- SSO between SPA apps using Azure AD and MSAL
- Msal.js getUser() returns null
- Azure Active Directory authentication using -only- the adal javascript library