Add onRedirectNavigate to redirect operations in browser

[jasonnutter]

Adds onRedirectNavigate callback from v1 (#1691).

This adds a new callback for loginRedirect, acquireTokenRedirect, and logout to allow applications to get the URL that would be navigated to, and to stop navigation. This is to support scenarios where applications want to perform the redirect themselves, instead of relying on MSAL.

Usage:

msal.loginRedirect({
  onRedirectNavigate: url => {
    // url that would be navigated to
    console.log(url);
   
     // Applications must explicitly return false to stop navigation
     return false;
  }
})

Also includes a sample Chromium extension demonstrating the usage.

TODO:

• Test with Chrome extension

[coveralls]

Coverage decreased (-2.8%) to 78.766% when pulling 4f595e8 on browser-onredirectnavigate into 182cbc4 on dev.

[tnorling]

Could you update the request docs with this new param + maybe a usage example?

[jasonnutter]

Could you update the request docs with this new param + maybe a usage example?

I will definitely add a usage example. Do we still need the standalone docs for request/response? Would be nice to have those docs fully automated (typedoc, in this case).

[tnorling]

Could you update the request docs with this new param + maybe a usage example?

I will definitely add a usage example. Do we still need the standalone docs for request/response? Would be nice to have those docs fully automated (typedoc, in this case).

I think the request docs are out of date anyway. I'm all for automating it if they're still easy to find (I don't know where the typedocs live today)

[jasonnutter]

Could you update the request docs with this new param + maybe a usage example?

I will definitely add a usage example. Do we still need the standalone docs for request/response? Would be nice to have those docs fully automated (typedoc, in this case).

I think the request docs are out of date anyway. I'm all for automating it if they're still easy to find (I don't know where the typedocs live today)

Yeah, the request/response docs are very much out of date, and so I would propose deleting them, since the typedocs will always be update to date in theory. cc: @pkanher617

Or, just have the existing markdown files just link to the typedocs.

https://azuread.github.io/microsoft-authentication-library-for-js/ref/msal-browser/

[jasonnutter]

FYI @pkanher617 this can be how apps stop the redirect from happening during logout

[tnorling]

Yeah, the request/response docs are very much out of date, and so I would propose deleting them, since the typedocs will always be update to date in theory. cc: @pkanher617

Or, just have the existing markdown files just link to the typedocs.

https://azuread.github.io/microsoft-authentication-library-for-js/ref/msal-browser/

Let's delete the docs and update the links to those docs to point to the typedocs?

[jasonnutter]

Yeah, the request/response docs are very much out of date, and so I would propose deleting them, since the typedocs will always be update to date in theory. cc: @pkanher617
Or, just have the existing markdown files just link to the typedocs.
https://azuread.github.io/microsoft-authentication-library-for-js/ref/msal-browser/

Let's delete the docs and update the links to those docs to point to the typedocs?

Done.

[bryik]

This PR closed issue #2127, but I do not see how it solves the problem described by that issue.

I guess msalInstance.logout() could be provided with an onRedirectNavigate() callback that clears local storage and prevents the logout redirect from occurring e.g.

msalInstance.logout({
  onRedirectNavigate: () => {
    window.localStorage.clear();
    window.sessionStorage.clear();
    return false;
  }
});

Is that the recommended way to logout of a specific application without logging out of all apps tied to an AAD session?

imo it would be great to have this mentioned in the logout doc. I was surprised that calling logout() in a little test app signed me out of Outlook.

[jasonnutter]

Is that the recommended way to logout of a specific application without logging out of all apps tied to an AAD session?

Yes, using onRedirectNavigate and returning false is how you can stop the logout navigation (which is what will sign you out of other applications). Note, you do not need to manually clear localStorage or sessionStorage (unless there are other non-MSAL.js things you want to remove), as MSAL.js will still clear MSAL.js entries from browser storage.

imo it would be great to have this mentioned in the logout doc. I was surprised that calling logout() in a little test app signed me out of Outlook.

Yes, I have it on my list to update that document as apart of #2546.

[bryik]

Perfect, thank you @jasonnutter!

[kireet3213]

Hey there. I set onRedirectNavigate to false with updated msal-browser and msal-react packages but I fail to authenticate the user with msalInstance.handleRedirectPromise(redirectUrl). It says that there is no redirection in progress, returning null. Is there some other way to get it authenticated in this library?