ADAL.JS - Support POST method? Support normal auth code flow?

Question

We've successfully implemented authentication via the ADAL.js library. We are trying to use it to authenticate against ADFS. While it successfully authenticates, we cannot request any claims/roles. I've been told the issue is that "ADFS only allows implicit grant if repsonse_mode is either forms or fragment." I'm wondering if there's a way to modify the code to support a POST send to ADFS (instead of the GET)? It appears the library uses implicit flow - can it support normal auth code flow? Any other suggestions to get around this issue?

We can send the redirect request to ADFS, arriving as a GET request. After authenticating, user information and an access token are received via the redirect URL successfully. But there seems to be no way to prompt ADFS to include the user's roles/claims.

Tried using variations on configuration to pass different params to ADFS, but none are enough to force inclusion of roles/claims:

private _config = {
    instance: "xxxx", 
    tenant: "xxxx",          
    clientId: "xxxx",       
    redirectUri: "xxxx", 
    postLogoutRedirectUri: "xxxx"
    , extraQueryParameter: "ResourceId=xxxx"
  }

Answer 1

It seems that there is a workaround that allows you to force this:

In adal.js, make the following changes:

/**
     * Initiates the login process by redirecting the user to Azure AD authorization endpoint.
     */
    AuthenticationContext.prototype.login = function (loginStartPage) {
        // Token is not present and user needs to login
        ...

        // var urlNavigate = this._getNavigateUrl('id_token', null) + '&nonce=' + encodeURIComponent(this._idTokenNonce);
        // Force the response as a POST
        var urlNavigate = this._getNavigateUrl('id_token', null) + '&response_mode=form_post&nonce=' + encodeURIComponent(this._idTokenNonce);

See: https://medium.com/the-new-control-plane/the-mystery-of-the-missing-adfs-jwt-claims-7658d9cdeaac