Microsoft-authentication-library-for-js: acquireTokenSilent failing when Browser is blocking Third Party Cookies
After the login to our SPA we trigger acquireTokenSilent failed. That works well on Chrome, but Firefox and EDGE are failing with an error:
MSAL Info Error :interaction_required; Error description:
AADB2C90077: User does not have an existing session and request prompt
parameter has a value of 'None'.
Seems like security issue of not saving cookies, because when I enable Third Party Cookies (Visited sites) Firefox starts working.
baltuonis
All 4 comments
Can we add a check inside the library to see if 3rd party cookies are enabled or not.
At the moment we need to do that check on our own implementing 1 more endpoint
baltuonis
on 26 Jun 2018
This is getting even more an issue with WebKit's Intelligent Tracking Prevention 2.0 (Safari on macOS and iOS), where Third Party Cookies may get blocked without the user noticing.
Silent Authentication (i.e., token renewal without redirect) is not possible without Third Party Cookies. For Single Page Applications and short Access Tokens TTLs this is a problem.
I'm not sure if using the popup method as a fallback is better, as popups are also seen as third party by ITP 2.0...
nicokaiser
on 27 Sep 2018
Well to mitigate this problem we implemented Third Party Cookie check in our authentication service.
In case 3PC fails, in order to fetch an accessToken, we show the user a popup informing about the problem and invoking acquireSilentRedirect.
After that app works fine
However WebKit's Intelligent Tracking Prevention 2.0 sounds a bit scary
baltuonis
on 27 Sep 2018
@nicokaiser @baltuonis we can't add the check in our library to check if third party cookies are blocked. This should be done on the app developer side. Closing this issue.
nehaagrawal
on 16 Nov 2018
Related issues
lecaillon
路
3Comments
Anees-Raja
路
3Comments
Calamari
路
3Comments
ed-ilyin
路
4Comments
sameerag
路
3Comments