It it possible to get single sign-on for my application when already authenticated to AzureAD?
Prossible flow:
Next time i use my application if i got a valid cookie i'm not redirected to microsoftonline.com and can start using my app directly.
In short, I would like to get to the callback without displaying the popup for the end user:
var userAgentApplication = new Msal.UserAgentApplication("your_client_id", null, function (errorDes, token, error, tokenType) {
// this callback is called after loginRedirect OR acquireTokenRedirect (not used for loginPopup/aquireTokenPopup)
})
userAgentApplication.loginPopup(["user.read"]).then( function(token) {
var user = userAgentApplication.getUser();
if (user) {
// signin successful
} else {
// signin failure
}
}, function (error) {
// handle error
});
If specify the tenant and only one user is signed into azure ad before , you could directly sign into your app if prompt=none(by default) . You can't achieve that with MSAL.JS , refer to source code of MSAL.JS :
var urlNavigate = authenticationRequest.createNavigateUrl(scopes) + "&prompt=select_account" + "&response_mode=fragment";
It will set prompt=select_account will redirect user to select account page . If you are using Azure AD accounts and just want to login a specific tenant , you could try ADAL.JS (will not force prompt=select_account). If that is a multi-tenant app(use common instead of tenant id ) , you can't avoid user selecting page with azure ad v2.0 endpoint .
Notice :If the user is signed into azure ad with multiple accounts , you can't avoid user selecting page , that is by design , user should has the opportunity to choose which account he or she wants to use for signing into the application .