SSOSilient isn't working

[luke-nguyen-ams]

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.24.0

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

2.1.0

Public or Confidential Client?

Public

Description

While integrating my website into a parent website that uses Azure B2C, I encountered an issue when attempting Single Sign-On (SSO). After successfully logging into the parent website, I posted a message to an iframe containing the active account. However, when trying to authenticate using the SSOSilent method with loginHint and the active account, an error was thrown:

InteractionRequiredAuthError: interaction_required: AADB2C90077: User does not have an existing session and request prompt parameter has a value of 'None'

The error indicates that the user does not have an existing session, although they are already logged into the parent website. I expected the session to persist across iframes for seamless SSO, but this seems to require interaction despite the prompt parameter being set to 'None.'

With SID, i saw it is not available with B2C: #1935

Here is my code in Iframe website:

const ssoSilent = async (account: AccountInfo): Promise<string> => {
   try {
     await instance.acquireTokenRedirect({
       scopes: MicrosoftGraphAuth.GetLoginRequest().scopes,
       account: account,
     });
     const result = await instance.ssoSilent({
       scopes: ['client_id', 'offline_access', 'openid'],
       loginHint: account.username,
     });
     const {accessToken} = result;
     localStorage.setItem('accessToken', JSON.stringify(accessToken));
     return accessToken;
   } catch (error) {
     console.log('error acquire token silent', error);
     instance.clearCache();
   }
};

Docs: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/iframe-usage.md#single-sign-on

Error Message

InteractionRequiredAuthError: interaction_required: AADB2C90077: User does not have an existing session and request prompt parameter has a value of 'None'.
Correlation ID: 2fc57a11-158f-476a-8ce4-18843fb12fe6

MSAL Logs

No response

Network Trace (Preferrably Fiddler)

• Sent
• Pending

MSAL Configuration

const msalConfig: Configuration = {
      auth: {
        clientId: 'eadcd102-392c-45a3-xxxxxx-xxxxxxxxxx',
        authority: 'https://xxxxxxx.b2clogin.com/amsb2cdera.onmicrosoft.com/B2C_1_signup',
        redirectUri: 'http://localhost:8080/oauth2/microsoft/callback',
        knownAuthorities: ['xxxxxxx.b2clogin.com'],
      },
      cache: {
        cacheLocation: 'localStorage', 
      },
    };

Relevant Code Snippets

const iframe: any = document.getElementById('child-iframe')
iframe?.contentWindow?.postMessage(accounts[0], '*')

Reproduction Steps

1. Logged in Parent website
2. Parent website call postMessage() send data to iframe (https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage)
3. Got error when use instance.ssoSilent()

Expected Behavior

ssoSilent successfully

Identity Provider

Azure B2C Custom Policy

Browsers Affected (Select all that apply)

Chrome, Firefox, Edge, Safari, Other

Regression

"@azure/msal-browser": "3.24.0" and "@azure/msal-react": "2.1.0",

Source

External (Customer)

[sameerag]

This is something the B2C team can answer, we do not yet custom brokering scenarios from MSAL JS. Please raise a ticket with B2C team here.

[microsoft-github-policy-service]

@luke-nguyen-ams This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.