Core Library
MSAL.js (@azure/msal-browser)
Wrapper Library
Not Applicable
Public or Confidential Client?
Public
Description
When an application needs one-off user tokens for two separate resources (e.g. Microsoft Graph and the Teams PowerShell API / api.interfaces.records.teams.microsoft.com), the current API requires two separate acquireTokenPopup calls, because OAuth does not allow tokens for multiple resources in a single request.
This reliably triggers browser popup blocking on the second call (as only one popup is allowed synchronously within a user action handler like a button click).
Suggested solution is to add an optional popupWindowHandle?: Window field to PopupRequest.
When provided, PopupClient would skip openSizedPopup() and use the supplied window instead. This lets the application open a single popup synchronously on the user action/button click, then reuse it across sequential token acquisitions.
// User clicks button — open popup here, inside the gesture handler
const popupWindow = openMyPopup();
// First token — pass the pre-opened window
const graphResponse = await msalInstance.acquireTokenPopup({
scopes: ['https://graph.microsoft.com/Directory.ReadWrite.All'],
popupWindowHandle: popupWindow
});
// Second token — reuse the same window (no new popup opened)
const teamsResponse = await msalInstance.acquireTokenPopup({
scopes: ['https://api.interfaces.records.teams.microsoft.com/user_impersonation'],
popupWindowHandle: popupWindow,
loginHint: graphResponse.account.username
});
PopupParams already can take an existing popup object, so the change is hopefully simple and small, just exposing that capability from PopupRequest type.
The aim would be to allow:
- One popup window, reused for sequential token acquisitions
- No browser popup blocking on the second (or subsequent) requests
- No change to existing behaviour when
popupWindowHandle is not supplied
Core Library
MSAL.js (@azure/msal-browser)
Wrapper Library
Not Applicable
Public or Confidential Client?
Public
Description
When an application needs one-off user tokens for two separate resources (e.g. Microsoft Graph and the Teams PowerShell API / api.interfaces.records.teams.microsoft.com), the current API requires two separate acquireTokenPopup calls, because OAuth does not allow tokens for multiple resources in a single request.
This reliably triggers browser popup blocking on the second call (as only one popup is allowed synchronously within a user action handler like a button click).
Suggested solution is to add an optional
popupWindowHandle?: Windowfield toPopupRequest.When provided,
PopupClientwould skipopenSizedPopup()and use the supplied window instead. This lets the application open a single popup synchronously on the user action/button click, then reuse it across sequential token acquisitions.PopupParamsalready can take an existing popup object, so the change is hopefully simple and small, just exposing that capability fromPopupRequesttype.The aim would be to allow:
popupWindowHandleis not supplied