带有MSAL的SPA App Azure B2C身份验证.保持用户登录 [英] SPA App Azure B2C Authentication with MSAL. Keep user logged in

问题描述

我有一个SPA应用程序(VueJS)，该应用程序将Azure B2C与MSAL结合使用来对用户进行身份验证.身份验证就可以了.

I have a SPA App (VueJS) which uses Azure B2C with MSAL to authenticate users. Authentication works just fine.

但是行不通的是，该用户没有保持登录状态.

But what does not work is, that the user is not kept logged in.

只要我使用该应用程序，一切就可以正常工作.但是，当我第二天启动我的应用程序时，我必须重新登录(或者只是重新选择我要使用的帐户)，但是我希望拥有与azure门户相同的用户体验.一个星期后，我可以重新访问门户，而不必重新登录.

As long as i use the app, everything works just fine. But when i start my app the next day i have to relogin (or just reselect the account I want to use), but I would like to have the same user experience like for example the azure portal. I can revisit the portal after one week and do not have to relogin.

我如何使用MSAL来实现此行为?这个库甚至有可能吗?该库使用隐式流.

How can i achieve this behavior with MSAL? Is this even possible with this library? The library uses the implicit flow.

在可以工作的地方还有其他图书馆吗?

Is there another library i can use where this works?

推荐答案

在回答之前...

我认为您可能需要通过查看网络跟踪工具来扩展正在发生的事情.另外，正如另一个答案所说，KMSI将有所帮助，但可能不是这里唯一的问题.我建议查看是否已设置cookie(请检查以下内容)，您的应用是否已成功获取ID，访问令牌，并在后续身份验证请求中检查此状态.

Before the answer...

I think you'll likely need to expand on what's happening by looking at a network tracing tool. Also, as the other answer said, KMSI will help but likely isn't the only problem here. I recommend looking if the cookie is being set (check below), your app is successfully getting ID, Access tokens, and check this state in subsequent auth requests.

使用MSAL.js的SSO是绝对可能的，应该在没有太多配置的情况下进行.对于实现身份验证的基于浏览器的应用程序中的某些背景，实现SSO是cookie/会话而不是令牌/令牌管理的一个因素.

SSO with MSAL.js is absolutely possible and should occur without much configuration. For some background in browser-based apps implementing authentication, achieving SSO is a factor of cookies/sessions rather than tokens/token management.

当您的单页应用将用户重定向到Azure AD B2C登录页面并且最终用户成功登录时，Azure AD将在该最终用户的浏览器中设置cookie.然后，当您的应用想要获取用户的ID令牌或访问令牌时(假设初始登录中的现有令牌已过期)，MSAL能够在后台启动静默i框架，并重定向到Azure AD具有特殊查询参数(prompt=none)的站点，并利用之前设置的cookie.

When your single page app redirects the user to the Azure AD B2C sign in page and the end user successfully signs in, Azure AD will set a cookie in the browser of that end user. Then, when your app wants to get an ID token or Access token for the user (assuming the existing one from the initial sign in is expired), MSAL is able to launch a silent i-frame in the background, redirect to the Azure AD site with special query parameters (prompt=none), and utilize the cookie that was set earlier.

这篇关于带有MSAL的SPA App Azure B2C身份验证.保持用户登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！