@chemmangat/msal-next 3.1.2 → 3.1.6

package/CHANGELOG.md

@@ -2,6 +2,123 @@
 
 All notable changes to this project will be documented in this file.
 
+## [3.1.5] - 2026-03-05
+
+### 🔄 Breaking Change - Redirect Flow by Default
+
+**MicrosoftSignInButton now uses redirect flow by default** instead of popup flow.
+
+**Why this change?**
+- Popup flow requires additional setup (blank.html page)
+- Popup flow causes the full app to load in popup window
+- Redirect flow is simpler and works out of the box
+- Most users prefer redirect flow for better UX
+
+**Migration:**
+
+If you were using the default popup behavior:
+```tsx
+// Before (v3.1.4 and earlier) - used popup by default
+<MicrosoftSignInButton />
+
+// After (v3.1.5) - uses redirect by default
+<MicrosoftSignInButton />  // Now redirects full page
+
+// To keep popup behavior:
+<MicrosoftSignInButton useRedirect={false} />
+```
+
+**New Default Behavior:**
+- Button redirects the entire browser window to Microsoft login
+- After authentication, redirects back to your app
+- No popup windows, no blank.html needed
+- Works with your existing Azure AD redirect URI
+
+### ✨ Optional Popup Support
+
+**Added optional `popupRedirectUri` prop** - Only use if you prefer popup flow.
+
+**For Popup Flow (Optional):**
+1. Create `public/blank.html`
+2. Add `/blank.html` to Azure AD redirect URIs
+3. Use:
+```tsx
+<MSALProvider popupRedirectUri="/blank.html">
+  <MicrosoftSignInButton useRedirect={false} />
+</MSALProvider>
+```
+
+**Benefits:**
+- Simpler default experience (no setup required)
+- Redirect flow works out of the box
+- Popup flow still available for those who need it
+- Backward compatible (just set `useRedirect={false}`)
+
+## [3.1.4] - 2026-03-05
+
+### 🔧 Configuration Fix - Popup Redirect
+
+**BREAKING CHANGE:** You must now create a `public/blank.html` file and configure it as a redirect URI in Azure AD.
+
+**Why:** This prevents your full app from loading in the popup window after authentication.
+
+**Setup Required:**
+
+1. Create `public/blank.html`:
+```html
+<!DOCTYPE html>
+<html>
+<head><title>Auth</title></head>
+<body></body>
+</html>
+```
+
+2. Add to Azure AD redirect URIs:
+   - `http://localhost:3000/blank.html`
+   - `https://yourdomain.com/blank.html`
+
+3. Update your MSALProvider:
+```tsx
+<MSALProvider
+  clientId="..."
+  redirectUri={typeof window !== 'undefined' ? `${window.location.origin}/blank.html` : undefined}
+>
+```
+
+**Changes:**
+- Set `navigateToLoginRequestUrl` default to `false`
+- Updated README with blank.html setup instructions
+- Added PUBLIC_BLANK_HTML.md guide
+
+## [3.1.3] - 2026-03-05
+
+### 🐛 Critical Fix - Popup Redirect Issue
+
+**Fixed:** Popup window now stays as popup and doesn't navigate to redirect URI.
+
+**Changes:**
+- Added `windowHashTimeout`, `iframeHashTimeout`, and `loadFrameTimeout` to MSAL config
+- Set `redirectUri: undefined` in popup requests to prevent navigation
+- Popup now properly closes after authentication without showing redirect page
+
+**This fixes the issue where the redirect URI was opening inside the popup window instead of the popup closing.**
+
+## [3.1.2] - 2026-03-05
+
+### 📝 Documentation Update
+
+- Updated README with current version number
+- No code changes from 3.1.1
+
+## [3.1.1] - 2026-03-05
+
+### 📝 Documentation & Build
+
+- Fixed landing page build issues
+- Cleaned up redundant documentation files
+- Updated package files list
+- No code changes from 3.0.8
+
 ## [3.0.8] - 2026-03-05
 
 ### 🚨 CRITICAL BUG FIX

package/README.md

@@ -5,7 +5,7 @@ Production-grade MSAL authentication library for Next.js App Router with minimal
 [![npm version](https://badge.fury.io/js/@chemmangat%2Fmsal-next.svg)](https://www.npmjs.com/package/@chemmangat/msal-next)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
-> **📦 Current Version: 3.1.2** - Critical bug fixes for popup authentication. [See changelog](./CHANGELOG.md)
+> **📦 Current Version: 3.1.5** - Separate popup redirect URI support. [See changelog](./CHANGELOG.md)
 
 > **⚠️ Important:** If you're on v3.0.6 or v3.0.7, please update immediately - those versions have a critical popup authentication bug.
 
@@ -134,6 +134,60 @@ export default function Home() {
 
 That's it! 🎉
 
+The button uses redirect flow by default (full page redirect to Microsoft login, then back to your app). No popups, no blank.html needed.
+
+## Optional: Fix Popup Window Issue
+
+**Important:** When using popup authentication, the popup window MUST navigate to your redirect URI to complete the OAuth flow. This is how OAuth works and cannot be avoided.
+
+By default, this means your full Next.js app will briefly load in the popup before it closes. The package detects this and renders minimal content, but you may still see a flash of your app.
+
+### Solution: Use a Blank Page (Recommended for Popup Flow)
+
+For the cleanest popup experience, create a blank HTML page:
+
+### 1. Create blank.html
+
+Create `public/blank.html`:
+
+```html
+<!DOCTYPE html>
+<html>
+<head><title>Auth</title></head>
+<body></body>
+</html>
+```
+
+### 2. Add to Azure AD
+
+Add to Azure AD redirect URIs:
+- `http://localhost:3000/blank.html`
+- `https://yourdomain.com/blank.html`
+
+### 3. Configure MSALProvider
+
+```tsx
+<MSALProvider 
+  clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
+  tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
+  popupRedirectUri="/blank.html"  // Add this line
+>
+  {children}
+</MSALProvider>
+```
+
+This ensures the popup shows only a blank page and closes immediately.
+
+### Alternative: Use Redirect Flow
+
+If you don't want to set up blank.html, use redirect flow instead:
+
+```tsx
+<MicrosoftSignInButton useRedirect={true} />
+```
+
+Redirect flow navigates the entire browser window (no popup), so there's no "app in popup" issue.
+
 ## Components
 
 ### MSALProvider (Recommended for App Router)
@@ -186,15 +240,18 @@ export function MyProviders({ children }) {
 
 ### MicrosoftSignInButton
 
-Pre-styled sign-in button with Microsoft branding.
+Pre-styled sign-in button with Microsoft branding. Uses redirect flow by default (no popups).
 
 ```tsx
 <MicrosoftSignInButton
   variant="dark" // or "light"
   size="medium" // "small", "medium", "large"
-  useRedirect={false} // Use popup by default
+  useRedirect={true} // Default: true (full page redirect)
   onSuccess={() => console.log('Signed in!')}
 />
+
+// If you prefer popup (requires blank.html setup):
+<MicrosoftSignInButton useRedirect={false} />
 ```
 
 ### SignOutButton

package/dist/index.d.mts

@@ -41,6 +41,13 @@ interface MsalAuthConfig {
      * @default window.location.origin
      */
     redirectUri?: string;
+    /**
+     * Redirect URI for popup authentication (optional)
+     * If not specified, uses the same redirectUri as redirect flow
+     * Only set this if you want a different URI for popup (e.g., /blank.html)
+     * @default redirectUri
+     */
+    popupRedirectUri?: string;
     /**
      * Post logout redirect URI
      * @default redirectUri
@@ -151,7 +158,7 @@ interface MicrosoftSignInButtonProps {
     size?: 'small' | 'medium' | 'large';
     /**
      * Use redirect flow instead of popup
-     * @default false
+     * @default true
      */
     useRedirect?: boolean;
     /**
@@ -584,6 +591,7 @@ interface UseRolesReturn {
  */
 declare function useRoles(): UseRolesReturn;
 
+declare function getPopupRedirectUri(): string | undefined;
 declare function createMsalConfig(config: MsalAuthConfig): Configuration;
 
 interface WithAuthOptions extends Omit<AuthGuardProps, 'children'> {
@@ -931,4 +939,4 @@ interface ServerSession {
     accessToken?: string;
 }
 
-export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };
+export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, getPopupRedirectUri, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };

package/dist/index.d.ts

@@ -41,6 +41,13 @@ interface MsalAuthConfig {
      * @default window.location.origin
      */
     redirectUri?: string;
+    /**
+     * Redirect URI for popup authentication (optional)
+     * If not specified, uses the same redirectUri as redirect flow
+     * Only set this if you want a different URI for popup (e.g., /blank.html)
+     * @default redirectUri
+     */
+    popupRedirectUri?: string;
     /**
      * Post logout redirect URI
      * @default redirectUri
@@ -151,7 +158,7 @@ interface MicrosoftSignInButtonProps {
     size?: 'small' | 'medium' | 'large';
     /**
      * Use redirect flow instead of popup
-     * @default false
+     * @default true
      */
     useRedirect?: boolean;
     /**
@@ -584,6 +591,7 @@ interface UseRolesReturn {
  */
 declare function useRoles(): UseRolesReturn;
 
+declare function getPopupRedirectUri(): string | undefined;
 declare function createMsalConfig(config: MsalAuthConfig): Configuration;
 
 interface WithAuthOptions extends Omit<AuthGuardProps, 'children'> {
@@ -931,4 +939,4 @@ interface ServerSession {
     accessToken?: string;
 }
 
-export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };
+export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, getPopupRedirectUri, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };

package/dist/index.js

@@ -35,6 +35,7 @@ __export(client_exports, {
   createScopedLogger: () => createScopedLogger,
   getDebugLogger: () => getDebugLogger,
   getMsalInstance: () => getMsalInstance,
+  getPopupRedirectUri: () => getPopupRedirectUri,
   isValidAccountData: () => isValidAccountData,
   isValidRedirectUri: () => isValidRedirectUri,
   isValidScope: () => isValidScope,
@@ -105,6 +106,10 @@ function validateScopes(scopes) {
 }
 
 // src/utils/createMsalConfig.ts
+var storedPopupRedirectUri;
+function getPopupRedirectUri() {
+  return storedPopupRedirectUri;
+}
 function createMsalConfig(config) {
   if (config.msalConfig) {
     return config.msalConfig;
@@ -114,10 +119,11 @@ function createMsalConfig(config) {
     tenantId,
     authorityType = "common",
     redirectUri,
+    popupRedirectUri,
     postLogoutRedirectUri,
     cacheLocation = "sessionStorage",
     storeAuthStateInCookie = false,
-    navigateToLoginRequestUrl = true,
+    navigateToLoginRequestUrl = false,
     enableLogging = false,
     loggerCallback,
     allowedRedirectUris
@@ -136,6 +142,8 @@ function createMsalConfig(config) {
   };
   const defaultRedirectUri = typeof window !== "undefined" ? window.location.origin : "http://localhost:3000";
   const finalRedirectUri = redirectUri || defaultRedirectUri;
+  const finalPopupRedirectUri = popupRedirectUri || finalRedirectUri;
+  storedPopupRedirectUri = finalPopupRedirectUri;
   if (allowedRedirectUris && allowedRedirectUris.length > 0) {
     if (!isValidRedirectUri(finalRedirectUri, allowedRedirectUris)) {
       throw new Error(
@@ -162,6 +170,10 @@ function createMsalConfig(config) {
       storeAuthStateInCookie
     },
     system: {
+      windowHashTimeout: 6e4,
+      // Increase timeout for popup
+      iframeHashTimeout: 6e3,
+      loadFrameTimeout: 0,
       loggerOptions: {
         loggerCallback: loggerCallback || ((level, message, containsPii) => {
           if (containsPii || !enableLogging) return;
@@ -196,10 +208,17 @@ function getMsalInstance() {
 function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }) {
   const [msalInstance, setMsalInstance] = (0, import_react.useState)(null);
   const instanceRef = (0, import_react.useRef)(null);
+  const isInPopup = typeof window !== "undefined" && window.opener && window.opener !== window;
   (0, import_react.useEffect)(() => {
     if (typeof window === "undefined") {
       return;
     }
+    if (isInPopup) {
+      if (config.enableLogging) {
+        console.log("[MSAL] Detected popup window - minimal initialization");
+      }
+      return;
+    }
     if (instanceRef.current) {
       return;
     }
@@ -208,17 +227,17 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
         const msalConfig = createMsalConfig(config);
         const instance = new import_msal_browser2.PublicClientApplication(msalConfig);
         await instance.initialize();
-        const isInPopup = window.opener && window.opener !== window;
+        const isInPopup2 = window.opener && window.opener !== window;
         try {
           const response = await instance.handleRedirectPromise();
           if (response) {
             if (config.enableLogging) {
-              console.log("[MSAL] Redirect authentication successful", isInPopup ? "(popup)" : "(main)");
+              console.log("[MSAL] Redirect authentication successful", isInPopup2 ? "(popup)" : "(main)");
             }
             if (response.account) {
               instance.setActiveAccount(response.account);
             }
-            if (!isInPopup && window.location.hash) {
+            if (!isInPopup2 && window.location.hash) {
               window.history.replaceState(null, "", window.location.pathname + window.location.search);
             }
           }
@@ -234,7 +253,7 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
           } else {
             console.error("[MSAL] Redirect handling error:", redirectError);
           }
-          if (!isInPopup && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
+          if (!isInPopup2 && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
             window.history.replaceState(null, "", window.location.pathname + window.location.search);
           }
         }
@@ -290,6 +309,9 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
   if (typeof window === "undefined") {
     return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_jsx_runtime.Fragment, { children: loadingComponent || /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { children: "Loading authentication..." }) });
   }
+  if (isInPopup) {
+    return /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { style: { display: "none" }, children: "Completing authentication..." });
+  }
   if (!msalInstance) {
     return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_jsx_runtime.Fragment, { children: loadingComponent || /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { children: "Loading authentication..." }) });
   }
@@ -319,9 +341,12 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
         return;
       }
       try {
+        const popupRedirectUri = getPopupRedirectUri();
         const request = {
           scopes,
-          prompt: "select_account"
+          prompt: "select_account",
+          // Use popup-specific redirect URI (defaults to /blank.html)
+          redirectUri: popupRedirectUri
         };
         const response = await instance.loginPopup(request);
         if (response?.account) {
@@ -494,7 +519,7 @@ function MicrosoftSignInButton({
   text = "Sign in with Microsoft",
   variant = "dark",
   size = "medium",
-  useRedirect = false,
+  useRedirect = true,
   scopes,
   className = "",
   style,
@@ -1682,6 +1707,7 @@ var import_msal_react3 = require("@azure/msal-react");
   createScopedLogger,
   getDebugLogger,
   getMsalInstance,
+  getPopupRedirectUri,
   isValidAccountData,
   isValidRedirectUri,
   isValidScope,

package/dist/index.mjs

@@ -52,6 +52,10 @@ function validateScopes(scopes) {
 }
 
 // src/utils/createMsalConfig.ts
+var storedPopupRedirectUri;
+function getPopupRedirectUri() {
+  return storedPopupRedirectUri;
+}
 function createMsalConfig(config) {
   if (config.msalConfig) {
     return config.msalConfig;
@@ -61,10 +65,11 @@ function createMsalConfig(config) {
     tenantId,
     authorityType = "common",
     redirectUri,
+    popupRedirectUri,
     postLogoutRedirectUri,
     cacheLocation = "sessionStorage",
     storeAuthStateInCookie = false,
-    navigateToLoginRequestUrl = true,
+    navigateToLoginRequestUrl = false,
     enableLogging = false,
     loggerCallback,
     allowedRedirectUris
@@ -83,6 +88,8 @@ function createMsalConfig(config) {
   };
   const defaultRedirectUri = typeof window !== "undefined" ? window.location.origin : "http://localhost:3000";
   const finalRedirectUri = redirectUri || defaultRedirectUri;
+  const finalPopupRedirectUri = popupRedirectUri || finalRedirectUri;
+  storedPopupRedirectUri = finalPopupRedirectUri;
   if (allowedRedirectUris && allowedRedirectUris.length > 0) {
     if (!isValidRedirectUri(finalRedirectUri, allowedRedirectUris)) {
       throw new Error(
@@ -109,6 +116,10 @@ function createMsalConfig(config) {
       storeAuthStateInCookie
     },
     system: {
+      windowHashTimeout: 6e4,
+      // Increase timeout for popup
+      iframeHashTimeout: 6e3,
+      loadFrameTimeout: 0,
       loggerOptions: {
         loggerCallback: loggerCallback || ((level, message, containsPii) => {
           if (containsPii || !enableLogging) return;
@@ -143,10 +154,17 @@ function getMsalInstance() {
 function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }) {
   const [msalInstance, setMsalInstance] = useState(null);
   const instanceRef = useRef(null);
+  const isInPopup = typeof window !== "undefined" && window.opener && window.opener !== window;
   useEffect(() => {
     if (typeof window === "undefined") {
       return;
     }
+    if (isInPopup) {
+      if (config.enableLogging) {
+        console.log("[MSAL] Detected popup window - minimal initialization");
+      }
+      return;
+    }
     if (instanceRef.current) {
       return;
     }
@@ -155,17 +173,17 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
         const msalConfig = createMsalConfig(config);
         const instance = new PublicClientApplication(msalConfig);
         await instance.initialize();
-        const isInPopup = window.opener && window.opener !== window;
+        const isInPopup2 = window.opener && window.opener !== window;
         try {
           const response = await instance.handleRedirectPromise();
           if (response) {
             if (config.enableLogging) {
-              console.log("[MSAL] Redirect authentication successful", isInPopup ? "(popup)" : "(main)");
+              console.log("[MSAL] Redirect authentication successful", isInPopup2 ? "(popup)" : "(main)");
             }
             if (response.account) {
               instance.setActiveAccount(response.account);
             }
-            if (!isInPopup && window.location.hash) {
+            if (!isInPopup2 && window.location.hash) {
               window.history.replaceState(null, "", window.location.pathname + window.location.search);
             }
           }
@@ -181,7 +199,7 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
           } else {
             console.error("[MSAL] Redirect handling error:", redirectError);
           }
-          if (!isInPopup && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
+          if (!isInPopup2 && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
             window.history.replaceState(null, "", window.location.pathname + window.location.search);
           }
         }
@@ -237,6 +255,9 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
   if (typeof window === "undefined") {
     return /* @__PURE__ */ jsx(Fragment, { children: loadingComponent || /* @__PURE__ */ jsx("div", { children: "Loading authentication..." }) });
   }
+  if (isInPopup) {
+    return /* @__PURE__ */ jsx("div", { style: { display: "none" }, children: "Completing authentication..." });
+  }
   if (!msalInstance) {
     return /* @__PURE__ */ jsx(Fragment, { children: loadingComponent || /* @__PURE__ */ jsx("div", { children: "Loading authentication..." }) });
   }
@@ -266,9 +287,12 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
         return;
       }
       try {
+        const popupRedirectUri = getPopupRedirectUri();
         const request = {
           scopes,
-          prompt: "select_account"
+          prompt: "select_account",
+          // Use popup-specific redirect URI (defaults to /blank.html)
+          redirectUri: popupRedirectUri
         };
         const response = await instance.loginPopup(request);
         if (response?.account) {
@@ -441,7 +465,7 @@ function MicrosoftSignInButton({
   text = "Sign in with Microsoft",
   variant = "dark",
   size = "medium",
-  useRedirect = false,
+  useRedirect = true,
   scopes,
   className = "",
   style,
@@ -1628,6 +1652,7 @@ export {
   createScopedLogger,
   getDebugLogger,
   getMsalInstance,
+  getPopupRedirectUri,
   isValidAccountData,
   isValidRedirectUri,
   isValidScope,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chemmangat/msal-next",
-  "version": "3.1.2",
+  "version": "3.1.6",
   "description": "Production-grade MSAL authentication package for Next.js App Router with minimal boilerplate",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",