MSAL.js 交互式请求中的提示行为Prompt behavior in MSAL.js interactive requests

当用户通过多个用户帐户建立一个活动的 Azure AD 会话时,Azure AD 登录页面会在默认情况下提示用户在继续登录之前选择一个帐户。When a user has established an active Azure AD session with multiple user accounts, the Azure AD sign in page will by default prompt the user to select an account before proceeding to sign in. 如果只有一个通过 Azure AD 进行的经身份验证的会话,则用户不会看到帐户选择体验。Users will not see an account selection experience if there is only a single authenticated session with Azure AD.

MSAL.js 库(从 v0.2.4 开始)在交互式请求(loginRedirectloginPopupacquireTokenRedirectacquireTokenPopup)过程中不发送 prompt 参数,因此不强制任何提示行为。The MSAL.js library (starting in v0.2.4) does not send a prompt parameter during the interactive requests (loginRedirect, loginPopup, acquireTokenRedirect and acquireTokenPopup), and thereby does not enforce any prompt behavior. 对于使用 acquireTokenSilent 方法的无提示令牌请求,MSAL.js 会传递一个设置为 none 的 prompt 参数。For silent token requests using the acquireTokenSilent method, MSAL.js passes a prompt parameter set to none.

可以根据应用程序方案控制交互式请求的提示行为,只需在传递给方法的请求参数中设置 prompt 参数即可。Based on your application scenario, you can control the prompt behavior for the interactive requests by setting the prompt parameter in the request parameters passed to the methods. 例如,若要调用帐户选择体验,请执行以下操作:For example, if you want to invoke the account selection experience:

var request = {
    scopes: ["https://microsoftgraph.chinacloudapi.cn/user.read"],
    prompt: 'select_account',
}

userAgentApplication.loginRedirect(request);

使用 Azure AD 进行身份验证时,可以传递以下提示值:The following prompt values can be passed when authenticating with Azure AD:

login: 此值会强制用户在收到身份验证请求时输入凭据。login: This value will force the user to enter credentials on the authentication request.

select_account: 此值会列出会话中的所有帐户,为用户提供帐户选择体验。select_account: This value will provide the user with an account selection experience listing all the accounts in session.

consent: 此值会调用 OAuth 许可对话框,让用户授予对应用的权限。consent: This value will invoke the OAuth consent dialogue that allows users to grant permissions to the app.

none: 此值会确保用户看不到任何交互式提示。none: This value will ensure that the user does not see any interactive prompt. 建议不要将此值传递给 MSAL.js 中的交互式方法,因为它可能导致意外的行为。It is recommended not to pass this value to interactive methods in MSAL.js as it can have unexpected behaviors. 请改用 acquireTokenSilent 方法来实现无提示调用。Instead, use the acquireTokenSilent method to achieve silent calls.

后续步骤Next steps

详细了解 MSAL.js 库使用的 OAuth 2.0 隐式授予协议中的 prompt 参数。Read more about the prompt parameter in the OAuth 2.0 implicit grant protocol which MSAL.js library uses.