TechQA.

detect if silentlogin is possible in adaljs-angular4

533 views Asked by At

I'm using the library [email protected] in a angular 6 project. I try to do following:

  1. If a silentlogin (login without prompting the user for credentials) with office365 is possible, then do a silentlogin (with _adalService.login()

  2. If a silentlogin is not possible, then show a "login" button within a welcome-screen.

A silentlogin would be possible, when I'm authenticated to azure-ad / o365 and the cookie is still valid.

To find out, if a silentlogin is possible, i tried following:

try {
  let token = await this._adal.acquireToken(this._config.clientId).toPromise();
  return true;
} catch (e) {
  console.log('acquireToken error', e);
  return false;
}

But it always returns:

User login is required

But when calling _adalService.login() it does a silentlogin.

My question: How can i find out, if adaljs can login without prompting for credentials (it should be possible, like reading it from a o365-cookie)?

angular typescript azure-active-directory adal.js microsoft-adal-angular6
Original Q&A
1

There are 1 answers

2
Cobus Kruger On

Instead of trying to determine whether silent login is available, you should pass PlatformBehavior.Auto to the PlatformParameters parameter of AcquireToken.

The problem is that adal.js doesn't actually support the needed overload and you cannot specify this value as extraQueryParameter. For a moment there, I thought you could use the prompt query parameter, but that doesn't seem to be the case.

At first glance, it seems that you can't do it then. But your error message gives the clue.

From the adal.js source code, I can see that message is shown in this condition:

if (!this._user && !(this.config.extraQueryParameter && this.config.extraQueryParameter.indexOf('login_hint') !== -1)) {
    this.warn('User login is required');
    callback('User login is required', null, 'login required');
    return;
}

And in this article, the login_hint is described like this:

Can be used to pre-fill the username/email address field of the sign in page for the user, if you know their username ahead of time. Often apps will use this parameter during re-authentication, having already extracted the username from a previous sign-in using the preferred_username claim.

... all of which makes a lot of sense when you're looking to do a silent authentication, but still need to say who you're authenticating for.

To finally answer the question, it seems you should add '[email protected]' to your config.extraQueryParameter.

Related Questions in ANGULAR

Related Questions in TYPESCRIPT

Related Questions in AZURE-ACTIVE-DIRECTORY

Related Questions in ADAL.JS

Related Questions in MICROSOFT-ADAL-ANGULAR6

Popular Questions

Trending Questions