This repository has been archived by the owner. It is now read-only.
This repository has been archived by the owner. It is now read-only.
Note on B2C usage with msal js #49
Description
msal jssupports B2C flows foracquireTokenSilentbut with certain conditions due to the manner in which B2C policies can manifest certain UI patterns.- An interaction is mandated for any initial login and once a session is established and a token can be acquired silently, the use case is straight forward and supported.
- Some policies like
edit-profileby default would need interaction and callingacquireTokenSilentwhich renders a hidden iframe is blocked by the B2C service withx-frame-optionsset todeny
We did some testing with our sample and have generated the below table:
| Policy | Status with Sample | acquireTokenSilent |
|---|---|---|
| SignupSignIn (SUSI) - V2 | works as expected | Supported |
| Password Reset - V2 | X-frame-options deny | Not supported |
| SignIn - V2 | works as expected | Supported |
| Profile Edit | X-frame-options deny | Not supported |
| SignUp - V2 | works as expected for interactive calls | Not supported |
It is possible that some IDPs are being called for silent calls where interaction is needed and B2C service is blocking the frame. We are investigating to improve this experience and throw proper errors for now but the above table can be used as a reference as we stabilize B2C experience in our samples for all policies.