Trying to figure out. What’s the difference between ssoSilent() and acquireTokenSilent() in MSAL.js?
Both seem to fetch an auth object that has token inside them. Well u can call ssoSilent(...) without providing an Account. But u can get those via instance.getAllAccounts()[1] and then call acquireTokenSilent(...), but that just doesn’t sound justifining.
I found somewhere, that u are supposed to call ssoSilent(...) at Login and then just call acquireTokenSilent(...) when calling APIs, but acquireTokenSilent(...) by itself seems to do all the work.
Can someone please clarify, how they differ/when to use which?
2
Answers
MSAL provides both the methods for silent sign-in or SSO. But there are cases where you need to use the interactive methods. For instance, due to the third-party cookie restrictions plugins present in some browsers,
ssoSilentrequests will fail despite an active user session with Azure AD. As a remedy, you can pass thepromptvalue asnoneto an interactive request such asloginPopup. MSAL.js will then open a popup window to Azure AD and Azure AD will honor the prompt value by utilizing the existing session cookie. In this case, the user will see a brief popup window but will not be prompted for a credential entry.ssoSilentshould be called when an app wants to leverage an existing AAD session (implying interaction screens e.g., consent are not needed and the user context is established with the AAD service with a different authentication method) and fetch new tokens from the service.acquireTokenSilentis preferred when the user has fetched tokens prior using MSAL JS, calling interactive APIs (loginPopup/acquireTokenPopup, loginRedirect/acquireTokenRedirect) and would like MSAL JS to fetch unexpired tokens from the cache as first preference.There is more nuance when tokens are expired/ or cannot be renewed silently for both these APIs.