@chemmangat/msal-next 3.1.5 → 3.1.7

package/CHANGELOG.md

@@ -2,31 +2,54 @@
 
 All notable changes to this project will be documented in this file.
 
-## [3.1.5] - 2026-03-05
+## [3.1.6] - 2026-03-05
 
-### ✨ New Feature - Separate Popup Redirect URI
+### 🔄 Breaking Change - Redirect-Only Flow
 
-**Added `popupRedirectUri` prop** - Now you can have different redirect URIs for popup vs redirect flows!
+**Removed all popup authentication support** - Package now only supports redirect flow for cleaner, simpler authentication.
 
-**Changes:**
-- Added `popupRedirectUri` prop to MSALProvider (defaults to `/blank.html`)
-- `redirectUri` prop is now used only for redirect flow
-- Popup authentication automatically uses `popupRedirectUri`
-- Exported `getPopupRedirectUri()` utility function
+**Why this change?**
+- Popup flow had persistent issues (full app loading in popup, logout popups, etc.)
+- Redirect flow is simpler, more reliable, and works out of the box
+- No need for blank.html or special Azure AD configuration
+- Better user experience with full-page redirects
+
+**What was removed:**
+- `loginPopup()` method
+- `logoutPopup()` method  
+- `acquireTokenPopup()` method
+- `useRedirect` prop from MicrosoftSignInButton
+- `useRedirect` prop from SignOutButton
+- `popupRedirectUri` configuration option
+- `getPopupRedirectUri()` utility
+- All popup-related code and configuration
+
+**Migration:**
 
-**Usage:**
 ```tsx
-<MSALProvider
-  clientId="..."
-  redirectUri="/auth/callback"      // For redirect flow
-  popupRedirectUri="/blank.html"    // For popup flow (default)
->
+// Before (v3.1.4 and earlier)
+const { loginPopup, logoutPopup } = useMsalAuth();
+await loginPopup();
+await logoutPopup();
+
+<MicrosoftSignInButton useRedirect={false} />
+<SignOutButton useRedirect={false} />
+
+// After (v3.1.5) - redirect only
+const { loginRedirect, logoutRedirect } = useMsalAuth();
+await loginRedirect();
+await logoutRedirect();
+
+<MicrosoftSignInButton />
+<SignOutButton />
 ```
 
 **Benefits:**
-- Use your custom redirect URI for redirect flow
-- Popup always uses blank.html (no full app loading in popup)
-- More flexible configuration
+- Simpler API - no popup vs redirect decisions
+- No popup-related bugs or issues
+- Works perfectly out of the box
+- Cleaner codebase and smaller bundle size
+- Better user experience
 
 ## [3.1.4] - 2026-03-05
 

package/README.md

@@ -5,7 +5,7 @@ Production-grade MSAL authentication library for Next.js App Router with minimal
 [![npm version](https://badge.fury.io/js/@chemmangat%2Fmsal-next.svg)](https://www.npmjs.com/package/@chemmangat/msal-next)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
-> **📦 Current Version: 3.1.5** - Separate popup redirect URI support. [See changelog](./CHANGELOG.md)
+> **📦 Current Version: 3.1.6** - Redirect-only authentication (popup support removed). [See changelog](./CHANGELOG.md)
 
 > **⚠️ Important:** If you're on v3.0.6 or v3.0.7, please update immediately - those versions have a critical popup authentication bug.
 
@@ -91,23 +91,7 @@ npm install @chemmangat/msal-next@latest @azure/msal-browser@^4.0.0 @azure/msal-
 
 > **Important:** Use `MSALProvider` (not `MsalAuthProvider`) in your layout.tsx to avoid the "createContext only works in Client Components" error.
 
-### 1. Create blank.html for popup authentication
-
-Create `public/blank.html`:
-
-```html
-<!DOCTYPE html>
-<html>
-<head><title>Auth</title></head>
-<body></body>
-</html>
-```
-
-Add to Azure AD redirect URIs:
-- `http://localhost:3000/blank.html`
-- `https://yourdomain.com/blank.html`
-
-### 2. Wrap your app with MSALProvider
+### 1. Wrap your app with MSALProvider
 
 ```tsx
 // app/layout.tsx
@@ -120,9 +104,6 @@ export default function RootLayout({ children }) {
         <MSALProvider 
           clientId={process.env.NEXT_PUBLIC_AZURE_AD_CLIENT_ID!}
           tenantId={process.env.NEXT_PUBLIC_AZURE_AD_TENANT_ID!}
-          // Optional: specify custom redirect URIs
-          // redirectUri="/auth/callback"  // For redirect flow
-          // popupRedirectUri="/blank.html"  // For popup flow (default)
         >
           {children}
         </MSALProvider>
@@ -132,7 +113,7 @@ export default function RootLayout({ children }) {
 }
 ```
 
-### 3. Add sign-in button
+### 2. Add sign-in button
 
 ```tsx
 // app/page.tsx
@@ -153,6 +134,8 @@ export default function Home() {
 
 That's it! 🎉
 
+The button uses redirect flow (full page redirect to Microsoft login, then back to your app). Simple and clean.
+
 ## Components
 
 ### MSALProvider (Recommended for App Router)
@@ -205,13 +188,12 @@ export function MyProviders({ children }) {
 
 ### MicrosoftSignInButton
 
-Pre-styled sign-in button with Microsoft branding.
+Pre-styled sign-in button with Microsoft branding. Uses redirect flow (full page redirect to Microsoft login).
 
 ```tsx
 <MicrosoftSignInButton
   variant="dark" // or "light"
   size="medium" // "small", "medium", "large"
-  useRedirect={false} // Use popup by default
   onSuccess={() => console.log('Signed in!')}
 />
 ```
@@ -294,21 +276,19 @@ const {
   account,
   isAuthenticated,
   inProgress,
-  loginPopup,
   loginRedirect,
-  logoutPopup,
   logoutRedirect,
   acquireToken,
 } = useMsalAuth();
 
-// Login
-await loginPopup(['User.Read']);
+// Login (redirects to Microsoft)
+await loginRedirect(['User.Read']);
 
 // Get token
 const token = await acquireToken(['User.Read']);
 
-// Logout
-await logoutPopup();
+// Logout (redirects to Microsoft)
+await logoutRedirect();
 ```
 
 ### useGraphApi

package/dist/index.d.mts

@@ -41,12 +41,6 @@ interface MsalAuthConfig {
      * @default window.location.origin
      */
     redirectUri?: string;
-    /**
-     * Redirect URI for popup authentication (recommended: /blank.html)
-     * If not specified, uses redirectUri
-     * @default redirectUri
-     */
-    popupRedirectUri?: string;
     /**
      * Post logout redirect URI
      * @default redirectUri
@@ -109,7 +103,7 @@ interface MsalAuthProviderProps extends MsalAuthConfig {
  * @returns The MSAL instance or null if not initialized
  */
 declare function getMsalInstance(): PublicClientApplication | null;
-declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element | null;
+declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
 
 /**
  * Pre-configured MSALProvider component for Next.js App Router layouts.
@@ -155,11 +149,6 @@ interface MicrosoftSignInButtonProps {
      * @default 'medium'
      */
     size?: 'small' | 'medium' | 'large';
-    /**
-     * Use redirect flow instead of popup
-     * @default false
-     */
-    useRedirect?: boolean;
     /**
      * Scopes to request
      */
@@ -181,7 +170,7 @@ interface MicrosoftSignInButtonProps {
      */
     onError?: (error: Error) => void;
 }
-declare function MicrosoftSignInButton({ text, variant, size, useRedirect, scopes, className, style, onSuccess, onError, }: MicrosoftSignInButtonProps): react_jsx_runtime.JSX.Element;
+declare function MicrosoftSignInButton({ text, variant, size, scopes, className, style, onSuccess, onError, }: MicrosoftSignInButtonProps): react_jsx_runtime.JSX.Element;
 
 interface SignOutButtonProps {
     /**
@@ -199,11 +188,6 @@ interface SignOutButtonProps {
      * @default 'medium'
      */
     size?: 'small' | 'medium' | 'large';
-    /**
-     * Use redirect flow instead of popup
-     * @default false
-     */
-    useRedirect?: boolean;
     /**
      * Custom className
      */
@@ -223,13 +207,14 @@ interface SignOutButtonProps {
 }
 /**
  * SignOutButton component with Microsoft branding
+ * Uses redirect flow (full page redirect)
  *
  * @example
  * ```tsx
  * <SignOutButton variant="light" />
  * ```
  */
-declare function SignOutButton({ text, variant, size, useRedirect, className, style, onSuccess, onError, }: SignOutButtonProps): react_jsx_runtime.JSX.Element;
+declare function SignOutButton({ text, variant, size, className, style, onSuccess, onError, }: SignOutButtonProps): react_jsx_runtime.JSX.Element;
 
 interface UserAvatarProps {
     /**
@@ -315,11 +300,6 @@ interface AuthGuardProps {
      * Component to show when not authenticated (before redirect)
      */
     fallbackComponent?: ReactNode;
-    /**
-     * Use redirect flow instead of popup
-     * @default true
-     */
-    useRedirect?: boolean;
     /**
      * Scopes to request during authentication
      */
@@ -339,7 +319,7 @@ interface AuthGuardProps {
  * </AuthGuard>
  * ```
  */
-declare function AuthGuard({ children, loadingComponent, fallbackComponent, useRedirect, scopes, onAuthRequired, }: AuthGuardProps): react_jsx_runtime.JSX.Element;
+declare function AuthGuard({ children, loadingComponent, fallbackComponent, scopes, onAuthRequired, }: AuthGuardProps): react_jsx_runtime.JSX.Element;
 
 interface ErrorBoundaryProps {
     /**
@@ -401,34 +381,22 @@ interface UseMsalAuthReturn {
      * Whether MSAL is currently performing an interaction
      */
     inProgress: boolean;
-    /**
-     * Login using popup
-     */
-    loginPopup: (scopes?: string[]) => Promise<void>;
     /**
      * Login using redirect
      */
     loginRedirect: (scopes?: string[]) => Promise<void>;
-    /**
-     * Logout using popup
-     */
-    logoutPopup: () => Promise<void>;
     /**
      * Logout using redirect
      */
     logoutRedirect: () => Promise<void>;
     /**
-     * Acquire access token silently (with fallback to popup)
+     * Acquire access token silently
      */
     acquireToken: (scopes: string[]) => Promise<string>;
     /**
      * Acquire access token silently only (no fallback)
      */
     acquireTokenSilent: (scopes: string[]) => Promise<string>;
-    /**
-     * Acquire access token using popup
-     */
-    acquireTokenPopup: (scopes: string[]) => Promise<string>;
     /**
      * Acquire access token using redirect
      */
@@ -590,7 +558,6 @@ interface UseRolesReturn {
  */
 declare function useRoles(): UseRolesReturn;
 
-declare function getPopupRedirectUri(): string | undefined;
 declare function createMsalConfig(config: MsalAuthConfig): Configuration;
 
 interface WithAuthOptions extends Omit<AuthGuardProps, 'children'> {
@@ -938,4 +905,4 @@ interface ServerSession {
     accessToken?: string;
 }
 
-export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, getPopupRedirectUri, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };
+export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };

package/dist/index.d.ts

@@ -41,12 +41,6 @@ interface MsalAuthConfig {
      * @default window.location.origin
      */
     redirectUri?: string;
-    /**
-     * Redirect URI for popup authentication (recommended: /blank.html)
-     * If not specified, uses redirectUri
-     * @default redirectUri
-     */
-    popupRedirectUri?: string;
     /**
      * Post logout redirect URI
      * @default redirectUri
@@ -109,7 +103,7 @@ interface MsalAuthProviderProps extends MsalAuthConfig {
  * @returns The MSAL instance or null if not initialized
  */
 declare function getMsalInstance(): PublicClientApplication | null;
-declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element | null;
+declare function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config }: MsalAuthProviderProps): react_jsx_runtime.JSX.Element;
 
 /**
  * Pre-configured MSALProvider component for Next.js App Router layouts.
@@ -155,11 +149,6 @@ interface MicrosoftSignInButtonProps {
      * @default 'medium'
      */
     size?: 'small' | 'medium' | 'large';
-    /**
-     * Use redirect flow instead of popup
-     * @default false
-     */
-    useRedirect?: boolean;
     /**
      * Scopes to request
      */
@@ -181,7 +170,7 @@ interface MicrosoftSignInButtonProps {
      */
     onError?: (error: Error) => void;
 }
-declare function MicrosoftSignInButton({ text, variant, size, useRedirect, scopes, className, style, onSuccess, onError, }: MicrosoftSignInButtonProps): react_jsx_runtime.JSX.Element;
+declare function MicrosoftSignInButton({ text, variant, size, scopes, className, style, onSuccess, onError, }: MicrosoftSignInButtonProps): react_jsx_runtime.JSX.Element;
 
 interface SignOutButtonProps {
     /**
@@ -199,11 +188,6 @@ interface SignOutButtonProps {
      * @default 'medium'
      */
     size?: 'small' | 'medium' | 'large';
-    /**
-     * Use redirect flow instead of popup
-     * @default false
-     */
-    useRedirect?: boolean;
     /**
      * Custom className
      */
@@ -223,13 +207,14 @@ interface SignOutButtonProps {
 }
 /**
  * SignOutButton component with Microsoft branding
+ * Uses redirect flow (full page redirect)
  *
  * @example
  * ```tsx
  * <SignOutButton variant="light" />
  * ```
  */
-declare function SignOutButton({ text, variant, size, useRedirect, className, style, onSuccess, onError, }: SignOutButtonProps): react_jsx_runtime.JSX.Element;
+declare function SignOutButton({ text, variant, size, className, style, onSuccess, onError, }: SignOutButtonProps): react_jsx_runtime.JSX.Element;
 
 interface UserAvatarProps {
     /**
@@ -315,11 +300,6 @@ interface AuthGuardProps {
      * Component to show when not authenticated (before redirect)
      */
     fallbackComponent?: ReactNode;
-    /**
-     * Use redirect flow instead of popup
-     * @default true
-     */
-    useRedirect?: boolean;
     /**
      * Scopes to request during authentication
      */
@@ -339,7 +319,7 @@ interface AuthGuardProps {
  * </AuthGuard>
  * ```
  */
-declare function AuthGuard({ children, loadingComponent, fallbackComponent, useRedirect, scopes, onAuthRequired, }: AuthGuardProps): react_jsx_runtime.JSX.Element;
+declare function AuthGuard({ children, loadingComponent, fallbackComponent, scopes, onAuthRequired, }: AuthGuardProps): react_jsx_runtime.JSX.Element;
 
 interface ErrorBoundaryProps {
     /**
@@ -401,34 +381,22 @@ interface UseMsalAuthReturn {
      * Whether MSAL is currently performing an interaction
      */
     inProgress: boolean;
-    /**
-     * Login using popup
-     */
-    loginPopup: (scopes?: string[]) => Promise<void>;
     /**
      * Login using redirect
      */
     loginRedirect: (scopes?: string[]) => Promise<void>;
-    /**
-     * Logout using popup
-     */
-    logoutPopup: () => Promise<void>;
     /**
      * Logout using redirect
      */
     logoutRedirect: () => Promise<void>;
     /**
-     * Acquire access token silently (with fallback to popup)
+     * Acquire access token silently
      */
     acquireToken: (scopes: string[]) => Promise<string>;
     /**
      * Acquire access token silently only (no fallback)
      */
     acquireTokenSilent: (scopes: string[]) => Promise<string>;
-    /**
-     * Acquire access token using popup
-     */
-    acquireTokenPopup: (scopes: string[]) => Promise<string>;
     /**
      * Acquire access token using redirect
      */
@@ -590,7 +558,6 @@ interface UseRolesReturn {
  */
 declare function useRoles(): UseRolesReturn;
 
-declare function getPopupRedirectUri(): string | undefined;
 declare function createMsalConfig(config: MsalAuthConfig): Configuration;
 
 interface WithAuthOptions extends Omit<AuthGuardProps, 'children'> {
@@ -938,4 +905,4 @@ interface ServerSession {
     accessToken?: string;
 }
 
-export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, getPopupRedirectUri, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };
+export { AuthGuard, type AuthGuardProps, type AuthMiddlewareConfig, AuthStatus, type AuthStatusProps, type CustomTokenClaims, type DebugLoggerConfig, ErrorBoundary, type ErrorBoundaryProps, type GraphApiOptions, MSALProvider, MicrosoftSignInButton, type MicrosoftSignInButtonProps, type MsalAuthConfig, MsalAuthProvider, type MsalAuthProviderProps, type RetryConfig, type ServerSession, SignOutButton, type SignOutButtonProps, type UseGraphApiReturn, type UseMsalAuthReturn, type UseRolesReturn, type UseUserProfileReturn, UserAvatar, type UserAvatarProps, type UserProfile, type ValidatedAccountData, type WithAuthOptions, createAuthMiddleware, createMsalConfig, createRetryWrapper, createScopedLogger, getDebugLogger, getMsalInstance, isValidAccountData, isValidRedirectUri, isValidScope, retryWithBackoff, safeJsonParse, sanitizeError, useGraphApi, useMsalAuth, useRoles, useUserProfile, validateScopes, withAuth };

package/dist/index.js

@@ -35,7 +35,6 @@ __export(client_exports, {
   createScopedLogger: () => createScopedLogger,
   getDebugLogger: () => getDebugLogger,
   getMsalInstance: () => getMsalInstance,
-  getPopupRedirectUri: () => getPopupRedirectUri,
   isValidAccountData: () => isValidAccountData,
   isValidRedirectUri: () => isValidRedirectUri,
   isValidScope: () => isValidScope,
@@ -106,10 +105,6 @@ function validateScopes(scopes) {
 }
 
 // src/utils/createMsalConfig.ts
-var storedPopupRedirectUri;
-function getPopupRedirectUri() {
-  return storedPopupRedirectUri;
-}
 function createMsalConfig(config) {
   if (config.msalConfig) {
     return config.msalConfig;
@@ -119,7 +114,6 @@ function createMsalConfig(config) {
     tenantId,
     authorityType = "common",
     redirectUri,
-    popupRedirectUri,
     postLogoutRedirectUri,
     cacheLocation = "sessionStorage",
     storeAuthStateInCookie = false,
@@ -142,9 +136,6 @@ function createMsalConfig(config) {
   };
   const defaultRedirectUri = typeof window !== "undefined" ? window.location.origin : "http://localhost:3000";
   const finalRedirectUri = redirectUri || defaultRedirectUri;
-  const defaultPopupRedirectUri = typeof window !== "undefined" ? `${window.location.origin}/blank.html` : "http://localhost:3000/blank.html";
-  const finalPopupRedirectUri = popupRedirectUri || defaultPopupRedirectUri;
-  storedPopupRedirectUri = finalPopupRedirectUri;
   if (allowedRedirectUris && allowedRedirectUris.length > 0) {
     if (!isValidRedirectUri(finalRedirectUri, allowedRedirectUris)) {
       throw new Error(
@@ -171,10 +162,6 @@ function createMsalConfig(config) {
       storeAuthStateInCookie
     },
     system: {
-      windowHashTimeout: 6e4,
-      // Increase timeout for popup
-      iframeHashTimeout: 6e3,
-      loadFrameTimeout: 0,
       loggerOptions: {
         loggerCallback: loggerCallback || ((level, message, containsPii) => {
           if (containsPii || !enableLogging) return;
@@ -213,13 +200,6 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
     if (typeof window === "undefined") {
       return;
     }
-    const isInPopup2 = window.opener && window.opener !== window;
-    if (isInPopup2) {
-      if (config.enableLogging) {
-        console.log("[MSAL] Detected popup window - minimal initialization");
-      }
-      return;
-    }
     if (instanceRef.current) {
       return;
     }
@@ -228,17 +208,16 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
         const msalConfig = createMsalConfig(config);
         const instance = new import_msal_browser2.PublicClientApplication(msalConfig);
         await instance.initialize();
-        const isInPopup3 = window.opener && window.opener !== window;
         try {
           const response = await instance.handleRedirectPromise();
           if (response) {
             if (config.enableLogging) {
-              console.log("[MSAL] Redirect authentication successful", isInPopup3 ? "(popup)" : "(main)");
+              console.log("[MSAL] Redirect authentication successful");
             }
             if (response.account) {
               instance.setActiveAccount(response.account);
             }
-            if (!isInPopup3 && window.location.hash) {
+            if (window.location.hash) {
               window.history.replaceState(null, "", window.location.pathname + window.location.search);
             }
           }
@@ -254,7 +233,7 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
           } else {
             console.error("[MSAL] Redirect handling error:", redirectError);
           }
-          if (!isInPopup3 && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
+          if (window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
             window.history.replaceState(null, "", window.location.pathname + window.location.search);
           }
         }
@@ -310,10 +289,6 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
   if (typeof window === "undefined") {
     return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_jsx_runtime.Fragment, { children: loadingComponent || /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { children: "Loading authentication..." }) });
   }
-  const isInPopup = window.opener && window.opener !== window;
-  if (isInPopup) {
-    return null;
-  }
   if (!msalInstance) {
     return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(import_jsx_runtime.Fragment, { children: loadingComponent || /* @__PURE__ */ (0, import_jsx_runtime.jsx)("div", { children: "Loading authentication..." }) });
   }
@@ -334,37 +309,7 @@ var pendingTokenRequests = /* @__PURE__ */ new Map();
 function useMsalAuth(defaultScopes = ["User.Read"]) {
   const { instance, accounts, inProgress } = (0, import_msal_react2.useMsal)();
   const account = (0, import_msal_react2.useAccount)(accounts[0] || null);
-  const popupInProgressRef = (0, import_react2.useRef)(false);
   const isAuthenticated = (0, import_react2.useMemo)(() => accounts.length > 0, [accounts]);
-  const loginPopup = (0, import_react2.useCallback)(
-    async (scopes = defaultScopes) => {
-      if (inProgress !== import_msal_browser3.InteractionStatus.None) {
-        console.warn("[MSAL] Interaction already in progress");
-        return;
-      }
-      try {
-        const popupRedirectUri = getPopupRedirectUri();
-        const request = {
-          scopes,
-          prompt: "select_account",
-          // Use popup-specific redirect URI (defaults to /blank.html)
-          redirectUri: popupRedirectUri
-        };
-        const response = await instance.loginPopup(request);
-        if (response?.account) {
-          instance.setActiveAccount(response.account);
-        }
-      } catch (error) {
-        if (error?.errorCode === "user_cancelled") {
-          console.log("[MSAL] User cancelled login");
-          return;
-        }
-        console.error("[MSAL] Login popup failed:", error);
-        throw error;
-      }
-    },
-    [instance, defaultScopes, inProgress]
-  );
   const loginRedirect = (0, import_react2.useCallback)(
     async (scopes = defaultScopes) => {
       if (inProgress !== import_msal_browser3.InteractionStatus.None) {
@@ -388,16 +333,6 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
     },
     [instance, defaultScopes, inProgress]
   );
-  const logoutPopup = (0, import_react2.useCallback)(async () => {
-    try {
-      await instance.logoutPopup({
-        account: account || void 0
-      });
-    } catch (error) {
-      console.error("[MSAL] Logout popup failed:", error);
-      throw error;
-    }
-  }, [instance, account]);
   const logoutRedirect = (0, import_react2.useCallback)(async () => {
     try {
       await instance.logoutRedirect({
@@ -428,31 +363,6 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
     },
     [instance, account, defaultScopes]
   );
-  const acquireTokenPopup = (0, import_react2.useCallback)(
-    async (scopes = defaultScopes) => {
-      if (!account) {
-        throw new Error("[MSAL] No active account. Please login first.");
-      }
-      if (popupInProgressRef.current) {
-        throw new Error("[MSAL] Popup already in progress. Please wait.");
-      }
-      try {
-        popupInProgressRef.current = true;
-        const request = {
-          scopes,
-          account
-        };
-        const response = await instance.acquireTokenPopup(request);
-        return response.accessToken;
-      } catch (error) {
-        console.error("[MSAL] Token popup acquisition failed:", error);
-        throw error;
-      } finally {
-        popupInProgressRef.current = false;
-      }
-    },
-    [instance, account, defaultScopes]
-  );
   const acquireTokenRedirect = (0, import_react2.useCallback)(
     async (scopes = defaultScopes) => {
       if (!account) {
@@ -482,8 +392,9 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
         try {
           return await acquireTokenSilent(scopes);
         } catch (error) {
-          console.warn("[MSAL] Silent token acquisition failed, falling back to popup");
-          return await acquireTokenPopup(scopes);
+          console.warn("[MSAL] Silent token acquisition failed, falling back to redirect");
+          await acquireTokenRedirect(scopes);
+          throw new Error("[MSAL] Redirecting for token acquisition");
         } finally {
           pendingTokenRequests.delete(requestKey);
         }
@@ -491,7 +402,7 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
       pendingTokenRequests.set(requestKey, tokenRequest);
       return tokenRequest;
     },
-    [acquireTokenSilent, acquireTokenPopup, defaultScopes, account]
+    [acquireTokenSilent, acquireTokenRedirect, defaultScopes, account]
   );
   const clearSession = (0, import_react2.useCallback)(async () => {
     instance.setActiveAccount(null);
@@ -502,13 +413,10 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
     accounts,
     isAuthenticated,
     inProgress: inProgress !== import_msal_browser3.InteractionStatus.None,
-    loginPopup,
     loginRedirect,
-    logoutPopup,
     logoutRedirect,
     acquireToken,
     acquireTokenSilent,
-    acquireTokenPopup,
     acquireTokenRedirect,
     clearSession
   };
@@ -521,23 +429,18 @@ function MicrosoftSignInButton({
   text = "Sign in with Microsoft",
   variant = "dark",
   size = "medium",
-  useRedirect = false,
   scopes,
   className = "",
   style,
   onSuccess,
   onError
 }) {
-  const { loginPopup, loginRedirect, inProgress } = useMsalAuth();
+  const { loginRedirect, inProgress } = useMsalAuth();
   const [isLoading, setIsLoading] = (0, import_react3.useState)(false);
   const handleClick = async () => {
     setIsLoading(true);
     try {
-      if (useRedirect) {
-        await loginRedirect(scopes);
-      } else {
-        await loginPopup(scopes);
-      }
+      await loginRedirect(scopes);
       onSuccess?.();
     } catch (error) {
       onError?.(error);
@@ -620,20 +523,15 @@ function SignOutButton({
   text = "Sign out",
   variant = "dark",
   size = "medium",
-  useRedirect = false,
   className = "",
   style,
   onSuccess,
   onError
 }) {
-  const { logoutPopup, logoutRedirect, inProgress } = useMsalAuth();
+  const { logoutRedirect, inProgress } = useMsalAuth();
   const handleClick = async () => {
     try {
-      if (useRedirect) {
-        await logoutRedirect();
-      } else {
-        await logoutPopup();
-      }
+      await logoutRedirect();
       onSuccess?.();
     } catch (error) {
       onError?.(error);
@@ -1118,28 +1016,23 @@ function AuthGuard({
   children,
   loadingComponent,
   fallbackComponent,
-  useRedirect = true,
   scopes,
   onAuthRequired
 }) {
-  const { isAuthenticated, inProgress, loginRedirect, loginPopup } = useMsalAuth();
+  const { isAuthenticated, inProgress, loginRedirect } = useMsalAuth();
   (0, import_react7.useEffect)(() => {
     if (!isAuthenticated && !inProgress) {
       onAuthRequired?.();
       const login = async () => {
         try {
-          if (useRedirect) {
-            await loginRedirect(scopes);
-          } else {
-            await loginPopup(scopes);
-          }
+          await loginRedirect(scopes);
         } catch (error) {
           console.error("[AuthGuard] Authentication failed:", error);
         }
       };
       login();
     }
-  }, [isAuthenticated, inProgress, useRedirect, scopes, loginRedirect, loginPopup, onAuthRequired]);
+  }, [isAuthenticated, inProgress, scopes, loginRedirect, onAuthRequired]);
   if (inProgress) {
     return /* @__PURE__ */ (0, import_jsx_runtime7.jsx)(import_jsx_runtime7.Fragment, { children: loadingComponent || /* @__PURE__ */ (0, import_jsx_runtime7.jsx)("div", { children: "Authenticating..." }) });
   }
@@ -1709,7 +1602,6 @@ var import_msal_react3 = require("@azure/msal-react");
   createScopedLogger,
   getDebugLogger,
   getMsalInstance,
-  getPopupRedirectUri,
   isValidAccountData,
   isValidRedirectUri,
   isValidScope,

package/dist/index.mjs

@@ -52,10 +52,6 @@ function validateScopes(scopes) {
 }
 
 // src/utils/createMsalConfig.ts
-var storedPopupRedirectUri;
-function getPopupRedirectUri() {
-  return storedPopupRedirectUri;
-}
 function createMsalConfig(config) {
   if (config.msalConfig) {
     return config.msalConfig;
@@ -65,7 +61,6 @@ function createMsalConfig(config) {
     tenantId,
     authorityType = "common",
     redirectUri,
-    popupRedirectUri,
     postLogoutRedirectUri,
     cacheLocation = "sessionStorage",
     storeAuthStateInCookie = false,
@@ -88,9 +83,6 @@ function createMsalConfig(config) {
   };
   const defaultRedirectUri = typeof window !== "undefined" ? window.location.origin : "http://localhost:3000";
   const finalRedirectUri = redirectUri || defaultRedirectUri;
-  const defaultPopupRedirectUri = typeof window !== "undefined" ? `${window.location.origin}/blank.html` : "http://localhost:3000/blank.html";
-  const finalPopupRedirectUri = popupRedirectUri || defaultPopupRedirectUri;
-  storedPopupRedirectUri = finalPopupRedirectUri;
   if (allowedRedirectUris && allowedRedirectUris.length > 0) {
     if (!isValidRedirectUri(finalRedirectUri, allowedRedirectUris)) {
       throw new Error(
@@ -117,10 +109,6 @@ function createMsalConfig(config) {
       storeAuthStateInCookie
     },
     system: {
-      windowHashTimeout: 6e4,
-      // Increase timeout for popup
-      iframeHashTimeout: 6e3,
-      loadFrameTimeout: 0,
       loggerOptions: {
         loggerCallback: loggerCallback || ((level, message, containsPii) => {
           if (containsPii || !enableLogging) return;
@@ -159,13 +147,6 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
     if (typeof window === "undefined") {
       return;
     }
-    const isInPopup2 = window.opener && window.opener !== window;
-    if (isInPopup2) {
-      if (config.enableLogging) {
-        console.log("[MSAL] Detected popup window - minimal initialization");
-      }
-      return;
-    }
     if (instanceRef.current) {
       return;
     }
@@ -174,17 +155,16 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
         const msalConfig = createMsalConfig(config);
         const instance = new PublicClientApplication(msalConfig);
         await instance.initialize();
-        const isInPopup3 = window.opener && window.opener !== window;
         try {
           const response = await instance.handleRedirectPromise();
           if (response) {
             if (config.enableLogging) {
-              console.log("[MSAL] Redirect authentication successful", isInPopup3 ? "(popup)" : "(main)");
+              console.log("[MSAL] Redirect authentication successful");
             }
             if (response.account) {
               instance.setActiveAccount(response.account);
             }
-            if (!isInPopup3 && window.location.hash) {
+            if (window.location.hash) {
               window.history.replaceState(null, "", window.location.pathname + window.location.search);
             }
           }
@@ -200,7 +180,7 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
           } else {
             console.error("[MSAL] Redirect handling error:", redirectError);
           }
-          if (!isInPopup3 && window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
+          if (window.location.hash && (window.location.hash.includes("code=") || window.location.hash.includes("error="))) {
             window.history.replaceState(null, "", window.location.pathname + window.location.search);
           }
         }
@@ -256,10 +236,6 @@ function MsalAuthProvider({ children, loadingComponent, onInitialized, ...config
   if (typeof window === "undefined") {
     return /* @__PURE__ */ jsx(Fragment, { children: loadingComponent || /* @__PURE__ */ jsx("div", { children: "Loading authentication..." }) });
   }
-  const isInPopup = window.opener && window.opener !== window;
-  if (isInPopup) {
-    return null;
-  }
   if (!msalInstance) {
     return /* @__PURE__ */ jsx(Fragment, { children: loadingComponent || /* @__PURE__ */ jsx("div", { children: "Loading authentication..." }) });
   }
@@ -275,42 +251,12 @@ function MSALProvider({ children, ...props }) {
 // src/hooks/useMsalAuth.ts
 import { useMsal, useAccount } from "@azure/msal-react";
 import { InteractionStatus } from "@azure/msal-browser";
-import { useCallback, useMemo, useRef as useRef2 } from "react";
+import { useCallback, useMemo } from "react";
 var pendingTokenRequests = /* @__PURE__ */ new Map();
 function useMsalAuth(defaultScopes = ["User.Read"]) {
   const { instance, accounts, inProgress } = useMsal();
   const account = useAccount(accounts[0] || null);
-  const popupInProgressRef = useRef2(false);
   const isAuthenticated = useMemo(() => accounts.length > 0, [accounts]);
-  const loginPopup = useCallback(
-    async (scopes = defaultScopes) => {
-      if (inProgress !== InteractionStatus.None) {
-        console.warn("[MSAL] Interaction already in progress");
-        return;
-      }
-      try {
-        const popupRedirectUri = getPopupRedirectUri();
-        const request = {
-          scopes,
-          prompt: "select_account",
-          // Use popup-specific redirect URI (defaults to /blank.html)
-          redirectUri: popupRedirectUri
-        };
-        const response = await instance.loginPopup(request);
-        if (response?.account) {
-          instance.setActiveAccount(response.account);
-        }
-      } catch (error) {
-        if (error?.errorCode === "user_cancelled") {
-          console.log("[MSAL] User cancelled login");
-          return;
-        }
-        console.error("[MSAL] Login popup failed:", error);
-        throw error;
-      }
-    },
-    [instance, defaultScopes, inProgress]
-  );
   const loginRedirect = useCallback(
     async (scopes = defaultScopes) => {
       if (inProgress !== InteractionStatus.None) {
@@ -334,16 +280,6 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
     },
     [instance, defaultScopes, inProgress]
   );
-  const logoutPopup = useCallback(async () => {
-    try {
-      await instance.logoutPopup({
-        account: account || void 0
-      });
-    } catch (error) {
-      console.error("[MSAL] Logout popup failed:", error);
-      throw error;
-    }
-  }, [instance, account]);
   const logoutRedirect = useCallback(async () => {
     try {
       await instance.logoutRedirect({
@@ -374,31 +310,6 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
     },
     [instance, account, defaultScopes]
   );
-  const acquireTokenPopup = useCallback(
-    async (scopes = defaultScopes) => {
-      if (!account) {
-        throw new Error("[MSAL] No active account. Please login first.");
-      }
-      if (popupInProgressRef.current) {
-        throw new Error("[MSAL] Popup already in progress. Please wait.");
-      }
-      try {
-        popupInProgressRef.current = true;
-        const request = {
-          scopes,
-          account
-        };
-        const response = await instance.acquireTokenPopup(request);
-        return response.accessToken;
-      } catch (error) {
-        console.error("[MSAL] Token popup acquisition failed:", error);
-        throw error;
-      } finally {
-        popupInProgressRef.current = false;
-      }
-    },
-    [instance, account, defaultScopes]
-  );
   const acquireTokenRedirect = useCallback(
     async (scopes = defaultScopes) => {
       if (!account) {
@@ -428,8 +339,9 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
         try {
           return await acquireTokenSilent(scopes);
         } catch (error) {
-          console.warn("[MSAL] Silent token acquisition failed, falling back to popup");
-          return await acquireTokenPopup(scopes);
+          console.warn("[MSAL] Silent token acquisition failed, falling back to redirect");
+          await acquireTokenRedirect(scopes);
+          throw new Error("[MSAL] Redirecting for token acquisition");
         } finally {
           pendingTokenRequests.delete(requestKey);
         }
@@ -437,7 +349,7 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
       pendingTokenRequests.set(requestKey, tokenRequest);
       return tokenRequest;
     },
-    [acquireTokenSilent, acquireTokenPopup, defaultScopes, account]
+    [acquireTokenSilent, acquireTokenRedirect, defaultScopes, account]
   );
   const clearSession = useCallback(async () => {
     instance.setActiveAccount(null);
@@ -448,13 +360,10 @@ function useMsalAuth(defaultScopes = ["User.Read"]) {
     accounts,
     isAuthenticated,
     inProgress: inProgress !== InteractionStatus.None,
-    loginPopup,
     loginRedirect,
-    logoutPopup,
     logoutRedirect,
     acquireToken,
     acquireTokenSilent,
-    acquireTokenPopup,
     acquireTokenRedirect,
     clearSession
   };
@@ -467,23 +376,18 @@ function MicrosoftSignInButton({
   text = "Sign in with Microsoft",
   variant = "dark",
   size = "medium",
-  useRedirect = false,
   scopes,
   className = "",
   style,
   onSuccess,
   onError
 }) {
-  const { loginPopup, loginRedirect, inProgress } = useMsalAuth();
+  const { loginRedirect, inProgress } = useMsalAuth();
   const [isLoading, setIsLoading] = useState2(false);
   const handleClick = async () => {
     setIsLoading(true);
     try {
-      if (useRedirect) {
-        await loginRedirect(scopes);
-      } else {
-        await loginPopup(scopes);
-      }
+      await loginRedirect(scopes);
       onSuccess?.();
     } catch (error) {
       onError?.(error);
@@ -566,20 +470,15 @@ function SignOutButton({
   text = "Sign out",
   variant = "dark",
   size = "medium",
-  useRedirect = false,
   className = "",
   style,
   onSuccess,
   onError
 }) {
-  const { logoutPopup, logoutRedirect, inProgress } = useMsalAuth();
+  const { logoutRedirect, inProgress } = useMsalAuth();
   const handleClick = async () => {
     try {
-      if (useRedirect) {
-        await logoutRedirect();
-      } else {
-        await logoutPopup();
-      }
+      await logoutRedirect();
       onSuccess?.();
     } catch (error) {
       onError?.(error);
@@ -1064,28 +963,23 @@ function AuthGuard({
   children,
   loadingComponent,
   fallbackComponent,
-  useRedirect = true,
   scopes,
   onAuthRequired
 }) {
-  const { isAuthenticated, inProgress, loginRedirect, loginPopup } = useMsalAuth();
+  const { isAuthenticated, inProgress, loginRedirect } = useMsalAuth();
   useEffect4(() => {
     if (!isAuthenticated && !inProgress) {
       onAuthRequired?.();
       const login = async () => {
         try {
-          if (useRedirect) {
-            await loginRedirect(scopes);
-          } else {
-            await loginPopup(scopes);
-          }
+          await loginRedirect(scopes);
         } catch (error) {
           console.error("[AuthGuard] Authentication failed:", error);
         }
       };
       login();
     }
-  }, [isAuthenticated, inProgress, useRedirect, scopes, loginRedirect, loginPopup, onAuthRequired]);
+  }, [isAuthenticated, inProgress, scopes, loginRedirect, onAuthRequired]);
   if (inProgress) {
     return /* @__PURE__ */ jsx7(Fragment3, { children: loadingComponent || /* @__PURE__ */ jsx7("div", { children: "Authenticating..." }) });
   }
@@ -1654,7 +1548,6 @@ export {
   createScopedLogger,
   getDebugLogger,
   getMsalInstance,
-  getPopupRedirectUri,
   isValidAccountData,
   isValidRedirectUri,
   isValidScope,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chemmangat/msal-next",
-  "version": "3.1.5",
+  "version": "3.1.7",
   "description": "Production-grade MSAL authentication package for Next.js App Router with minimal boilerplate",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",