Azure AD integration with launchWebAuthFlow

[Levente Szabó]

Hello,

I'm using the Implicit Grant OAuth flow.

The sign in request works great with the following code:

chrome.identity.launchWebAuthFlow(
{
    url: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize?' +
        'response_type=token' +
        '&response_mode=fragment' +
        `&client_id=${adClientId}` +
        `&redirect_uri=${redirectUrl}` +
        '&scope=Mail.Read' +
        `&state=${state}`,
    interactive: true
},
function (redirect_url) { // ...});

This gives me a short-lived access token, so a silent refresh must be implemented according to this flow.

Silent refresh:

chrome.identity.launchWebAuthFlow(
{
    url: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize?' +
        'response_type=token' +
        '&response_mode=fragment' +
        `&client_id=${adClientId}` +
        `&redirect_uri=${redirectUrl}` +
        '&scope=Mail.Read' +
        '&prompt=none' + // this parameter ensures that there is no need for user interaction
        `&state=${state}`,
    interactive: false
},
function (redirect_url) { // ... });

However this gives me "User interaction required." error. When I set "interactive: true", the silent refresh completes fine.

The AD uri does not redirects immediately, even with "prompt=none", it first loads the page and redirects the browser programatically from JS.

I appreciate any help. Has anybody integrated Azure AD in a Chrome extension? Is there any workaround using the identity API?