You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/develop/v2-conditional-access-dev-guide.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ manager: CelesteDG
8
8
9
9
ms.author: ryanwi
10
10
ms.reviewer: jmprieur, saeeda
11
-
ms.date: 02/11/2020
11
+
ms.date: 02/25/2020
12
12
ms.service: active-directory
13
13
ms.subservice: develop
14
14
ms.custom: aaddev
@@ -152,17 +152,17 @@ If the app is using the MSAL library, a failure to acquire the token is always r
152
152
153
153
In this scenario, we walk through the case when we have a single-page app (SPA), using MSAL.js to call a Conditional Access protected web API. This is a simple architecture but has some nuances that need to be taken into account when developing around Conditional Access.
154
154
155
-
In MSAL.js, there are a few functions that obtain tokens: `login()`, `acquireToken(...)`, `acquireTokenPopup(…)`, and `acquireTokenRedirect(…)`.
155
+
In MSAL.js, there are a few functions that obtain tokens: `loginPopup()`, `acquireTokenSilent(...)`, `acquireTokenPopup(…)`, and `acquireTokenRedirect(…)`.
156
156
157
-
*`login()` obtains an ID token through an interactive sign-in request but does not obtain access tokens for any service (including a Conditional Access protected web API).
158
-
*`acquireToken(…)` can then be used to silently obtain an access token meaning it does not show UI in any circumstance.
157
+
*`loginPopup()` obtains an ID token through an interactive sign-in request but does not obtain access tokens for any service (including a Conditional Access protected web API).
158
+
*`acquireTokenSilent(…)` can then be used to silently obtain an access token meaning it does not show UI in any circumstance.
159
159
*`acquireTokenPopup(…)` and `acquireTokenRedirect(…)` are both used to interactively request a token for a resource meaning they always show sign-in UI.
160
160
161
-
When an app needs an access token to call a Web API, it attempts an `acquireToken(…)`. If the token session is expired or we need to comply with a Conditional Access policy, then the *acquireToken* function fails and the app uses `acquireTokenPopup()` or `acquireTokenRedirect()`.
161
+
When an app needs an access token to call a Web API, it attempts an `acquireTokenSilent(…)`. If the token session is expired or we need to comply with a Conditional Access policy, then the *acquireToken* function fails and the app uses `acquireTokenPopup()` or `acquireTokenRedirect()`.
162
162
163
163
164
164
165
-
Let's walk through an example with our Conditional Access scenario. The end user just landed on the site and doesn’t have a session. We perform a `login()` call, get an ID token without multi-factor authentication. Then the user hits a button that requires the app to request data from a web API. The app tries to do an `acquireToken()` call but fails since the user has not performed multi-factor authentication yet and needs to comply with the Conditional Access policy.
165
+
Let's walk through an example with our Conditional Access scenario. The end user just landed on the site and doesn’t have a session. We perform a `loginPopup()` call, get an ID token without multi-factor authentication. Then the user hits a button that requires the app to request data from a web API. The app tries to do an `acquireTokenSilent()` call but fails since the user has not performed multi-factor authentication yet and needs to comply with the Conditional Access policy.
0 commit comments