This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I learned at MS Build 2020 that MSAL-Angular is GA. I was wondering if it supports authorization_code flow & PKCE like MSAL 2.0 for JS does already?
I've implemented a baseline login component, but seems that it is still using implicit flow?
Is there a plan to support auth_code as well?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
As MSAL Angular library does not support auth code flow and still uses the implicit flow, I suggest you to please post this as a feedback at UserVoice. This will allow the community to upvote and for the product team to include into their plans.
Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 45%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJV%3C/text%3E%3C/svg%3E)
As per the thread - https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/944 , it appears that it has been taken as work item. I never followed up after that. You can reactivate and check the status on the above thread.
@Bernd Schickerbauer OAuth 2.0 Authorization Code Flow with PKCE for MSAL.JS is in preview and you can find the beta version of the library over here .
@Saurabh Sharma Yep, thank you for your reference. I am aware of the preview.
My question is specifically referencing to the existing msal-angular wrapper library: https://www.npmjs.com/package/@azure/msal-angular or msal-angular
Will that one get auth_code support soon? Or is the angular wrapper library deprecated?
@Bernd Schickerbauer No, MSAL Angular library does not support auth code flow and still uses the implicit flow.
Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.
I am asking as I've been trying to implement an auth_code flow with other oidc libraries (not msal, adal) in an angular (v9) project. The login always fails as requests to /token endpoint are blocked by CORS policies.
I do get an auth_code, but the request to /token/ endpoint is then blocked.
Access to XMLHttpRequest at 'https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Whereas https://login.microsoftonline.com/<tenant>/discovery/v2.0/keys does support CORS.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 79%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
In 2020 the Microsoft support for SPAs has improved a lot. If it helps anyone I have a blog post and code sample that some of you may find useful. I always avoid vendor specific OAuth libraries such as MSAL though. You should find you can then get past all of the above problems. Eg the CORS problem is resolved in Step 6 of my write up.