WASM Multithreading and Authentication

[topper-man]

We're creating a Webassembly-App and want to add MSAL-Authentication as well as Multithreading.

To enable multithreading we've added some headers to our app pages as it is described in the documentation:
https://platform.uno/docs/articles/external/uno.wasm.bootstrap/doc/features-threading.html

->
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin

Now when we want to add authentication to the app as well, the second header "Cross-Origin-Opener-Policy: same-origin" leads to the problem that the login dialog doesn't close after the user is selected successfully. After debugging the uno-ui-msal.js file I got the impression that the reference from the app window to the login window gets lost. In the documentation (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy) I found that there is also a value "Cross-Origin-Opener-Policy: same-origin-allow-popups". But that didn't help ...
When I remove the header everything is working fine, so all the other settings with the redirect-URI, etc. should be okay.

Is this header still needed for multithreading? When I create a solution from the UNO template I cant't find this setting when enabling WASM-Multithreading.

Any ideas?

Thanks

[agneszitte]

cc @jeromelaban, @nickrandolph

[jeromelaban]

This is a generic question for Web development when these particular headers are needed, and yes both COEP and COOP are required by browsers to have Wasm threads enabled. More details are available here.

[topper-man]

Thank you for the COEP and COOP links. Helped me to understand things better!
Nevertheless I'm pretty sure now, that it is currently not comfortably possible to use Multithreading and MSAL-Authentication in our UNO application. Mutlithreading demands the COOP same-origin header. But the uno-ui-msal.js script, that I mentioned above, tries to install an EventListener on the new window (which is the Microsoft Login page in my case). And this is not possible for the same-origin case.
So my question related to UNO: Is it correct to always try to install this EventListener in uno-ui-msal.js? In my eyes that can't work ...

The only way I see now is to have a separate static login page, that handles everything around authentication. And only after successful authentication we'll start the UNO application and pass the JWT token to it. Not too happy with this solution ...