Possible to provide SSO via `acquireTokenSilently` DBUS request?

[dmulder]

Would it be possible to provide a fallback to acquireTokenSilently if the acquirePrtSsoCookie request fails?
I'm asking because in Himmelblau, there are times when we can't provide the PRT sso cookie (such as with an MSA personal account user). It'd be nice if we could still provide SSO for a personal Outlook account to o365, for example.

[fmoessbauer]

Hi @dmulder , could you please elaborate how that technically works? The PrtSSOCookie is injected into the http request towards login.microsoftonline.com, while the access tokens are used to query data from services (vanilla OIDC).

How can a access token help to SSO on login.microsoftonline.com?

[dmulder]

I'm not sure how it would work. I'm asking if it is possible. For MSA accounts, there is no PRT. We can only utilize a refresh token, and exchange it for access tokens. Perhaps MS has some undocumented PrtSSOCookie for standard refresh tokens?