Comments (5)
We have added the popUp support in 1.0.12. Set popUp: true
in config to enable logging in using pop up. We will update our samples soon to reflect that.
from azure-activedirectory-library-for-js.
Can you provide an example of logging in using PopUp in Iframe for angular 2+?
from azure-activedirectory-library-for-js.
Today Azure AD does not allow the credential gathering UX to be hosted in an iFrame, for security reasons. This is very unlikely to change anytime soon, and without that ability it would be pretty hard to achieve a popup behavior. On mobile platforms, a top use case, popping out another browser window would also be impractical... about the placement of the id_token, that follows the oauth/openid connect specs and is meant to ensure that the token will be delivered to the user agent but not the server.
from azure-activedirectory-library-for-js.
Oh, I see. Thanks for quick response! I'll close this one then.
from azure-activedirectory-library-for-js.
Now that ADAL.js v1 is out and the ground work of getting implicit grant flow working is done and developers looking to use this authentication flow are unblocked is there any chance this issue would be re-opened for the next version? Or if not, maybe a timeline of when this would happen if ever?
I would guess for the next version of ADAL the main goal is to refine the library and make it as simple to integrate and use as possible. As seen in the explanation above, enabling the login page to be loaded in a separate frame can reduce the surface area of your library to one call which returns a promise and that is about as ideal as you can get. From my experience with twitter and facebook libraries, the mobile browsers automatically handle this scenario and will force the popup to be frameless so it appears naturally.
I'm not familiar with the security reasons for not allowing the login page to be in iframe. I thought it allows people to use the login page in ways that are non-uniform and malicious people could try to spoof the UI and trick users to enter credentials into a 'fake' login page with similar look at feel, but perhaps there are more serious reasons preventing this feature.
from azure-activedirectory-library-for-js.
Related Issues (20)
- adal login failed on SharePoint Document library HOT 2
- AADSTS50058: Silent Sign-in fails on Safari browser in Angular 7 app HOT 3
- Is there any work is happening to solve Samesite cookie issue fro google chrome browser? HOT 3
- Questions regarding SameSite Chrome 80 Issue HOT 3
- [Help wanted] Redirect flow + react-router HOT 1
- After blocking third party cookies in the browser, browser treating login.microsoftonline.com as third party cookies and blocking it. HOT 4
- Requesting an $on alert when a token is refreshed to update app headers appropriately. HOT 2
- Login with client secret HOT 1
- Resource Owner Password Credential Grant in browser HOT 1
- Infinite loop when unauthorized user tries to access page (authorization via adal-angular) HOT 1
- localStorage doesn't get update
- Acquire token silently fails when MFA code is required HOT 1
- Support for `/oauth2/v2.0/authorize` HOT 3
- After migrating from 0.x to 1.x msal can't get token from URL HOT 1
- after some time redirected to 'The reply URL specified in the request does not match' HOT 1
- CDN Links from the README don't work HOT 3
- SAML Support ? HOT 1
- Optimize for better minification HOT 1
- Verifying signature of JWT issued by Azure AD HOT 4
- Can ADAL.js point to v2.0 endpoints HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azure-activedirectory-library-for-js.