Skip to content

Enhance browser-based login success message to advise against its use… #28990

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
isra-fel wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Enhance browser-based login success message to advise against its use… #28990

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/Accounts/Accounts/ChangeLog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
-->

## Upcoming Release
* Updated the success message of browser-based interactive login to warn users against using this authentication method and recommend switching to Web Account Manager (WAM) for a more robust authentication mechanism.
Copy link

Copilot AI Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the ChangeLog.md guidelines for this repository, less-obvious acronyms should always be explained on first use in a release section. While "WAM" is explained as "Web Account Manager" here, it would be helpful to also explain what WAM provides or why users should switch to it, similar to how other changelog entries in this file provide context about what changes mean for users.

Copilot generated this review using guidance from repository custom instructions.

## Version 5.3.1
* Updated Azure.Core from 1.45.0 to 1.47.3
Expand Down
7 changes: 7 additions & 0 deletions src/Accounts/Authenticators/InteractiveUserAuthenticator.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,13 +54,20 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
var requestContext = new TokenRequestContext(scopes, claims: claimsChallenge, isCaeEnabled: true);
var authority = interactiveParameters.Environment.ActiveDirectoryAuthority;

var browserCustomizationOptions = new BrowserCustomizationOptions()
{
SuccessMessage = @"Login completed successfully. You can close this browser window and return to the application.
<b>Warning:</b> We strongly advise against the authentication method you are about to use. Please switch to the broker (WAM) for a more robust authentication mechanism. Learn more about using WAM here http://",
Copy link

Copilot AI Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The message says "strongly advise against the authentication method" which may be too strong and potentially confusing for users. Consider softening the language to "recommend using" rather than "strongly advise against", as browser-based authentication is still a valid and functional method, just not the most robust option. The current wording could cause unnecessary alarm for users who may not be able to immediately switch to WAM.

Suggested change
<b>Warning:</b> We strongly advise against the authentication method you are about to use. Please switch to the broker (WAM) for a more robust authentication mechanism. Learn more about using WAM here http://",
<b>Notice:</b> For a more robust authentication experience, we recommend using the broker (WAM) when possible. Learn more about using WAM here http://",

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The URL in the success message is incomplete - it ends with "http://". This should be replaced with a complete URL. Based on other references in the codebase, the standard URL for WAM documentation is either https://go.microsoft.com/fwlink/?linkid=2272007 or https://learn.microsoft.com/en-us/entra/msal/dotnet/acquiring-tokens/desktop-mobile/wam

Suggested change
<b>Warning:</b> We strongly advise against the authentication method you are about to use. Please switch to the broker (WAM) for a more robust authentication mechanism. Learn more about using WAM here http://",
<b>Warning:</b> We strongly advise against the authentication method you are about to use. Please switch to the broker (WAM) for a more robust authentication mechanism. Learn more about using WAM here https://go.microsoft.com/fwlink/?linkid=2272007",

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The message states "the authentication method you are about to use" but this message appears after login has been completed successfully. The wording should be changed to reflect that the authentication has already occurred. Consider rephrasing to something like "the authentication method you just used" or "this authentication method".

Suggested change
<b>Warning:</b> We strongly advise against the authentication method you are about to use. Please switch to the broker (WAM) for a more robust authentication mechanism. Learn more about using WAM here http://",
<b>Warning:</b> We strongly advise against the authentication method you just used. Please switch to the broker (WAM) for a more robust authentication mechanism. Learn more about using WAM here http://",

Copilot uses AI. Check for mistakes.
};

var options = new InteractiveBrowserCredentialOptions()
{
ClientId = clientId,
TenantId = tenantId,
TokenCachePersistenceOptions = tokenCacheProvider.GetTokenCachePersistenceOptions(),
AuthorityHost = new Uri(authority),
RedirectUri = GetReplyUrl(onPremise, interactiveParameters.PromptAction),
BrowserCustomization = browserCustomizationOptions,
LoginHint = interactiveParameters.UserId
};
options.DisableInstanceDiscovery = interactiveParameters.DisableInstanceDiscovery ?? options.DisableInstanceDiscovery;
Expand Down
Loading