-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@azure/msal-angular@1.0.0-alpha.0 can't log in #1184
Comments
@jakehockey10 As noted in the message, if you use the Here's an example from the sample app: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev-angular-1.0-msal-1/samples/MSALAngularDemoApp/src/app/app.component.ts#L63 Try adding that and let me know if it works. Looks like I missed explaining this in the readme, so I'll make sure it gets added. Thanks! |
There seems to be issues with redirect flow in masl-angular/1.0.0-alpha, even in the provided sample code. When disabling useHash and using loginRedirect, the id_token in the URL is not processed after redirect. |
I added the call to |
@jakehockey10 @marqit8 I think I have an idea of what's going on, I'll work on putting a new build together and let you know when its ready, thanks! |
For more information, I can get redirect to work if I add
|
@marqit8 @jakehockey10 Please try @marqit8 Once you upgrade you can remove the specific logic you added above that called |
Login functionality is working great but I have two other potential issues, or I am misunderstanding what is supposed to happen. First, it doesn't seem like handleRedirectCallback is necessary as the hash is processed in the UserAgentApplication constructor. I am wondering, should the isAngular check stay in the UserAgentApplication constructor so that handleRedirectCallback processes the hash? Second, the documentation on navigateToLoginRequestUrl is a little vague and the source is a bit confusing. I believe this is supposed to have Angular redirect back to the page that originally triggered the loginRedirect call. This works fine, but the problem is when it is being called inside MsalGuard. The canActivate function returns false so Angular never actually changes the location.href to the route before calling loginRedirect, so it always ends up back at the redirectUri. On a related note, I have a business need to force the prompt=login query parameter in the authentication request. I started using this alpha version because msal core now has that ability. However, this doesn't help much when using MsalGuard since it handles the call to loginRedirect. I have no problem with writing my own guard, but there is so much happening with the silent refresh and such, that creating my own could cause future updates to break it. I suggest moving some of the extra code in MsalGuard into MsalService so that it can be called from a custom guard, or allow more configuration options to control the authentication request. I feel like getAccount() can handle the acquireTokenSilent call, or there should be a wrapper function that does both and returns a promise or something. It doesn't feel like the guard should be emitting broadcast events. |
@marqit8 Good questions. Some thoughts:
Thanks for the feedback! |
@jasonnutter Thanks for your response. I will just toss out my wishlist, but I understand if the changes are too significant since msal-angular is a small part of the big picture. I am sure I missed a consideration so hopefully my suggestions will at least serve as inspiration. Instead of a broadcast service (which a comment in UserAgentApplication says is pretty much only for angular), msal.service should use an Angular EventEmitter that emits something like an AuthState object that looks like this:
Anyone implementing msal-angular in their app is almost certainly creating their own auth.service that pretty much does this (most likely using RxJS's BehaviorSubject instead since it is hot). The nice thing about this approach is that the same AuthState object can be emitted over and over every time a token is silently refreshed or something. The subscribers can decide if it should take action on each emission. handleRedirectCallback would not really be needed with this event driven approach. The msal.service or UserAgentApplication constructor can handle parsing the hash and the first call to the below refreshAccount() function will build and emit the first AuthState. So for MsalGuard, here is the code that I suggest exist in MsalService:
MsalGuard would then just do this.
So now I can easily write my own guard in case I want to do something different than login. My specific business need is that instead of logging in, my app should redirect to a page with a login button, then call loginRedirect() from there. Phew, sorry for the length. Hope some of it is useful. |
@marqit8 Thanks for that insight, definitely helpful. You're right in that I don't think this is something we would address right, in order to focus on getting the new MSAL Angular version released, but is an improvement that could be made incrementally later. I'll definitely keep it in mind, thanks! |
Closing, as the main issued has been addressed. |
Hi @jasonnutter , My current package versions: |
@allen-huynh-at-dow I've actually been looking at this exact issue, planning to have a fix in the next version. |
Looking forward for a fix too, for now we are using the popup but we prefer the redirect |
@allen-huynh-at-dow @kaeh This was fixed in beta 4: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-angular/changelog.md#100-beta4 |
I still have an error :/ my package.json have
My app.module have
And i have this issue when i should be redirected
|
@kaeh can you add the snippet of code where you are calling |
That's probably where i have made a mistake, because i don't call it. By the past, when @azure/msal-angular was still in 0.0.0-alpha, i just had to declare the clientId, the redirectUri and the MsalGuard and that's all. Now it looks like i'm missing something ? But then why would the popup works and not the redirect ? |
@kaeh Currently, if you use one of the redirect methods, you are required to implement For now, you should implement that function, and the error will go away. Example: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/samples/angular8-sample-app/src/app/app.component.ts#L27 |
@jasonnutter it works, thank you :) |
I'm submitting a...
Browser:
Library version
Current behavior
Using
loginRedirect
to make login request results in the following error in the console, and not able to login.Expected behavior
Using
loginRedirect
should work byredirectCallbacksSet
being set to true on theUserAgentApplication
/MsalService
instance when the redirect callback is defined in the config object.Minimal reproduction of the problem with instructions
loginRedirect
The text was updated successfully, but these errors were encountered: