Unfortunately (as with most things auth-related), there are some gotcha’s to be aware of. One relates to how ADAL obtains refresh tokens in this crazy world of implicit auth.
Implicit Auth Flow
Implicit auth allows for the application developer to not have to host their own token authentication service. The ADAL.js and the Azure AD auth endpoint do all the heavy lifting:
It’s the bottom third of the diagram (after the token expires) that causes the issue I am addressing in this post.… [Keep reading] “Preventing double-app-loading behaviour with ADAL.js”