MSAL (Angular) popup login
I'm facing an issue with MSAL in Angular. I'm using the @azure/msal-angular package (version 1.1.1).
I'm working on an Angular app embedded in an ERP system (Business Central). At the moment i'm facing issues with authentication.
Below an overview of the components.
Business central is embedding the Angular app by referencing the Angular dist files from Azure blobstorage.
When logging in, there is no way the login provider can redirect back to the Angular app, since it's embedded in Business Central, and there is no public url to call a route in Angular itself when embedded.
So what I did was hosting the Angular application on a public endpoint and in the embedded app, use the external application to redirect back after authentication. I have used another library to support authentication this way, and when using a popup for authentication I redirected to a plain HTML page with a couple lines of JavaScript to retrieve the access_token / id_token from the url segments. After retrieval, I called (window.opener || window.parent).postMessage(message, "*"); to notify the parent window of the authentication result.
But now I'm having issues with MSAL. When running the Angular application just local, with redirectURL https://localhost:4200/ the authentication process works just fine. But when changing this to that external hosted Angular application (Same version) it show a popup with the application (after redirect) with JWT's in the url segments. And MSAL is not reacting on this result. I think because the domain of the popup is different than the parent window.
Is there a way to fix this (complicated) way of authentication with MSAL?
Okay, so it turns out that MSAL does not currently support CORS popup login out of the box by design since this is a potential security risk.
According to my post on GitHub this is verified. https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/2320
So I had to change things a little to make it work. Instead of embedding the application completely (natively download all application source files and appending them to elements in the ERP system), I now load the complete Angular app in an iframe on the page. This way the popup remains on the same domain as the iframe and the problem does not occur.
At first I thought it was not possible to send events from Angular to BC and vice-versa. But I was wrong. This is completely possible since you always have a parent window.
So this was the solution to my problem.
- Confirm password validation in angular
- Avoid referencing unbound methods which may cause unintentional scoping of `this` error when calling static methods
- Cannot find a differ supporting object '[object Object]' of type 'object'. NgFor only supports binding to Iterables such as Arrays
- How to Create a specific version of Angular Project using CLI?
- Angular how to use slicePipe in the new @for loop
- How to add unit tests for Signal Queries?
- Integratin CalHeatMap into Anguar app with SSR
- How to prevent the border radius from disortion when decreasing the height?
- Angular WebComponent instances is getting created multiple times
- How to use async function to await user input from onClick?
- Angular SSR complains about non-ESM modules in my Express API code
- Angular - react to changes in rxResource()
- I get "Http failure response for (unknown url): 0 Unknown Error" instead of actual error message in Angular
- Angular 17 does not post and i get an TypeError in dev console
- Angular 5 component testing select and triggered event
- How to observe touched event on Angular 2 NgForm?
- How to check whether <ng-content> is empty? (in Angular 2+ till now)
- How to accept only predefined values in an Angular @Input
- NavLink in React JS not working as expected?
- Can't modify inner content of ViewContainerRef, only adding tags after it in Angular
- Override User Agent Styling for Auto fill input fields
- Module not found: Error: Can't resolve 'class-transformer/storage' - Angular Universal / NestJs
- Angular 4 - Failed: Can't resolve all parameters for ActivatedRoute: (?, ?, ?, ?, ?, ?, ?, ?)
- How should I reference different files for different devices using Angular?
- Can't access a field of an object in TypeScript by using a variable as a name of the index unless declared as a constant
- Angular 16 Signal update doesn't update view
- class is a standalone component, which can not be used in the `@NgModule.bootstrap` array in Angular
- Is there a way to set a default value to signal's rxResource() such as signal()
- How to generate dynamic metadata from an Angular component using node js?
- Where is 'new BrowserWindow()' in Angular Electron application