Hello,
I am currently using a React app which uses MSAL.js to authenticate with an Apple Identity Provider I have registered in Azure B2C. I have based my implementation on a guide, it won't let me link it for some reason but search online for: 'Post-GA Revisit of “Sign In with Apple” for Azure AD B2C'.
Everything is working with the exception of the access token request, which I try to acquire silently after sign in. I am currently getting an X-Frame Deny error that is occurring in the iFrame msal.js uses and it falls back to a redirect which asks the user to login again (not a great user experience) and then it works.
My two questions are:
Refused to display 'https://appleid.apple.com/auth/authorize?client_id=com.my.clientid&redirect_uri=https://myb2ctenant.b2clogin.com%2foauth2%2fauthresp&response_type=code&scope=email&response_mode=form_post&nonce=nonce&state=StateProperties%3drandomCharshere' in a frame because it set 'X-Frame-Options' to 'deny'.
2. Is there some type of login_hint I can pass to the hidden iFrame? Typically this issue is circumvented with other identity Providers by doing this. I have tried passing in the user's email and sub claim as hints (as best I could but there is no documentation indicating if this is possible or what the endpoint expects).
Thanks in advance.
I am currently using a React app which uses MSAL.js to authenticate with an Apple Identity Provider I have registered in Azure B2C. I have based my implementation on a guide, it won't let me link it for some reason but search online for: 'Post-GA Revisit of “Sign In with Apple” for Azure AD B2C'.
Everything is working with the exception of the access token request, which I try to acquire silently after sign in. I am currently getting an X-Frame Deny error that is occurring in the iFrame msal.js uses and it falls back to a redirect which asks the user to login again (not a great user experience) and then it works.
My two questions are:
Is what I am doing even possible with Sign in with Apple? (Implicit grant flow using the hidden iFrame technique). I haven't found much documentation on this subject. I'm wondering if perhaps Apple is preventing the page below from being displayed in an iFrame at all.
Refused to display 'https://appleid.apple.com/auth/authorize?client_id=com.my.clientid&redirect_uri=https://myb2ctenant.b2clogin.com%2foauth2%2fauthresp&response_type=code&scope=email&response_mode=form_post&nonce=nonce&state=StateProperties%3drandomCharshere' in a frame because it set 'X-Frame-Options' to 'deny'.
2. Is there some type of login_hint I can pass to the hidden iFrame? Typically this issue is circumvented with other identity Providers by doing this. I have tried passing in the user's email and sub claim as hints (as best I could but there is no documentation indicating if this is possible or what the endpoint expects).
Thanks in advance.