changed from redirect to popup MSAL auth

2025-10-24 07:30:51 -05:00 · 2025-10-24 07:30:51 -05:00 · d00a3b517d
commit d00a3b517d
parent 98cf5e396b
1 changed files with 48 additions and 11 deletions
--- a/index.html
+++ b/index.html
@ -592,6 +592,9 @@
      <div class="logo">🛡️</div>
      <h1>Oliver Compliance Hub</h1>
      <p>Please sign in with your Microsoft account to access the compliance chat assistant.</p>
+      <p id="iframeNotice" style="font-size: 13px; color: #f59e0b; margin-bottom: 15px; display: none;">
+        ℹ️ Running in SharePoint. A popup window will open for authentication.
+      </p>
      <button class="auth-button" onclick="signIn()">
        <span>🔐</span>
        <span>Sign in with Microsoft</span>
@ -662,20 +665,34 @@
  </div>

  <script>
+    // Check if running inside iframe
+    const isInIframe = window.self !== window.top;
+    console.log('Running in iframe:', isInIframe);
+
+    // Show iframe notice if applicable
+    if (isInIframe) {
+      const iframeNotice = document.getElementById('iframeNotice');
+      if (iframeNotice) {
+        iframeNotice.style.display = 'block';
+      }
+    }
+
    // MSAL Configuration for Microsoft SSO with PKCE flow
+    // Using popup mode for iframe compatibility
    const msalConfig = {
      auth: {
        clientId: "9079054c-9620-4757-a256-23413042f1ef",
        authority: "https://login.microsoftonline.com/e519c2e6-bc6d-4fdf-8d9c-923c2f002385",
-        redirectUri: "http://localhost:8888/compliance-hub/",
-        navigateToLoginRequestUrl: true
+        redirectUri: "https://ai-sandbox.oliver.solutions/compliance-hub/",
+        navigateToLoginRequestUrl: !isInIframe // Disable navigation in iframe
      },
      cache: {
-        cacheLocation: "localStorage", // or "sessionStorage"
-        storeAuthStateInCookie: false
+        cacheLocation: "sessionStorage", // Use sessionStorage for iframe compatibility
+        storeAuthStateInCookie: true // Store in cookies for cross-tab support
      },
      system: {
        allowNativeBroker: false, // Disables WAM Broker
+        allowRedirectInIframe: false, // Explicitly disable redirects in iframe
        loggerOptions: {
          loggerCallback: (level, message, containsPii) => {
            if (containsPii) return;
@ -699,8 +716,13 @@
    let currentAccount = null;

    msalInstance.initialize().then(() => {
-      // Handle redirect response after login
-      return msalInstance.handleRedirectPromise();
+      // Only handle redirects if NOT in iframe
+      if (!isInIframe) {
+        return msalInstance.handleRedirectPromise();
+      } else {
+        // In iframe, skip redirect handling and just check for existing accounts
+        return Promise.resolve(null);
+      }
    }).then((response) => {
      if (response) {
        currentAccount = response.account;
@ -721,13 +743,27 @@
      disableChatInterface();
    });

-    // Sign In function using redirect with PKCE
+    // Sign In function using popup (works in iframe)
    async function signIn() {
      try {
-        await msalInstance.loginRedirect(loginRequest);
+        console.log('Starting login with popup...');
+        const response = await msalInstance.loginPopup(loginRequest);
+        if (response) {
+          currentAccount = response.account;
+          updateUIForSignedInUser(currentAccount);
+          console.log('Login successful!');
+        }
      } catch (error) {
        console.error("Login error:", error);
-        alert("Login failed: " + error.message);
+
+        // Better error handling for iframe/popup issues
+        if (error.errorCode === 'popup_window_error' || error.errorCode === 'empty_window_error') {
+          alert('Popup was blocked. Please allow popups for this site and try again.\n\nОкно авторизации было заблокировано. Пожалуйста, разрешите всплывающие окна для этого сайта и попробуйте снова.');
+        } else if (error.errorCode === 'user_cancelled') {
+          console.log('User cancelled login');
+        } else {
+          alert("Login failed: " + error.message + "\n\nError code: " + (error.errorCode || 'unknown'));
+        }
      }
    }

@ -835,8 +871,9 @@
        const response = await msalInstance.acquireTokenSilent(request);
        return response.accessToken;
      } catch (error) {
-        console.warn("Silent token acquisition failed, using redirect");
-        await msalInstance.acquireTokenRedirect(request);
+        console.warn("Silent token acquisition failed, using popup");
+        const response = await msalInstance.acquireTokenPopup(request);
+        return response.accessToken;
      }
    }