Open
Description
Core Library
MSAL.js (@azure/msal-browser)
Core Library Version
^4.0.0 (4.7.0)
Wrapper Library
MSAL Angular (@azure/msal-angular)
Wrapper Library Version
^4.0.0 (4.0.6)
Public or Confidential Client?
Public
Description
When using standalone components MSAL Angular gets stuck in a redirect loop after signing-in when query string contains an apostrophe (%27) - for example: https://localhost:4200/profile?comments=blah%27blah.
This is easily reproduced using the Angular Standalone Sample
Error Message
There is no error message, but the MSAL Angular gets stuck in a redirect loop.
MSAL Logs
Please find verbose logs attached.
Network Trace (Preferrably Fiddler)
- Sent
- Pending
MSAL Configuration
Exactly as in the Angular Standalone Sample, just with the client id and authority updated.
{
auth: {
clientId: "clientId",
authority: "https://login.microsoftonline.com/tenantId",
redirectUri: '/',
postLogoutRedirectUri: '/'
},
cache: {
cacheLocation: BrowserCacheLocation.SessionStorage,
},
system: {
allowPlatformBroker: false, // Disables WAM Broker
loggerOptions: {
loggerCallback,
logLevel: LogLevel.Verbose,
piiLoggingEnabled: false,
}
}
}Relevant Code Snippets
See the Angular Standalone Sample](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-angular-samples/angular-standalone-sample)Reproduction Steps
- Run the Angular Standalone Sample (I run it using HTTPS)
- Open the web browser and navigate directly to the profile route passing a query string parameter containing an apostrophe. For example: https://localhost:4200/profile?comments=blah%27blah
- Sign in
- MSAL angular gets stuck in a redirect loop.
Expected Behavior
MSAL Angular shouldn't get stuck in a redirect loop. It should display the profile route.
Identity Provider
Entra ID (formerly Azure AD) / MSA
Browsers Affected (Select all that apply)
Edge, Chrome
Regression
No response