microsoft-authentication-library-for-js/lib/msal-browser/FAQ.md at dev · AzureAD/microsoft-authentication-library-for-js

1. How to get single sign-on in my application with MSAL.js? 2. How can my application recognize a user after sign-in? How do I correlate users between applications? 3. Troubleshooting single sigon-on ** Accounts ** ... Why am I not asked for credentials when I try to log back in? 5. Why am I not signed in when returning from an invite link? 6. Why is there no access token returned from acquireTokenSilent? 7. What should I do if I believe my issue is with the B2C service itself rather than with the library **Common Issues** 1. Why is MSAL throwing an error? … ### Known Issues with Certain Browsers There are certain known issues and mitigations documented for the following browsers: - Browsers that block 3rd Party Cookies (i.e. Safari, Chrome Incognito, Firefox Private) … ## Will MSAL 2.x support B2C? MSAL.js v2 supports B2C of October 2020. ## Is MSAL.js 2.x compatible with Azure App Proxy? Unfortunately, at this time MSAL.js 2.x is not compatible with Azure App Proxy . Single-page applications will need to use MSAL.js 1.x as a workaround. We will post an update when this incompatibility has been fixed. See this issue for more information. … has resolved before invoking any other MSAL method. If your app was not loaded as a result of a redirect operation ``` handleRedirectPromise ``` will immediately return ``` null ``` . Please review one of our samples ( for instance ) to see the redirect flow in action. ## How can I support authentication with personal Microsoft accounts only? Simply set your ``` authority ``` in your MSAL app configuration to **consumers** tenant e.g. https://login.microsoftonline.com/consumers . … ## Troubleshooting Single Sign-On The following is a list of common causes for SSO failures when using MSAL Browser: ### 1. The user has blocked third-party cookies in their browser Silent SSO requires third-party cookie access so the authentication service can persist a user's session accross tabs. If third-party cookies are blocked, silent SSO will fail and interaction will be required. ### 2. There is a content security policy or HTTP header blocking the iframe from loading your redirect URI page When using ``` ssoSilent ``` , the service will attempt to load your redirect URI page in an invisible embedded iframe. Content security policies and HTTP header values present in your app's redirect URI page response, such as … ### 3. The configured redirecUri is a different origin as the calling page Because of cross-origin request limitations, in order for MSAL to have access to the hidden iframe's ``` window.location.href ``` property, the ``` redirectUri ``` configured in the ``` ssoSilent ```