Implement redirect bridge to support COOP #8118
Conversation
…OP scenario - Update COOP sample to mock authorize and token endpoints
…OP scenario - Update COOP sample to mock authorize and token endpoints
…OP scenario - Update COOP sample to mock authorize and token endpoints
…O scenarios. - Update COOP sample with additional SSO functionality
…O scenarios. - Update COOP sample with additional SSO functionality
- Update config params. - Add bridge error description.
# Conflicts: # lib/msal-browser/apiReview/msal-browser.api.md # lib/msal-browser/src/interaction_client/PopupClient.ts # lib/msal-browser/src/interaction_client/SilentIframeClient.ts # lib/msal-browser/src/interaction_handler/SilentHandler.ts # lib/msal-browser/test/interaction_client/SilentIframeClient.spec.ts
konstantin-msft
changed the title
- Add redirect-bridge config to package.json
- Remove redundant "cleanPopup" function
…tication-library-for-js into popup_coop_support
…tication-library-for-js into popup_coop_support
- Update isInPopup function to check for API type in state
- Add more tests
|
|
||
| #### How It Works | ||
|
|
||
| 1. **Main application**: Your COOP-enabled application initiates authentication using `loginPopup()`, `ssoSilent()`, or `loginRedirect()` |
There was a problem hiding this comment.
Again non blocking comment: Visual helps. We can use mermaid which is super fast to generate visuals and can checkin the source code.
There was a problem hiding this comment.
Added visuals to express and react-router samples. Links and additional docs are located in login-user.md
| 3. **Authentication flow**: The authority page completes the OAuth flow and receives the auth response | ||
| 4. **Response handling**: The redirect page uses the new `broadcastResponseToMainFrame()` function which: | ||
| - For **popup/silent flows**: Broadcasts the response to the main window via BroadcastChannel API | ||
| - For **redirect flows**: Navigates to your application's home page with the auth response |
There was a problem hiding this comment.
Navigate to page where the acquireTokenRedirect is initiated from correct?
There was a problem hiding this comment.
Updated doc
| this.removeTemporaryItem(key); | ||
| } else { | ||
| throw createBrowserAuthError( | ||
| BrowserAuthErrorCodes.interactionInProgress |
There was a problem hiding this comment.
Shouldn't we warn folks that if this happens every time they try interaction, they should allowOverride?
There was a problem hiding this comment.
I don't think so. This is supposed to be used as a last resort in case user closed popup window.
| userInputSystem?.loadFrameTimeout || DEFAULT_POPUP_TIMEOUT_MS, | ||
| iframeHashTimeout: | ||
| userInputSystem?.loadFrameTimeout || DEFAULT_IFRAME_TIMEOUT_MS, | ||
| popupBridgeTimeout: |
There was a problem hiding this comment.
I am curious why we have two timeouts. Is it because we want to keep the iframe timeout smaller?
There was a problem hiding this comment.
Silent timeout is always shorter because it does not require user interaction
Co-authored-by: Sameera Gajjarapu <sameera.gajjarapu@microsoft.com>
Co-authored-by: Thomas Norling <thomas.norling@microsoft.com>
Co-authored-by: Thomas Norling <thomas.norling@microsoft.com>
Co-authored-by: Thomas Norling <thomas.norling@microsoft.com>
Co-authored-by: Thomas Norling <thomas.norling@microsoft.com>
Co-authored-by: Thomas Norling <thomas.norling@microsoft.com>
- Fix unit tests
- Fix formatting
…tication-library-for-js into popup_coop_support
This pull request introduces a new "redirect bridge" feature to the MSAL Browser and Common libraries, aimed at improving support for Cross-Origin Opener Policy (COOP) scenarios. It adds new error codes, configuration options, and documentation to guide users on integrating the redirect bridge for authentication flows. The changes also update the build system to package and distribute the bridge scripts. Below are the most important changes grouped by theme:
Redirect Bridge Feature Implementation
package.jsonandrollup.config.js. [1] [2] [3] [4]API and Configuration Updates
redirectBridgeTimeout,redirectBridgeEmptyResponse,interactionInProgressOverridden) and updated the API surface inmsal-browser.api.md. [1] [2] [3] [4]popupBridgeTimeout,iframeBridgeTimeout) to replace previous timeout settings for popup and iframe interactions. [1] [2]overrideInteractionInProgresstoPopupRequestto allow overriding in-progress interactions.Public API Additions
waitForBridgeResponseandcancelPendingBridgeResponsefor managing bridge communication. [1] [2] [3]Documentation Enhancements
docs/errors.mdto document new error codes, describe the redirect bridge workflow, troubleshooting steps, and integration guidance for the bridge script. [1] [2] [3]General Maintenance
These changes collectively improve authentication reliability in COOP environments and provide clear guidance for developers integrating MSAL with modern browser security policies.