I'm using the following example to configure a simple application with adal.js of version 1.0.17. I was able to successfully run this example and authenticate user when launching the page locally (http://localhost:8000/simpleSPA.html). However, I have issues with authentication when simpleSPA.html is returned to the caller from the server where it is hosted (when particular URL is accessed). Calling the API inside simpleSPA.html fails because token is undefined. I have monitored the requests in fiddler and noticed only one GET request to /common/oauth2/authorize where response_type is id_token:
GET /common/oauth2/authorize?response_type=id_token&client_id=[client_id]&redirect_uri=[url that returns simplspa.html]&state=[state id]&client-request-id=[request id]&x-client-Ver=1.0.17&nonce=893886e6-4042-4059-9dc7-ae8acf2af792 HTTP/1.1
When I run the same page on localhost, I see 2 requests: First I see GET request to /common/oauth2/authorize where response_type is id_token.
And second is GET request to /common/oauth2/authorize where response_type is token
GET /common/oauth2/authorize?response_type=token&client_id=[client id]&resource=[resource]&redirect_uri=[url that returns simplespa.html]&state=[state id]&client-request-id=[client request id]&prompt=none&login_hint=testuser.domain***.onmicrosoft.com&domain_hint=[domain] HTTP/1.1
I verified that both access tokens and id tokens are enabled for client app on Azure. So my goal is to understand the reason why running the page locally leads to retrieving the access token. It would be good to know conditions that prevent from getting the access token in the scenario I described. Thank you in advance for any ideas that would help me to investigate this issue!
