Microsoft Authentication in an iframe
Hello guys,
I have migrated multiple apps to Azure and they're working great, however this one app is required to run inside of an iframe on another website. The issue is that Microsoft do not allow authentication inside of an iframe due to security concerns.
I could disable auth on the app due to it being available internally only, but I still need the users email address to get the required information to load within the app. The website that the iframe needs to be embedded on uses Microsoft Authentication itself before getting to this point.
Does anyone know of a way to somehow either pass the user's email into the iframed app or just get authentication to work another way? Thanks.
1 Reply
This is just an idea, but assuming you have control over both apps, have you considered passing what you need via postMessage in JavaScript?
https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
be sure to read about the security implications, of course, even if it’s an internal app.
MDN Web Docs
Window: postMessage() method - Web APIs | MDN
The window.postMessage() method safely enables cross-origin communication between Window objects; e.g., between a page and a pop-up that it spawned, or between a page and an iframe embedded within it.