Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User prompted for credentials even after WAM configuration #7294

Open
2 tasks
Sampaths4u opened this issue Sep 6, 2024 · 4 comments
Open
2 tasks

User prompted for credentials even after WAM configuration #7294

Sampaths4u opened this issue Sep 6, 2024 · 4 comments
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@Sampaths4u
Copy link

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.21.0

Wrapper Library

Not Applicable

Wrapper Library Version

NA

Public or Confidential Client?

Public

Description

While authenticating using msal in react application in windows it’s still asking login credentials for the first time using adfs screen. But if WAM is configured user should not be prompted for login as allownativebroker is set to true.

Error Message

No response

MSAL Logs

No response

Network Trace (Preferrably Fiddler)

  • Sent
  • Pending

MSAL Configuration

const msalConfig = {
    auth: {
        clientId: "client id",
        authority: "https://login.microsoftonline.com/tenantid"
    },
    cache: {
        cacheLocation: "sessionStorage", // This configures where your cache will be stored
        storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
    },
    system: {
        loggerOptions: {
            loggerCallback: (level, message, containsPii) => {
                if (containsPii) {
                    return;
                }
                switch (level) {
                    case msal.LogLevel.Error:
                        console.error(message);
                        return;
                    case msal.LogLevel.Info:
                        console.info(message);
                        return;
                    case msal.LogLevel.Verbose:
                        console.debug(message);
                        return;
                    case msal.LogLevel.Warning:
                        console.warn(message);
                        return;
                    case msal.LogLevel.Trace:
                        console.log(message);
                        return;
                }
            },
            logLevel: msal.LogLevel.Trace
        },
        allowNativeBroker: true // For demonstration purposes, allowNativeBroker is true by default as of MSAL Browser v3
    }
};

// Add here scopes for id token to be used at MS Identity Platform endpoints.
const loginRequest = {
    scopes: ["User.Read"]
};

// Add here the endpoints for MS Graph API services you would like to use.
const graphConfig = {
    graphMeEndpoint: "https://graph.microsoft.com/v1.0/me",
    graphMailEndpoint: "https://graph.microsoft.com/v1.0/me/messages"
};

// Add here scopes for access token to be used at MS Graph API endpoints.
const tokenRequest = {
    scopes: ["Mail.Read"],
    forceRefresh: false // Set this to "true" to skip a cached token and go to the server to get a new token
};

const silentRequest = {
    scopes: ["openid", "profile", "User.Read", "Mail.Read"]
};

const logoutRequest = {}

Relevant Code Snippets

let signInType;
let accountId = "";

// Create the main myMSALObj instance
// configuration parameters are located at authConfig.js
const myMSALObj = new msal.PublicClientApplication(msalConfig);
myMSALObj.initialize().then(() => {
    // Redirect: once login is successful and redirects with tokens, call Graph API
    myMSALObj.handleRedirectPromise().then(handleResponse).catch(err => {
        console.error(err);
    });
});


function handleResponse(resp) {
    if (resp !== null) {
        accountId = resp.account.homeAccountId;
        myMSALObj.setActiveAccount(resp.account);
        showWelcomeMessage(resp.account);
    } else {
        // need to call getAccount here?
        const currentAccounts = myMSALObj.getAllAccounts();
        if (!currentAccounts || currentAccounts.length < 1) {
            return;
        } else if (currentAccounts.length > 1) {
            // Add choose account code here
        } else if (currentAccounts.length === 1) {
            const activeAccount = currentAccounts[0];
            myMSALObj.setActiveAccount(activeAccount);
            accountId = activeAccount.homeAccountId;
            showWelcomeMessage(activeAccount);
        }
    }
}

async function signIn(signInType) {
    if (signInType === "popup") {
        return myMSALObj.loginPopup(loginRequest).then(handleResponse).catch(function (error) {
            console.log({...error});
            console.log(error);
        });
    } else if (signInType === "redirect") {
        return myMSALObj.loginRedirect(loginRequest)
    }
}

function signOut(interactionType) {
    const logoutRequest = {
        account: myMSALObj.getAccountByHomeId(accountId)
    };

    if (interactionType === "popup") {
        myMSALObj.logoutPopup(logoutRequest).then(() => {
            window.location.reload();
        });
    } else {
        myMSALObj.logoutRedirect(logoutRequest);
    }
}

async function getTokenPopup(request, account) {
    const startTime = Date.now();
    return await myMSALObj.acquireTokenSilent(request).then((response) => {
        console.log(`Token acquisition time elapsed: ${Date.now() - startTime}ms`);
        console.log(response);
        return response;
    }).catch(async (error) => {
        console.log("silent token acquisition fails.");
        if (error instanceof msal.InteractionRequiredAuthError) {
            console.log("acquiring token using popup");
            return myMSALObj.acquireTokenPopup(request).catch(error => {
                console.error(error);
            });
        } else {
            console.error(error);
        }
    });
}

Reproduction Steps

While authenticating using msal in react application in windows it’s still asking login credentials for the first time using adfs screen. But if WAM is configured user should not be prompted for login as allownativebroker is set to true.

Expected Behavior

While authenticating using msal in react application in windows it’s still asking login credentials for the first time using adfs screen. But if WAM is configured user should not be prompted for login as allownativebroker is set to true.

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

Chrome

Regression

No response

Source

Internal (Microsoft)
@Sampaths4u Sampaths4u added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Sep 6, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Sep 6, 2024
@github-actions github-actions bot added msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications labels Sep 6, 2024
@sameerag
Copy link
Member

sameerag commented Sep 6, 2024

@Sampaths4u Do you have the extension installed?

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Author Feedback Awaiting response from issue author and removed Needs: Attention 👋 Awaiting response from the MSAL.js team labels Sep 6, 2024
@Sampaths4u
Copy link
Author

Sampaths4u commented Sep 9, 2024
edited
Loading

Thanks @sameerag there was issue with extension and it’s working now.

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Attention 👋 Awaiting response from the MSAL.js team and removed Needs: Author Feedback Awaiting response from issue author labels Sep 9, 2024
@Sampaths4u
Copy link
Author

Hi everyone, Do we have any way to implement wam based authentication without chrome extension

@Sampaths4u
Copy link
Author

Is there any way to implement wam authentication without chrome extension

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sameerag @Sampaths4u