Redirect Bridge login fails when initiated from page with a hash

[h3rmanj]

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

5.6.1

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

5.1.0

Public or Confidential Client?

Public

Description

When using a Redirect Bridge, and initiating a login with InteractionType.Redirect, the login fails with the error code: authorization_code_missing_from_server_response.

If I skip the redirect bridge, it works as expected.

From what I can see, when using the redirect bridge:

• Entra redirects to /redirect#code
• Redirect bridge redirects to /#originalhash#codeXXX
• MSAL errors, strips #codeXXX and ends up in /#originalhash

And without redirect bridge:

• Entra redirects to /#codeXXX
• MSAL succeeds, lib strips code and ends up in /#originalhash

It seems the redirect bridge doesn't strip away the hash from the initial url when redirecting back to the SPA, and just appends the #code from entra, making the PublicClientApplication fail when trying to handle the code from the hash.

Error Message

No response

MSAL Logs

No response

Network Trace (Preferrably Fiddler)

• Sent
• Pending

MSAL Configuration

const instance = new PublicClientApplication({
	auth: {
		clientId: import.meta.env.VITE_MSAL_CLIENT_ID,
		authority: import.meta.env.VITE_MSAL_AUTHORITY,
		redirectUri: `${window.location.origin}/redirect`,
		// without redirect bridge, it works:
		// redirectUri: window.location.origin,
	},
});

Relevant Code Snippets

https://github.com/h3rmanj/msal-hash-redirect-repro

Reproduction Steps

1. Download the sample
2. Install Dependencies
3. Add the Client ID
4. Run the sample

Expected Behavior

Should behave the same as when redirecting without a redirect bridge.

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

Firefox, Safari, Edge

Regression

No response

[h3rmanj]

#8460 should fix this

[h3rmanj]

Correction: #8467 should fix this