Microsoft-authentication-library-for-js: Error throws when creating msal instance at a third party cookie disabled broswer

Hi @XingyangHuang . We're unable to reproduce this with Chrome in an Incognito window with third-party cookies disabled. Do you have any additional privacy settings enabled that would prevent access to sessionStorage?

MSAL requires either localStorage or sessionStorage, but we are looking into allowing application to provide custom storage options which would be available in future versions of msal-browser.

Hi,
I don't have special additional privacy setting for the sessionStorage.
Did you tried that with Iframe a page which in a different domain?
For me the error can be reproduce like:

1. first page in domain a, have msal running,
   2, second page in domain b, private window, third-party cookie disabled, have page a running in its iframe.

I would suggest that if you can have the try-catch around whenever the window is trying to access sessionStorage/ localStorage, in this case the msal won't throw in that case...

@XingyangHuang could you provide the version of Chrome that you are using? Thanks!

@XingyangHuang and @technical-boy We are experiencing the same issue in the latest production build 2.1.0. We have a Canvas app in Salesforce (an iframe) which tries to authenticate the user using MSAL, but session and local storage are blocked when 3rd party cookies are blocked. With our migration to MSAL we expected to mitigate all 3rd party blocking issues, but now this presents a blocker for us in production. Right now the only advice we can give our client base is to allow 3rd party cookies which won't fly for much longer as the security landscape is changing rapidly. Please advise.

@technical-boy we are using version 84.0.4147.125 (Official Build) (64-bit).
Thanks.

@dsm0880 the current solution for us is to get a try-catch around when trying to creating the msal incident so we won't throw... but for totally fix it should requires the msal code change..

@XingyangHuang What do you do instead when the error is caught? The error is coming within MSAL, do you branch their code and deal with the try catch directly inside MSAL? If not and you are catching the error and handling in your code, what are you doing to handle?

@dsm0880 not, we just using the try/catch over our code when trying to create msal indecent, and return undefined if it is not able to be created

Thanks for the information, we're on fixing this, should be available in next version of MSAL.js v2.

Thanks for the update @jasonnutter! Can you confirm if the fix you mentioned will cover both SessionStorage and LocalStorage options if they are blocked with a Access is denied for this document error?

Thanks for the update @jasonnutter! Can you confirm if the fix you mentioned will cover both SessionStorage and LocalStorage options if they are blocked with a Access is denied for this document error?

Yes.

This issue has not seen activity in 14 days. It will be closed in 7 days if it remains stale.

This issue has not seen activity in 14 days. It will be closed in 7 days if it remains stale.

Is there a new ETA on the fix getting merged in for release?