- msal library loads
- msal generates a verification key (PKCE)
- msla redirects browser to the azure ad oauth server login
- the azure login server logins and redirects back to client
- the msal library loads
- msal parses the url to get verification tokens
- msal call oauth server with verification tokens to get actual tokens
- msal stores the token in session or local storage depending on configuration
now you add blazor.
- the blazor init js loads blazor wasm
- the blazor app config phase loads the msal library
- the blazor app detects authorization is required and call the msal library to get a token
- msal library starts at step 2 above.
you could speed up by calling msal directly. your hosting page could call msal js to get token before loading the blazor wasm. then blazer could call msal to get token.
note: in the past an iframe could be used for the login, but most oauth server longer support this.