Microsoft-authentication-library-for-js: acquire token on IOS Safari

Support for auth-code flow in the browser, with some server features will be the solution for this. @pkanher617 just released an alpha branch for auth-code support in the browser, we are hoping that by March (this quarter) we will have a better handle on ITP issues (safari).

Hope this clarifies.

Support for auth-code flow in the browser, with some server features will be the solution for this. @pkanher617 just released an alpha branch for auth-code support in the browser, we are hoping that by March (this quarter) we will have a better handle on ITP issues (safari).

Hope this clarifies.

so meanwhile, no support for iPhone Safari at all?

@daniel-codeoasis Due to issues with ITP, the current version of msal (1.2.1) will not work completely with Safari when the ITP updates are put into place. As @sameerag pointed out, when we have the auth-code support available in March, we hope to address these issues. Sorry for any inconveniences!

As the link you posted shows, you can try the workaround to uncheck "Prevent cross-site tracking", which should allow you use any popup or redirect flows and renew tokens using acquireTokenSilent. This should also be available for iPhone users. If you are still seeing issues, could you please post a snippet of the code you are running?

The alpha of the auth-code flow in the browser is available in npm (msal-browser), and is expected to work in Safari OOTB when we go to beta. Currently, it is only available on CORS-disabled browsers, and I haven't found a way to disable CORS on mobile Safari.

@daniel-codeoasis Due to issues with ITP, the current version of msal (1.2.1) will not work completely with Safari when the ITP updates are put into place. As @sameerag pointed out, when we have the auth-code support available in March, we hope to address these issues. Sorry for any inconveniences!

As the link you posted shows, you can try the workaround to uncheck "Prevent cross-site tracking", which should allow you use any popup or redirect flows and renew tokens using acquireTokenSilent. This should also be available for iPhone users. If you are still seeing issues, could you please post a snippet of the code you are running?

The alpha of the auth-code flow in the browser is available in npm (msal-browser), and is expected to work in Safari OOTB when we go to beta. Currently, it is only available on CORS-disabled browsers, and I haven't found a way to disable CORS on mobile Safari.

but I can't prompt my users to change their browsers settings...
and without acquiring token the library can't be used in iPhone at all.
so, no solution until March?

sadly but it's sort of blocker for entire library usage

do we have any updates on the issue? I've been looking into it pretty heavily and haven't found any solutions that work.

When will we be able to use B2C with safari?

Any update on this issue? This is kinda critical if MSAL does not work correctly on iOS and MacOS devices...

See #1000 for updates on the next version of MSAL.js, which will switch to the Auth Code Flow, which will mitigate issues caused by Safari ITP in most scenarios. It is also available in beta on npm: https://www.npmjs.com/package/@azure/msal-browser

@daniel-codeoasis @msardi23 @kemins @loganabsher @azure/msal-browser v2.0.0-beta.2 is currently on npm, please try it out and let me know if you have any issues with Safari usage.

@MathieuDWeill We are hoping to have B2C support available before the end of this month, and hopefully before we release v2.0.0 fully. Please keep an eye out for new releases and docs updates for B2C.

This issue has not seen activity in 14 days. It may be closed if it remains stale.

@daniel-codeoasis @msardi23 @kemins @loganabsher @azure/msal-browser v2.0.0-beta.2 is currently on npm, please try it out and let me know if you have any issues with Safari usage.

thanks for the updates, rally happy, someone is looking:)

will wait till @azure/msal-angular adopts @azure/msal-browse.
Strange why no one from top management realizes the impact of not working authentication solutions and overall reputation losses.

it's 2020 outside and there is no built-in Microsoft solution fo the authentication with its own platform, really??? What might be a higher priority if authentication is not working??
We can talk until cows go home, but it's complete madness.

@kemins I understand your frustration with ITP. We are definitely aware of the impact that ITP (and similar privacy protection features) has on our customers, which is why we are working across both the library and server teams to deliver authentication solutions that secure your applications without compromising privacy or security (and this work is very high priority within Identity).

Is there a time frame for this yet? It's not possible to use ADB2C without it on iOS and Mac and we can't launch without it.

There are any update on it? It's kind of a blocker for me -_-. If someone knows a way to use it with reactjs let me know please :D