We have a site developed using Angular 7 and it uses Adal-Angular4 library for Azure Active Directoty authentication. When the site is browsed in safari on iPhone, it runs into below error.
Error: AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).
When Prevent Cross-Site Scripting option of Safari browser is off then authentication gets through fine. We also observed that in Chrome browser on one of the Samsung Galaxy S8+ phones this issue occurs. Any idea what exactly is the reason for this issue and what are the ways to remediate it.
On top of what "Raghavendra- MSFT Identity" mentioned in his answer (possible resolution #2), we managed to get it working by catching the error of acquireToken call and then acquiring token using acquireTokenRedirect call. It adds up one more redirection but does the job. Please note that either with ADAL or MSAL v1, this is the only option I found from whatever research I could do. MSAL v2 i.e. @azure/msal-browser package specifically which is based on OAuth 2.0 Authorization Code Flow with PKCE eliminates any need of third-party cookies and can be an appropriate option; however, it is currently under Beta so it would take some more time before it can be used for production code.