Update docs with popup closure detection and interaction status details (#8580)

konstantin-msft · tnorling · Copilot · web-flow · commit 1d8d2aeb8247 · 2026-05-04T14:44:58.000-07:00
This pull request updates the MSAL Browser documentation to reflect
changes in how popup and iframe authentication timeouts are handled, and
provides new guidance on detecting popup closure events. The most
important changes are grouped below:

**Configuration and Timeout Options:**

* Updated `lib/msal-browser/docs/configuration.md` to remove legacy
timeout options (`windowHashTimeout`, `iframeHashTimeout`,
`loadFrameTimeout`, `navigateFrameWait`, and `pollIntervalMilliseconds`)
and add new options: `popupBridgeTimeout` (for popups, default 60s) and
`iframeBridgeTimeout` (for hidden iframes, default 10s), both related to
BroadcastChannel-based communication.

**Popup Closure Handling and User Experience:**

* Added a new section in `lib/msal-browser/docs/login-user.md`
explaining how popup closure detection now works using BroadcastChannel,
the resulting user experience when a popup is closed (including delayed
error handling and `InteractionStatus` behavior), and how to allow users
to retry login immediately using the `overrideInteractionInProgress`
flag.

---------

Co-authored-by: Thomas Norling &lt;thomas.norling@microsoft.com&gt;
Co-authored-by: Copilot Autofix powered by AI &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/lib/msal-browser/docs/configuration.md b/lib/msal-browser/docs/configuration.md
@@ -99,14 +99,11 @@ See [Caching in MSAL](./caching.md) for more.
 | Option                     | Description                                                                                                                                                                                                                                                                                                   | Format                               | Default Value                                    |
 | -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | ------------------------------------------------ |
 | `loggerOptions`            | Config object for logger.                                                                                                                                                                                                                                                                                     | See [below](#logger-config-options). | See [below](#logger-config-options).             |
-| `windowHashTimeout`        | Timeout in milliseconds to wait for popup operations to resolve.                                                                                                                                                                                                                                              | integer (milliseconds)               | `60000`                                          |
-| `iframeHashTimeout`        | Timeout in milliseconds to wait for iframe operations to resolve.                                                                                                                                                                                                                                             | integer (milliseconds)               | `6000`                                           |
-| `loadFrameTimeout`         | Timeout in milliseconds to wait for iframe/popup operations resolve. If provided, will set default values for `windowHashTimeout` and `iframeHashTimeout`.                                                                                                                                                    | integer (milliseconds)               | `undefined`                                      |
-| `navigateFrameWait `       | Delay in milliseconds to wait for the iframe to load in the window.                                                                                                                                                                                                                                           | integer (milliseconds)               | In IE or Edge: `500`, in all other browsers: `0` |
 | `navigatePopups`           | Sets whether popups are opened and navigated to later. By default, this flag is set to true. When set to true, blank popups are opened and navigates to login domain. When set to false, popups are opened directly to the login domain. This can be set to false for scenarios where `about:blank` is not supported, e.g. desktop apps or progressive web apps. | boolean | `true` |
 | `allowRedirectInIframe`    | By default, MSAL will not allow redirect operations to be initiated when the application is inside an iframe. Set this flag to `true` to remove this check.                                                                                                                                                   | boolean                              | `false`                                          |
 | `cryptoOptions`            | Config object for crypto operations in the browser.                                                                                                                                                                                                                                                           | See [below](#crypto-config-options.) | See [below](#crypto-config-options.)             |
-| `pollIntervalMilliseconds` | Interval of time in milliseconds between polls of popup URL hash during authenticaiton.                                                                                                                                                                                                                       | integer (milliseconds)               | `30`                                             |
+| `popupBridgeTimeout`       | Timeout in milliseconds to wait for the popup to send its response via BroadcastChannel. If the user closes the popup without completing authentication, `loginPopup` or `acquireTokenPopup` will reject with a `timed_out` error after this timeout. See [Popup closure detection](./login-user.md#popup-closure-detection-and-interactionstatus). | integer (milliseconds) | `60000` |
+| `iframeBridgeTimeout`      | Timeout in milliseconds to wait for a hidden iframe to send its response via BroadcastChannel during silent token acquisition (`ssoSilent`, `acquireTokenSilent`). If the iframe does not respond within this time, the call will reject with a `timed_out` error. | integer (milliseconds) | `10000` |
 | `protocolMode`               | Enum representing the protocol mode to use. If `"AAD"`, will function on the OIDC-compliant AAD v2 endpoints; if `"OIDC"`, will function on other OIDC-compliant endpoints.   
 
 #### Logger Config Options
diff --git a/lib/msal-browser/docs/login-user.md b/lib/msal-browser/docs/login-user.md
@@ -236,6 +236,23 @@ For more information and complete sample implementations, see:
 - [React Router Sample](../../../samples/msal-react-samples/react-router-sample)
 - [Express Sample](../../../samples/msal-browser-samples/ExpressSample)
 
+## Popup closure detection and `InteractionStatus`
+
+Starting in MSAL Browser v5, popup authentication uses a [BroadcastChannel](https://developer.mozilla.org/en-US/docs/Web/API/BroadcastChannel) to receive the authentication response from the popup window. This replaces the previous `window.closed` polling mechanism used in earlier versions.
+
+### What happens when a user manually closes the popup
+
+When a user closes the popup window without completing authentication (e.g., clicks the X button), MSAL cannot detect the closure immediately. Because of Cross Origin Opener Policies (COOP) that sever the connection between the opener and popup windows, MSAL no longer has a way to observe when the popup window is closed. Instead, MSAL waits for the configured `popupBridgeTimeout` (default: 60 seconds) to expire before throwing a `timed_out` error.
+
+This means:
+- `InteractionStatus` remains `Login` (or `AcquireToken`) until the timeout fires
+- The `LOGIN_FAILURE` (or `ACQUIRE_TOKEN_FAILURE`) event is emitted only after the timeout
+- The `loginPopup()` (or `acquireTokenPopup()`) promise rejects with a `timed_out` error after the timeout
+
+### Allowing the user to retry immediately
+
+If a user closes the popup and you want to allow them to retry login without waiting for the timeout, use the `overrideInteractionInProgress` flag as described in the section below.
+
 ## Handling popup `interaction_in_progress` errors
 
 For popup flows, you can use the `overrideInteractionInProgress` flag to cancel a pending interaction and start a new one. This is useful for recovery scenarios where the user cancelled a popup or an interaction failed.
