MSAL.JS version 0.1.3 single sign on

2
votes

Related to MSAL.js

  1. While using MSAL.js for single sign on for azure active directory, we use loginredirect method from MSAL to redirect user, it redirect to 'null' URL. I don't know why it happen but it come from MSAL library.

  2. We use idtoken (new Msal.IdToken(localStorage["msal.idtoken"]);) method to decode token, when we use version 0.1.1 it works fine, when upgrade the version 0.1.3 it returns error "Msal.IdToken is not a constructor". I can't understand how to call the method.

  3. One more issue with MSAL.js is, when we provide credential for login, login does not redirect to my application, I don't understand why it is looping in login page after entering correct credential.

  4. When we logout and again try to login, it loop on login page.

    We use 'if (errorDesc != null && errorDesc.indexOf("AADB2C90118") > -1) ' because we also do forgetpassword functionality.

Below the code which we implemented for redirection

var clientApplication = new Msal.UserAgentApplication(applicationConfig.clientID, applicationConfig.authority, authCallback, { cacheLocation: 'localStorage' });

    function authCallback(errorDesc, token, error, tokenType) {
        if (errorDesc != null && errorDesc.indexOf("AADB2C90118") > -1) {
            clientApplication.authority = applicationConfig.passwordAuthority;
        }
        login();
    }

 function login() {
            clientApplication.loginRedirect(applicationConfig.b2cScopes);
    }

Please give me solution for this problems.

1
angularjsasp.net-web-apiazure-active-directorymsal
About 1 and 3: - Did you registered the Redirect URL in the Azure portal? - which browser do you use? is the behavior different with Chrome ?Jean-Marc Prieur
For 2. IDToken is not a public class. MSAL will give you an IDToken directly? no need to deserialize it yourself?What is your scenario?Jean-Marc Prieur
For first comment - Yes I registered my redirect URL on azure, We use chrome browser.S. Deshmukh
For second comment, we are access IDToken when we use MSAL version 0.1.1, and it work properly. but when we update it to 0.1.3 then issue arise. We need decoded token to check its expiry for that reason we use this method.S. Deshmukh
@S.Deshmukh Regarding checking the idtoken for expiry. Can you explain the need for that? A similar issue was posted on MSAL and it explains why checking id token expiration may not necessarily mean the session is expired. Please take a look to see if this helps you.Navya Canumalla

1 Answers

0
votes

MSAL.js already takes care of expiracy, and the IDToken is used as a token cache key. It's not supposed to be used to get information about the user (if you want to do that, it's better to call the Microsoft Graph Me endpoint. Also note that the IDToken is not signed, and therefore, in case of compromission of something on the line (chall you don't have a guaranty that its inf