Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Make adal.js working within an iFrame sandboxed environment #129
This is more a feature request, an enhancement, than an issue. Actually, I think adal.js should be working when embedded within an html5 sandboxed iframe.
Wait! this is not as stupid as it looks because sandboxed iframe is the runtime environment of the new app for office model. It would be really nice to have access to the azure ad (and therefore office 365 REST API) from an office 365 app. See documentation here
Currently adal.js is not working, because of the use of window.location.replace(urlNavigate); line 361 7a5480e of adal.js
I started a sample here where I created a replication environment (that does not require office) with just a sandboxed iframe. You can view it on this remote branch on my fork.I will try to provide a fix because I need it to release my app.
Any help or thought is welcome.
Thank you very much.
added a commit
May 24, 2015
@bpatra I've been experimenting with something very similar to the workaround you describe in your blog post, but for use within Dynamics CRM Online (and without knowing about your efforts). My solution is a bit different though; I use a custom
Moreover I add an event handler in the main window (which would be loaded by Dynamics CRM in this specific use case) that listens for "get user" messages using the
I'm considering sending a pull request for this pretty minor change to adal.js - I see no reason why it should assume that the login callback always happens in the same window.
@bpatra Have a look at the gist I linked to in the PR comments - it's not a complete solution, but it shows how a central script can request user tokens using popup windows instead of the main window. Expanding on this, one could pretty easily add an event listener in the main window that embedded (iframed) apps can send user token requests to.
@bpatra In Dynamics CRM specifically,
@hitendramalviya Create a HTML web resource containing a script that reads a url from the