Add a hook or flag to distinguish between authenticated users and users assigned to the current application in msal-react

[akshayquest]

Core Library

MSAL.js (@azure/msal-browser)

Wrapper Library

MSAL React (@azure/msal-react)

Public or Confidential Client?

Public

Description

Currently, the useIsAuthenticated hook in msal-react returns true if there is a cached account, even if the user is not actually assigned to the Azure AD B2C application. This leads to scenarios where users who are authenticated but not assigned to the app are redirected to protected routes, resulting in errors like AAD_Custom_UserNotAssignedToApplication.

It would be very helpful to have a hook or flag (e.g., useIsAssignedToApp) that only returns true if the authenticated user is actually assigned to the current application. This would allow developers to provide a better user experience and avoid unnecessary errors or redirect loops for unassigned users.

Use case:
When a user visits the root route (/), we want to show the landing page for users who are not assigned to the app, even if they are authenticated in Azure AD B2C, and only redirect assigned users to the home page.

Thank you for considering this feature!

[tnorling]

I'm not familiar with this concept. What does it mean for a user to not be assigned to an app? Is this some custom rule? Generally speaking, accounts are not tied to individual apps, tokens are however. You may be better suited using the useMsalAuthentication hook as this takes token availability/validity into account, where useIsAuthenticated does not.