added incremental consent disable option (#1384)

Co-authored-by: Amrutha Srinivasan <[email protected]>
Co-authored-by: Nikola Metulev <[email protected]>

Author: 3 people

packages/providers/mgt-msal2-provider/README.md

@@ -32,6 +32,7 @@ The `@microsoft/mgt-msal2-provider` package exposes the `Msal2Provider` class wh
       sid?: string, // Session ID
       loginHint?: string,
       domainHint?: string,
+      isIncrementalConsentDisabled?: boolean, //Disable incremental consent, true by default
       options?: Configuration // msal js Configuration object
     });
     ```
@@ -54,6 +55,7 @@ The `@microsoft/mgt-msal2-provider` package exposes the `Msal2Provider` class wh
       sid?: string, // Session ID
       loginHint?: string,
       domainHint?: string,
+      isIncrementalConsentDisabled?: boolean, //Disable incremental consent, true by default
       options?: Configuration // msal js Configuration object
     });
     ```
@@ -70,6 +72,7 @@ The `@microsoft/mgt-msal2-provider` package exposes the `Msal2Provider` class wh
                       authority=""> 
     </mgt-msal2-provider> 
     ```
+Add the `incremental-consent-disabled` boolean attribute if you wish to disable incremental consent.
 
 See [provider usage documentation](https://docs.microsoft.com/graph/toolkit/providers) to learn about how to use the providers with the mgt components, to sign in/sign out, get access tokens, call Microsoft Graph, and more.
 

packages/providers/mgt-msal2-provider/src/Msal2Provider.ts

@@ -93,6 +93,14 @@ interface Msal2ConfigBase {
    * @memberof Msal2Config
    */
   sid?: string;
+
+  /**
+   * Specifies if incremental consent is disabled
+   *
+   * @type {boolean}
+   * @memberof Msal2ConfigBase
+   */
+  isIncrementalConsentDisabled?: boolean;
 }
 
 /**
@@ -191,6 +199,14 @@ export class Msal2Provider extends IProvider {
    */
   private _sid;
 
+  /**
+   * Specifies if incremental consent is disabled
+   *
+   * @type {boolean}
+   * @memberof Msal2ConfigBase
+   */
+  private _isIncrementalConsentDisabled: boolean = false;
+
   /**
    * Configuration settings for authentication
    *
@@ -287,6 +303,8 @@ export class Msal2Provider extends IProvider {
     this._loginType = typeof config.loginType !== 'undefined' ? config.loginType : LoginType.Redirect;
     this._loginHint = typeof config.loginHint !== 'undefined' ? config.loginHint : null;
     this._sid = typeof config.sid !== 'undefined' ? config.sid : null;
+    this._isIncrementalConsentDisabled =
+      typeof config.isIncrementalConsentDisabled !== 'undefined' ? config.isIncrementalConsentDisabled : false;
     this._domainHint = typeof config.domainHint !== 'undefined' ? config.domainHint : null;
     this.scopes = typeof config.scopes !== 'undefined' ? config.scopes : ['user.read'];
     this._prompt = typeof config.prompt !== 'undefined' ? config.prompt : PromptType.SELECT_ACCOUNT;
@@ -577,6 +595,9 @@ export class Msal2Provider extends IProvider {
       return response.accessToken;
     } catch (e) {
       if (e instanceof InteractionRequiredAuthError) {
+        if (this._isIncrementalConsentDisabled) {
+          return null;
+        }
         if (this._loginType === LoginType.Redirect) {
           if (!this.areScopesDenied(scopes)) {
             this.setRequestedScopes(scopes);

packages/providers/mgt-msal2-provider/src/mgt-msal2-provider.ts

@@ -79,6 +79,17 @@ export class MgtMsal2Provider extends MgtBaseProvider {
   })
   public prompt: string;
 
+  /**
+   * Disables incremental consent
+   *
+   * @memberof MgtMsal2Provider
+   */
+  @property({
+    attribute: 'incremental-consent-disabled',
+    type: Boolean
+  })
+  public isIncrementalConsentDisabled: boolean;
+
   /**
    * Gets whether this provider can be used in this environment
    *
@@ -129,6 +140,10 @@ export class MgtMsal2Provider extends MgtBaseProvider {
         config.prompt = promptEnum;
       }
 
+      if (this.isIncrementalConsentDisabled) {
+        config.isIncrementalConsentDisabled = true;
+      }
+
       this.provider = new Msal2Provider(config);
       Providers.globalProvider = this.provider;
     }