Have an Outlook add-in that uses the dialog API to prompt the user via MSAL-JS for Graph API access. It works in Safari on Mac, Edge on Mac, Chrome on Mac, FF on Mac, and 100% from any Windows client or browser. However, on Mac Outlook (new or legacy), when using dialog API to open the window where MSAL redirect occurs, the result is always "USER_INTERACTION_REQUIRED" when trying to call ssoSilent first.
In a working client (Windows Outlook for example), if the token needs a refresh, the dialog briefly appears, ssoSilent does its thing and then the dialog disappears. But on Mac Outlook and only in Mac Outlook, this dialog fails ssoSilent and the code then defaults to a full interactive log-in. This is very annoying to the Mac Outlook users of my add-in. Is this a known issue? Why would this only happen on Mac Outlook? And are there any suggestions to overcome this?
Solved, the issue is clientCapatilities on MSAL:
auth: { clientCapabilities: ["CP1"] }
The second is SCOPES. This might not have anything to do with it but they did not appear in the trace on Mac, so I explicitly added these scopes to the request:
"email", "profile", "offline_access"
Once I did this, the frequent logins in Windows and the forced MFA (USER_INTERACTION_REQUIRED) on Mac went away.