@chemmangat/msal-next 3.1.5 → 3.1.6

package/CHANGELOG.md

@@ -4,29 +4,55 @@ All notable changes to this project will be documented in this file.
 
 ## [3.1.5] - 2026-03-05
 
-### ✨ New Feature - Separate Popup Redirect URI
+### 🔄 Breaking Change - Redirect Flow by Default
 
-**Added `popupRedirectUri` prop** - Now you can have different redirect URIs for popup vs redirect flows!
+**MicrosoftSignInButton now uses redirect flow by default** instead of popup flow.
 
-**Changes:**
-- Added `popupRedirectUri` prop to MSALProvider (defaults to `/blank.html`)
-- `redirectUri` prop is now used only for redirect flow
-- Popup authentication automatically uses `popupRedirectUri`
-- Exported `getPopupRedirectUri()` utility function
+**Why this change?**
+- Popup flow requires additional setup (blank.html page)
+- Popup flow causes the full app to load in popup window
+- Redirect flow is simpler and works out of the box
+- Most users prefer redirect flow for better UX
+
+**Migration:**
 
-**Usage:**
+If you were using the default popup behavior:
 ```tsx
-<MSALProvider
-  clientId="..."
-  redirectUri="/auth/callback"      // For redirect flow
-  popupRedirectUri="/blank.html"    // For popup flow (default)
->
+// Before (v3.1.4 and earlier) - used popup by default
+<MicrosoftSignInButton />
+
+// After (v3.1.5) - uses redirect by default
+<MicrosoftSignInButton />  // Now redirects full page
+
+// To keep popup behavior:
+<MicrosoftSignInButton useRedirect={false} />
+```
+
+**New Default Behavior:**
+- Button redirects the entire browser window to Microsoft login
+- After authentication, redirects back to your app
+- No popup windows, no blank.html needed
+- Works with your existing Azure AD redirect URI
+
+### ✨ Optional Popup Support
+
+**Added optional `popupRedirectUri` prop** - Only use if you prefer popup flow.
+
+**For Popup Flow (Optional):**
+1. Create `public/blank.html`
+2. Add `/blank.html` to Azure AD redirect URIs
+3. Use:
+```tsx
+<MSALProvider popupRedirectUri="/blank.html">
+  <MicrosoftSignInButton useRedirect={false} />
+</MSALProvider>
 ```
 
 **Benefits:**
-- Use your custom redirect URI for redirect flow
-- Popup always uses blank.html (no full app loading in popup)
-- More flexible configuration
+- Simpler default experience (no setup required)
+- Redirect flow works out of the box
+- Popup flow still available for those who need it
+- Backward compatible (just set `useRedirect={false}`)
 
 ## [3.1.4] - 2026-03-05
 

package/README.md

@@ -91,23 +91,7 @@ npm install @chemmangat/msal-next@latest @azure/msal-browser@^4.0.0 @azure/msal-
 
 > **Important:** Use `MSALProvider` (not `MsalAuthProvider`) in your layout.tsx to avoid the "createContext only works in Client Components" error.
 
-### 1. Create blank.html for popup authentication
-
-Create `public/blank.html`:
-
-```html
-<!DOCTYPE html>
-<html>
-<head><title>Auth</title></head>
-<body></body>
-</html>
-```
-
-Add to Azure AD redirect URIs:
-- `http://localhost:3000/blank.html`
-- `https://yourdomain.com/blank.html`
-
-### 2. Wrap your app with MSALProvider
+### 1. Wrap your app with MSALProvider
 
 ```tsx
 // app/layout.tsx
@@ -120,9 +104,6 @@ export default function RootLayout({ children }) {
         <MSALProvider 
           clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
           tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
-          // Optional: specify custom redirect URIs
-          // redirectUri="/auth/callback"  // For redirect flow
-          // popupRedirectUri="/blank.html"  // For popup flow (default)
         >
           {children}
         </MSALProvider>
@@ -132,7 +113,7 @@ export default function RootLayout({ children }) {
 }
 ```
 
-### 3. Add sign-in button
+### 2. Add sign-in button
 
 ```tsx
 // app/page.tsx
@@ -153,6 +134,60 @@ export default function Home() {
 
 That's it! 🎉
 
+The button uses redirect flow by default (full page redirect to Microsoft login, then back to your app). No popups, no blank.html needed.
+
+## Optional: Fix Popup Window Issue
+
+**Important:** When using popup authentication, the popup window MUST navigate to your redirect URI to complete the OAuth flow. This is how OAuth works and cannot be avoided.
+
+By default, this means your full Next.js app will briefly load in the popup before it closes. The package detects this and renders minimal content, but you may still see a flash of your app.
+
+### Solution: Use a Blank Page (Recommended for Popup Flow)
+
+For the cleanest popup experience, create a blank HTML page:
+
+### 1. Create blank.html
+
+Create `public/blank.html`:
+
+```html
+<!DOCTYPE html>
+<html>
+<head><title>Auth</title></head>
+<body></body>
+</html>
+```
+
+### 2. Add to Azure AD
+
+Add to Azure AD redirect URIs:
+- `http://localhost:3000/blank.html`
+- `https://yourdomain.com/blank.html`
+
+### 3. Configure MSALProvider
+
+```tsx
+<MSALProvider 
+  clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
+  tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
+  popupRedirectUri="/blank.html"  // Add this line
+>
+  {children}
+</MSALProvider>
+```
+
+This ensures the popup shows only a blank page and closes immediately.
+
+### Alternative: Use Redirect Flow
+
+If you don't want to set up blank.html, use redirect flow instead:
+
+```tsx
+<MicrosoftSignInButton useRedirect={true} />
+```
+
+Redirect flow navigates the entire browser window (no popup), so there's no "app in popup" issue.
+
 ## Components
 
 ### MSALProvider (Recommended for App Router)
@@ -205,15 +240,18 @@ export function MyProviders({ children }) {
 
 ### MicrosoftSignInButton
 
-Pre-styled sign-in button with Microsoft branding.
+Pre-styled sign-in button with Microsoft branding. Uses redirect flow by default (no popups).
 
 ```tsx
 <MicrosoftSignInButton
   variant="dark" // or "light"
   size="medium" // "small", "medium", "large"
-  useRedirect={false} // Use popup by default
+  useRedirect={true} // Default: true (full page redirect)
   onSuccess={() => console.log('Signed in!')}
 />
+
+// If you prefer popup (requires blank.html setup):
+<MicrosoftSignInButton useRedirect={false} />
 ```
 
 ### SignOutButton

package/dist/index.d.mts

@@ -42,8 +42,9 @@ interface MsalAuthConfig {
      */
     redirectUri?: string;
     /**
-     * Redirect URI for popup authentication (recommended: /blank.html)
-     * If not specified, uses redirectUri
+     * Redirect URI for popup authentication (optional)
+     * If not specified, uses the same redirectUri as redirect flow
+     * Only set this if you want a different URI for popup (e.g., /blank.html)
      * @default redirectUri
      */
     popupRedirectUri?: string;
@@ -109,7 +110,7 @@ interface MsalAuthProviderProps extends MsalAuthConfig {
  * @returns The MSAL instance or null if not initialized
  */
 declare function getMsalInstance(): PublicClientApplication | null;
-declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element | null;
+declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
 
 /**
  * Pre-configured MSALProvider component for Next.js App Router layouts.
@@ -157,7 +158,7 @@ interface MicrosoftSignInButtonProps {
     size?: 'small' | 'medium' | 'large';
     /**
      * Use redirect flow instead of popup
-     * @default false
+     * @default true
      */
     useRedirect?: boolean;
     /**

package/dist/index.d.ts

@@ -42,8 +42,9 @@ interface MsalAuthConfig {
      */
     redirectUri?: string;
     /**
-     * Redirect URI for popup authentication (recommended: /blank.html)
-     * If not specified, uses redirectUri
+     * Redirect URI for popup authentication (optional)
+     * If not specified, uses the same redirectUri as redirect flow
+     * Only set this if you want a different URI for popup (e.g., /blank.html)
      * @default redirectUri
      */
     popupRedirectUri?: string;
@@ -109,7 +110,7 @@ interface MsalAuthProviderProps extends MsalAuthConfig {
  * @returns The MSAL instance or null if not initialized
  */
 declare function getMsalInstance(): PublicClientApplication | null;
-declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element | null;
+declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
 
 /**
  * Pre-configured MSALProvider component for Next.js App Router layouts.
@@ -157,7 +158,7 @@ interface MicrosoftSignInButtonProps {
     size?: 'small' | 'medium' | 'large';
     /**
      * Use redirect flow instead of popup
-     * @default false
+     * @default true
      */
     useRedirect?: boolean;
     /**

package/dist/index.js

@@ -142,8 +142,7 @@ function createMsalConfig(config) {
   };
   const defaultRedirectUri = typeof window !== "undefined" ? window.location.origin : "http://localhost:3000";
   const finalRedirectUri = redirectUri || defaultRedirectUri;
-  const defaultPopupRedirectUri = typeof window !== "undefined" ? `${window.location.origin}/blank.html` : "http://localhost:3000/blank.html";
-  const finalPopupRedirectUri = popupRedirectUri || defaultPopupRedirectUri;
+  const finalPopupRedirectUri = popupRedirectUri || finalRedirectUri;
   storedPopupRedirectUri = finalPopupRedirectUri;
   if (allowedRedirectUris && allowedRedirectUris.length > 0) {
     if (!isValidRedirectUri(finalRedirectUri, allowedRedirectUris)) {
@@ -209,12 +208,12 @@ function getMsalInstance() {
 function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }) {
   const [msalInstance, setMsalInstance] = (0, import_react.useState)(null);
   const instanceRef = (0, import_react.useRef)(null);
+  const isInPopup = typeof window !== "undefined" && window.opener && window.opener !== window;
   (0, import_react.useEffect)(() => {
     if (typeof window === "undefined") {
       return;
     }
-    const isInPopup2 = window.opener && window.opener !== window;
-    if (isInPopup2) {
+    if (isInPopup) {
       if (config.enableLogging) {
         console.log("[MSAL] Detected popup window - minimal initialization");
       }
@@ -228,17 +227,17 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
         const msalConfig = createMsalConfig(config);
         const instance = new import_msal_browser2.PublicClientApplication(msalConfig);
         await instance.initialize();
-        const isInPopup3 = window.opener && window.opener !== window;
+        const isInPopup2 = window.opener && window.opener !== window;
         try {
           const response = await instance.handleRedirectPromise();
           if (response) {
             if (config.enableLogging) {
-              console.log("[MSAL] Redirect authentication successful", isInPopup3 ? "(popup)" : "(main)");
+              console.log("[MSAL] Redirect authentication successful", isInPopup2 ? "(popup)" : "(main)");
             }
             if (response.account) {
               instance.setActiveAccount(response.account);
             }
-            if (!isInPopup3 && window.location.hash) {
+            if (!isInPopup2 && window.location.hash) {
               window.history.replaceState(null, "", window.location.pathname + window.location.search);
             }
           }
@@ -254,7 +253,7 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
           } else {
             console.error("[MSAL] Redirect handling error:", redirectError);
           }
-          if (!isInPopup3 && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
+          if (!isInPopup2 && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
             window.history.replaceState(null, "", window.location.pathname + window.location.search);
           }
         }
@@ -310,9 +309,8 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
   if (typeof window === "undefined") {
     return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_jsx_runtime.Fragment, { children: loadingComponent || /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { children: "Loading authentication..." }) });
   }
-  const isInPopup = window.opener && window.opener !== window;
   if (isInPopup) {
-    return null;
+    return /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { style: { display: "none" }, children: "Completing authentication..." });
   }
   if (!msalInstance) {
     return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_jsx_runtime.Fragment, { children: loadingComponent || /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { children: "Loading authentication..." }) });
@@ -521,7 +519,7 @@ function MicrosoftSignInButton({
   text = "Sign in with Microsoft",
   variant = "dark",
   size = "medium",
-  useRedirect = false,
+  useRedirect = true,
   scopes,
   className = "",
   style,

package/dist/index.mjs

@@ -88,8 +88,7 @@ function createMsalConfig(config) {
   };
   const defaultRedirectUri = typeof window !== "undefined" ? window.location.origin : "http://localhost:3000";
   const finalRedirectUri = redirectUri || defaultRedirectUri;
-  const defaultPopupRedirectUri = typeof window !== "undefined" ? `${window.location.origin}/blank.html` : "http://localhost:3000/blank.html";
-  const finalPopupRedirectUri = popupRedirectUri || defaultPopupRedirectUri;
+  const finalPopupRedirectUri = popupRedirectUri || finalRedirectUri;
   storedPopupRedirectUri = finalPopupRedirectUri;
   if (allowedRedirectUris && allowedRedirectUris.length > 0) {
     if (!isValidRedirectUri(finalRedirectUri, allowedRedirectUris)) {
@@ -155,12 +154,12 @@ function getMsalInstance() {
 function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }) {
   const [msalInstance, setMsalInstance] = useState(null);
   const instanceRef = useRef(null);
+  const isInPopup = typeof window !== "undefined" && window.opener && window.opener !== window;
   useEffect(() => {
     if (typeof window === "undefined") {
       return;
     }
-    const isInPopup2 = window.opener && window.opener !== window;
-    if (isInPopup2) {
+    if (isInPopup) {
       if (config.enableLogging) {
         console.log("[MSAL] Detected popup window - minimal initialization");
       }
@@ -174,17 +173,17 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
         const msalConfig = createMsalConfig(config);
         const instance = new PublicClientApplication(msalConfig);
         await instance.initialize();
-        const isInPopup3 = window.opener && window.opener !== window;
+        const isInPopup2 = window.opener && window.opener !== window;
         try {
           const response = await instance.handleRedirectPromise();
           if (response) {
             if (config.enableLogging) {
-              console.log("[MSAL] Redirect authentication successful", isInPopup3 ? "(popup)" : "(main)");
+              console.log("[MSAL] Redirect authentication successful", isInPopup2 ? "(popup)" : "(main)");
             }
             if (response.account) {
               instance.setActiveAccount(response.account);
             }
-            if (!isInPopup3 && window.location.hash) {
+            if (!isInPopup2 && window.location.hash) {
               window.history.replaceState(null, "", window.location.pathname + window.location.search);
             }
           }
@@ -200,7 +199,7 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
           } else {
             console.error("[MSAL] Redirect handling error:", redirectError);
           }
-          if (!isInPopup3 && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
+          if (!isInPopup2 && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
             window.history.replaceState(null, "", window.location.pathname + window.location.search);
           }
         }
@@ -256,9 +255,8 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
   if (typeof window === "undefined") {
     return /* @__PURE__ */ jsx(Fragment, { children: loadingComponent || /* @__PURE__ */ jsx("div", { children: "Loading authentication..." }) });
   }
-  const isInPopup = window.opener && window.opener !== window;
   if (isInPopup) {
-    return null;
+    return /* @__PURE__ */ jsx("div", { style: { display: "none" }, children: "Completing authentication..." });
   }
   if (!msalInstance) {
     return /* @__PURE__ */ jsx(Fragment, { children: loadingComponent || /* @__PURE__ */ jsx("div", { children: "Loading authentication..." }) });
@@ -467,7 +465,7 @@ function MicrosoftSignInButton({
   text = "Sign in with Microsoft",
   variant = "dark",
   size = "medium",
-  useRedirect = false,
+  useRedirect = true,
   scopes,
   className = "",
   style,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chemmangat/msal-next",
-  "version": "3.1.5",
+  "version": "3.1.6",
   "description": "Production-grade MSAL authentication package for Next.js App Router with minimal boilerplate",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",