Create the msal-custom-auth package for supporting the external ID authentication (sign-in, sign-up and SSPR) #7599
Conversation
- Add msal-custom-auth to pipeline
github-actions
bot
added
the
extensions
github-actions
bot
removed
msal-angular
shenj
requested review from
hectormmg,
tnorling,
peterzenz,
sameerag,
konstantin-msft,
jo-arroyo,
lalimasharda,
shylasummers,
bgavrilMS and
Robbie-Microsoft
as code owners
shenj
changed the title
shenj
changed the title
| @@ -22,7 +22,7 @@ resources: | |||
| - repository: 1P | |||
| type: git | |||
| name: IDDP/msal-javascript-1p | |||
| ref: master | |||
| ref: custom-auth/pipeline # TODO: change back to master after pipeline is working | |||
There was a problem hiding this comment.
This change will be reverted after the ADO PR is completed.
| @@ -50,7 +54,7 @@ resources: | |||
| - repository: 1P | |||
| type: git | |||
| name: IDDP/msal-javascript-1p | |||
| ref: master | |||
| ref: custom-auth/pipeline # TODO: change back to master after pipeline is working | |||
There was a problem hiding this comment.
This change will be reverted after the ADO PR is completed.
This PR is to add support for web fallback for (sign-up, sign-in, reset password) flows. 1. Existing code already check during those flows if challenge types is `redirect `only. In this case, user could check this condition from state, and handle it. 2. By default, user could reuse the built-in `popUpLogin` from MSAL JS to continue to flow with a pop up interactively. 3. Make sure challenge type at least contains `redirect`.
| @@ -18,6 +18,7 @@ export { | |||
| } from "./app/PublicClientApplication.js"; | |||
| export { PublicClientNext } from "./app/PublicClientNext.js"; | |||
| export { IController } from "./controllers/IController.js"; | |||
| export { StandardController } from "./controllers/StandardController.js"; | |||
There was a problem hiding this comment.
Please don't add these exports, these are internal to msal-browser and are not API stable, thus not intended to be public. Let's figure out how we can enable your scenarios in a way that uses the existing public surface where possible and expose new APIs that can be properly supported where the existing APIs have gaps. Feel free to reach out if you have questions on this.
| try { | ||
| this.logger.verbose("Starting silent flow to acquire token from cache", this.correlationId); | ||
|
|
||
| const result = await silentFlowClient.acquireCachedToken(silentRequest); |
There was a problem hiding this comment.
This can be changed to <PublicClientApplication instance>.acquireTokenSilent({...silentRequest, cacheLookupPolicy: CacheLookupPolicy.AccessToken})
|
|
||
| this.logger.verbose("Starting refresh flow to refresh token", this.correlationId); | ||
|
|
||
| const refreshTokenResult = await refreshTokenClient.acquireTokenByRefreshToken(silentRequest); |
There was a problem hiding this comment.
This can be changed to <PublicClientApplication instance>.acquireTokenSilent({...silentRequest, cacheLookupPolicy: CacheLookupPolicy.RefreshToken})
| } | ||
| } | ||
|
|
||
| override async logout(logoutRequest?: ClearCacheRequest): Promise<void> { |
There was a problem hiding this comment.
Reason you can't use the existing logoutRedirect API as-is?
|
|
||
| this.logger.verbose("Getting the first account from cache.", correlationId); | ||
|
|
||
| const allAccounts = this.browserStorage.getAllAccounts(); |
There was a problem hiding this comment.
This can be changed to <PublicClientApplication instance>.getAllAccounts()
microsoft-github-policy-service
bot
added
the
Needs: Attention 👋
microsoft-github-policy-service
bot
removed
the
Needs: Attention 👋
The changes in this PR include: