@chemmangat/msal-next 3.1.1 → 3.1.5

package/CHANGELOG.md

@@ -2,6 +2,97 @@
 
 All notable changes to this project will be documented in this file.
 
+## [3.1.5] - 2026-03-05
+
+### ✨ New Feature - Separate Popup Redirect URI
+
+**Added `popupRedirectUri` prop** - Now you can have different redirect URIs for popup vs redirect flows!
+
+**Changes:**
+- Added `popupRedirectUri` prop to MSALProvider (defaults to `/blank.html`)
+- `redirectUri` prop is now used only for redirect flow
+- Popup authentication automatically uses `popupRedirectUri`
+- Exported `getPopupRedirectUri()` utility function
+
+**Usage:**
+```tsx
+<MSALProvider
+  clientId="..."
+  redirectUri="/auth/callback"      // For redirect flow
+  popupRedirectUri="/blank.html"    // For popup flow (default)
+>
+```
+
+**Benefits:**
+- Use your custom redirect URI for redirect flow
+- Popup always uses blank.html (no full app loading in popup)
+- More flexible configuration
+
+## [3.1.4] - 2026-03-05
+
+### 🔧 Configuration Fix - Popup Redirect
+
+**BREAKING CHANGE:** You must now create a `public/blank.html` file and configure it as a redirect URI in Azure AD.
+
+**Why:** This prevents your full app from loading in the popup window after authentication.
+
+**Setup Required:**
+
+1. Create `public/blank.html`:
+```html
+<!DOCTYPE html>
+<html>
+<head><title>Auth</title></head>
+<body></body>
+</html>
+```
+
+2. Add to Azure AD redirect URIs:
+   - `http://localhost:3000/blank.html`
+   - `https://yourdomain.com/blank.html`
+
+3. Update your MSALProvider:
+```tsx
+<MSALProvider
+  clientId="..."
+  redirectUri={typeof window !== 'undefined' ? `${window.location.origin}/blank.html` : undefined}
+>
+```
+
+**Changes:**
+- Set `navigateToLoginRequestUrl` default to `false`
+- Updated README with blank.html setup instructions
+- Added PUBLIC_BLANK_HTML.md guide
+
+## [3.1.3] - 2026-03-05
+
+### 🐛 Critical Fix - Popup Redirect Issue
+
+**Fixed:** Popup window now stays as popup and doesn't navigate to redirect URI.
+
+**Changes:**
+- Added `windowHashTimeout`, `iframeHashTimeout`, and `loadFrameTimeout` to MSAL config
+- Set `redirectUri: undefined` in popup requests to prevent navigation
+- Popup now properly closes after authentication without showing redirect page
+
+**This fixes the issue where the redirect URI was opening inside the popup window instead of the popup closing.**
+
+## [3.1.2] - 2026-03-05
+
+### 📝 Documentation Update
+
+- Updated README with current version number
+- No code changes from 3.1.1
+
+## [3.1.1] - 2026-03-05
+
+### 📝 Documentation & Build
+
+- Fixed landing page build issues
+- Cleaned up redundant documentation files
+- Updated package files list
+- No code changes from 3.0.8
+
 ## [3.0.8] - 2026-03-05
 
 ### 🚨 CRITICAL BUG FIX

package/README.md

@@ -5,11 +5,11 @@ Production-grade MSAL authentication library for Next.js App Router with minimal
 [![npm version](https://badge.fury.io/js/@chemmangat%2Fmsal-next.svg)](https://www.npmjs.com/package/@chemmangat/msal-next)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
-> **📦 Current Version: 3.0.8** - Critical bug fixes for popup authentication. [See changelog](./CHANGELOG.md)
+> **📦 Current Version: 3.1.5** - Separate popup redirect URI support. [See changelog](./CHANGELOG.md)
 
 > **⚠️ Important:** If you're on v3.0.6 or v3.0.7, please update immediately - those versions have a critical popup authentication bug.
 
-> **Having issues?** Check the [Troubleshooting Guide](./TROUBLESHOOTING.md) for common problems and solutions.
+> **💡 Having issues?** Check the [Troubleshooting Guide](./TROUBLESHOOTING.md) for common problems and solutions.
 
 ## Features
 
@@ -91,7 +91,23 @@ npm install @chemmangat/msal-next@latest @azure/msal-browser@^4.0.0 @azure/msal-
 
 > **Important:** Use `MSALProvider` (not `MsalAuthProvider`) in your layout.tsx to avoid the "createContext only works in Client Components" error.
 
-### 1. Wrap your app with MSALProvider
+### 1. Create blank.html for popup authentication
+
+Create `public/blank.html`:
+
+```html
+<!DOCTYPE html>
+<html>
+<head><title>Auth</title></head>
+<body></body>
+</html>
+```
+
+Add to Azure AD redirect URIs:
+- `http://localhost:3000/blank.html`
+- `https://yourdomain.com/blank.html`
+
+### 2. Wrap your app with MSALProvider
 
 ```tsx
 // app/layout.tsx
@@ -104,6 +120,9 @@ export default function RootLayout({ children }) {
         <MSALProvider 
           clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
           tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
+          // Optional: specify custom redirect URIs
+          // redirectUri="/auth/callback"  // For redirect flow
+          // popupRedirectUri="/blank.html"  // For popup flow (default)
         >
           {children}
         </MSALProvider>
@@ -113,7 +132,7 @@ export default function RootLayout({ children }) {
 }
 ```
 
-### 2. Add sign-in button
+### 3. Add sign-in button
 
 ```tsx
 // app/page.tsx

package/dist/index.d.mts

@@ -41,6 +41,12 @@ interface MsalAuthConfig {
      * @default window.location.origin
      */
     redirectUri?: string;
+    /**
+     * Redirect URI for popup authentication (recommended: /blank.html)
+     * If not specified, uses redirectUri
+     * @default redirectUri
+     */
+    popupRedirectUri?: string;
     /**
      * Post logout redirect URI
      * @default redirectUri
@@ -103,7 +109,7 @@ interface MsalAuthProviderProps extends MsalAuthConfig {
  * @returns The MSAL instance or null if not initialized
  */
 declare function getMsalInstance(): PublicClientApplication | null;
-declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
+declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element | null;
 
 /**
  * Pre-configured MSALProvider component for Next.js App Router layouts.
@@ -584,6 +590,7 @@ interface UseRolesReturn {
  */
 declare function useRoles(): UseRolesReturn;
 
+declare function getPopupRedirectUri(): string | undefined;
 declare function createMsalConfig(config: MsalAuthConfig): Configuration;
 
 interface WithAuthOptions extends Omit<AuthGuardProps, 'children'> {
@@ -931,4 +938,4 @@ interface ServerSession {
     accessToken?: string;
 }
 
-export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };
+export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, getPopupRedirectUri, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };

package/dist/index.d.ts

@@ -41,6 +41,12 @@ interface MsalAuthConfig {
      * @default window.location.origin
      */
     redirectUri?: string;
+    /**
+     * Redirect URI for popup authentication (recommended: /blank.html)
+     * If not specified, uses redirectUri
+     * @default redirectUri
+     */
+    popupRedirectUri?: string;
     /**
      * Post logout redirect URI
      * @default redirectUri
@@ -103,7 +109,7 @@ interface MsalAuthProviderProps extends MsalAuthConfig {
  * @returns The MSAL instance or null if not initialized
  */
 declare function getMsalInstance(): PublicClientApplication | null;
-declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
+declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element | null;
 
 /**
  * Pre-configured MSALProvider component for Next.js App Router layouts.
@@ -584,6 +590,7 @@ interface UseRolesReturn {
  */
 declare function useRoles(): UseRolesReturn;
 
+declare function getPopupRedirectUri(): string | undefined;
 declare function createMsalConfig(config: MsalAuthConfig): Configuration;
 
 interface WithAuthOptions extends Omit<AuthGuardProps, 'children'> {
@@ -931,4 +938,4 @@ interface ServerSession {
     accessToken?: string;
 }
 
-export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };
+export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, getPopupRedirectUri, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };

package/dist/index.js

@@ -35,6 +35,7 @@ __export(client_exports, {
   createScopedLogger: () => createScopedLogger,
   getDebugLogger: () => getDebugLogger,
   getMsalInstance: () => getMsalInstance,
+  getPopupRedirectUri: () => getPopupRedirectUri,
   isValidAccountData: () => isValidAccountData,
   isValidRedirectUri: () => isValidRedirectUri,
   isValidScope: () => isValidScope,
@@ -105,6 +106,10 @@ function validateScopes(scopes) {
 }
 
 // src/utils/createMsalConfig.ts
+var storedPopupRedirectUri;
+function getPopupRedirectUri() {
+  return storedPopupRedirectUri;
+}
 function createMsalConfig(config) {
   if (config.msalConfig) {
     return config.msalConfig;
@@ -114,10 +119,11 @@ function createMsalConfig(config) {
     tenantId,
     authorityType = "common",
     redirectUri,
+    popupRedirectUri,
     postLogoutRedirectUri,
     cacheLocation = "sessionStorage",
     storeAuthStateInCookie = false,
-    navigateToLoginRequestUrl = true,
+    navigateToLoginRequestUrl = false,
     enableLogging = false,
     loggerCallback,
     allowedRedirectUris
@@ -136,6 +142,9 @@ function createMsalConfig(config) {
   };
   const defaultRedirectUri = typeof window !== "undefined" ? window.location.origin : "http://localhost:3000";
   const finalRedirectUri = redirectUri || defaultRedirectUri;
+  const defaultPopupRedirectUri = typeof window !== "undefined" ? `${window.location.origin}/blank.html` : "http://localhost:3000/blank.html";
+  const finalPopupRedirectUri = popupRedirectUri || defaultPopupRedirectUri;
+  storedPopupRedirectUri = finalPopupRedirectUri;
   if (allowedRedirectUris && allowedRedirectUris.length > 0) {
     if (!isValidRedirectUri(finalRedirectUri, allowedRedirectUris)) {
       throw new Error(
@@ -162,6 +171,10 @@ function createMsalConfig(config) {
       storeAuthStateInCookie
     },
     system: {
+      windowHashTimeout: 6e4,
+      // Increase timeout for popup
+      iframeHashTimeout: 6e3,
+      loadFrameTimeout: 0,
       loggerOptions: {
         loggerCallback: loggerCallback || ((level, message, containsPii) => {
           if (containsPii || !enableLogging) return;
@@ -200,6 +213,13 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
     if (typeof window === "undefined") {
       return;
     }
+    const isInPopup2 = window.opener && window.opener !== window;
+    if (isInPopup2) {
+      if (config.enableLogging) {
+        console.log("[MSAL] Detected popup window - minimal initialization");
+      }
+      return;
+    }
     if (instanceRef.current) {
       return;
     }
@@ -208,17 +228,17 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
         const msalConfig = createMsalConfig(config);
         const instance = new import_msal_browser2.PublicClientApplication(msalConfig);
         await instance.initialize();
-        const isInPopup = window.opener && window.opener !== window;
+        const isInPopup3 = window.opener && window.opener !== window;
         try {
           const response = await instance.handleRedirectPromise();
           if (response) {
             if (config.enableLogging) {
-              console.log("[MSAL] Redirect authentication successful", isInPopup ? "(popup)" : "(main)");
+              console.log("[MSAL] Redirect authentication successful", isInPopup3 ? "(popup)" : "(main)");
             }
             if (response.account) {
               instance.setActiveAccount(response.account);
             }
-            if (!isInPopup && window.location.hash) {
+            if (!isInPopup3 && window.location.hash) {
               window.history.replaceState(null, "", window.location.pathname + window.location.search);
             }
           }
@@ -234,7 +254,7 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
           } else {
             console.error("[MSAL] Redirect handling error:", redirectError);
           }
-          if (!isInPopup && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
+          if (!isInPopup3 && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
             window.history.replaceState(null, "", window.location.pathname + window.location.search);
           }
         }
@@ -290,6 +310,10 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
   if (typeof window === "undefined") {
     return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_jsx_runtime.Fragment, { children: loadingComponent || /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { children: "Loading authentication..." }) });
   }
+  const isInPopup = window.opener && window.opener !== window;
+  if (isInPopup) {
+    return null;
+  }
   if (!msalInstance) {
     return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_jsx_runtime.Fragment, { children: loadingComponent || /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { children: "Loading authentication..." }) });
   }
@@ -319,9 +343,12 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
         return;
       }
       try {
+        const popupRedirectUri = getPopupRedirectUri();
         const request = {
           scopes,
-          prompt: "select_account"
+          prompt: "select_account",
+          // Use popup-specific redirect URI (defaults to /blank.html)
+          redirectUri: popupRedirectUri
         };
         const response = await instance.loginPopup(request);
         if (response?.account) {
@@ -1682,6 +1709,7 @@ var import_msal_react3 = require("@azure/msal-react");
   createScopedLogger,
   getDebugLogger,
   getMsalInstance,
+  getPopupRedirectUri,
   isValidAccountData,
   isValidRedirectUri,
   isValidScope,

package/dist/index.mjs

@@ -52,6 +52,10 @@ function validateScopes(scopes) {
 }
 
 // src/utils/createMsalConfig.ts
+var storedPopupRedirectUri;
+function getPopupRedirectUri() {
+  return storedPopupRedirectUri;
+}
 function createMsalConfig(config) {
   if (config.msalConfig) {
     return config.msalConfig;
@@ -61,10 +65,11 @@ function createMsalConfig(config) {
     tenantId,
     authorityType = "common",
     redirectUri,
+    popupRedirectUri,
     postLogoutRedirectUri,
     cacheLocation = "sessionStorage",
     storeAuthStateInCookie = false,
-    navigateToLoginRequestUrl = true,
+    navigateToLoginRequestUrl = false,
     enableLogging = false,
     loggerCallback,
     allowedRedirectUris
@@ -83,6 +88,9 @@ function createMsalConfig(config) {
   };
   const defaultRedirectUri = typeof window !== "undefined" ? window.location.origin : "http://localhost:3000";
   const finalRedirectUri = redirectUri || defaultRedirectUri;
+  const defaultPopupRedirectUri = typeof window !== "undefined" ? `${window.location.origin}/blank.html` : "http://localhost:3000/blank.html";
+  const finalPopupRedirectUri = popupRedirectUri || defaultPopupRedirectUri;
+  storedPopupRedirectUri = finalPopupRedirectUri;
   if (allowedRedirectUris && allowedRedirectUris.length > 0) {
     if (!isValidRedirectUri(finalRedirectUri, allowedRedirectUris)) {
       throw new Error(
@@ -109,6 +117,10 @@ function createMsalConfig(config) {
       storeAuthStateInCookie
     },
     system: {
+      windowHashTimeout: 6e4,
+      // Increase timeout for popup
+      iframeHashTimeout: 6e3,
+      loadFrameTimeout: 0,
       loggerOptions: {
         loggerCallback: loggerCallback || ((level, message, containsPii) => {
           if (containsPii || !enableLogging) return;
@@ -147,6 +159,13 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
     if (typeof window === "undefined") {
       return;
     }
+    const isInPopup2 = window.opener && window.opener !== window;
+    if (isInPopup2) {
+      if (config.enableLogging) {
+        console.log("[MSAL] Detected popup window - minimal initialization");
+      }
+      return;
+    }
     if (instanceRef.current) {
       return;
     }
@@ -155,17 +174,17 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
         const msalConfig = createMsalConfig(config);
         const instance = new PublicClientApplication(msalConfig);
         await instance.initialize();
-        const isInPopup = window.opener && window.opener !== window;
+        const isInPopup3 = window.opener && window.opener !== window;
         try {
           const response = await instance.handleRedirectPromise();
           if (response) {
             if (config.enableLogging) {
-              console.log("[MSAL] Redirect authentication successful", isInPopup ? "(popup)" : "(main)");
+              console.log("[MSAL] Redirect authentication successful", isInPopup3 ? "(popup)" : "(main)");
             }
             if (response.account) {
               instance.setActiveAccount(response.account);
             }
-            if (!isInPopup && window.location.hash) {
+            if (!isInPopup3 && window.location.hash) {
               window.history.replaceState(null, "", window.location.pathname + window.location.search);
             }
           }
@@ -181,7 +200,7 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
           } else {
             console.error("[MSAL] Redirect handling error:", redirectError);
           }
-          if (!isInPopup && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
+          if (!isInPopup3 && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
             window.history.replaceState(null, "", window.location.pathname + window.location.search);
           }
         }
@@ -237,6 +256,10 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
   if (typeof window === "undefined") {
     return /* @__PURE__ */ jsx(Fragment, { children: loadingComponent || /* @__PURE__ */ jsx("div", { children: "Loading authentication..." }) });
   }
+  const isInPopup = window.opener && window.opener !== window;
+  if (isInPopup) {
+    return null;
+  }
   if (!msalInstance) {
     return /* @__PURE__ */ jsx(Fragment, { children: loadingComponent || /* @__PURE__ */ jsx("div", { children: "Loading authentication..." }) });
   }
@@ -266,9 +289,12 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
         return;
       }
       try {
+        const popupRedirectUri = getPopupRedirectUri();
         const request = {
           scopes,
-          prompt: "select_account"
+          prompt: "select_account",
+          // Use popup-specific redirect URI (defaults to /blank.html)
+          redirectUri: popupRedirectUri
         };
         const response = await instance.loginPopup(request);
         if (response?.account) {
@@ -1628,6 +1654,7 @@ export {
   createScopedLogger,
   getDebugLogger,
   getMsalInstance,
+  getPopupRedirectUri,
   isValidAccountData,
   isValidRedirectUri,
   isValidScope,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chemmangat/msal-next",
-  "version": "3.1.1",
+  "version": "3.1.5",
   "description": "Production-grade MSAL authentication package for Next.js App Router with minimal boilerplate",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",