Support passing a user-defined state value to AuthCodeURL on public clients#491
Support passing a user-defined state value to AuthCodeURL on public clients#491dcormier wants to merge 1 commit into
AuthCodeURL on public clients#491Conversation
|
Why do you need to pass in your own state on public client? MSAL should perform both legs (authorization call and token call) on public client. I can understand this scenario for confidential client, where you need MSAL only to generate the auth code URL, redirect the user there and then MSAL calls AcquireTokenByAuthCode |
|
Maybe it isn't needed. I'm using the confidential client and needed it. I started working on it before seeing #485 was sitting there. I had done both sides since the functionality appeared similar, so I figured I might as well submit it. |
Agreed with what @bgavrilMS said. Also want to add that some MSALs historically have the generate auth url function even in public client, and it looks like MSAL Go does. So, technically we could have added state support for that legacy function. But perhaps we shouldn't bother, and just deprecate that function and ask app developers to use public client's interactive function instead. If you would also agree, let's close this PR and close issues that are public-client-only as wontfix. |
|
You can update the auth code URL manually for this. |
Related to #485, #227, and #407.