adress build warnings

Author: Dickson-Mwendia

msal-javascript-conceptual/browser/known-issues-ie-edge-browsers.md

@@ -0,0 +1,66 @@
+---
+title: Issues on Internet Explorer & Microsoft Edge (MSAL.js)
+description: Learn about know issues when using the Microsoft Authentication Library for JavaScript (MSAL.js) with Internet Explorer and Microsoft Edge browsers.
+author: OwenRichards1
+manager: CelesteDG
+ms.author: owenrichards
+ms.custom: devx-track-js
+ms.date: 05/18/2020
+ms.reviewer: saeeda
+ms.service: active-directory
+ms.subservice: develop
+ms.topic: troubleshooting
+#Customer intent: As an application developer, I want to learn about issues with MSAL.js library so I can decide if this platform meets my application development needs and requirements.
+---
+
+# Known issues on Internet Explorer and Microsoft Edge browsers (MSAL.js)
+
+## Issues due to security zones
+We had multiple reports of issues with authentication in IE and Microsoft Edge (since the update of the *Microsoft Edge browser version to 40.15063.0.0*). We're tracking these and have informed the Microsoft Edge team. While Microsoft Edge works on a resolution, here's a description of the frequently occurring issues and the possible workarounds that can be implemented.
+
+### Cause
+The cause for most of these issues is as follows. The session storage and local storage are partitioned by security zones in the Microsoft Edge browser. In this particular version of Microsoft Edge, when the application is redirected across zones, the session storage and local storage are cleared. Specifically, the session storage is cleared in the regular browser navigation, and both the session and local storage are cleared in the InPrivate mode of the browser. MSAL.js saves certain state in the session storage and relies on checking this state during the authentication flows. When the session storage is cleared, this state is lost and hence results in broken experiences.
+
+### Issues
+
+- **Infinite redirect loops and page reloads during authentication**. When users sign in to the application on Microsoft Edge, they're redirected back from the Microsoft Entra login page and are stuck in an infinite redirect loop resulting in repeated page reloads. This is usually accompanied by an `invalid_state` error in the session storage.
+
+- **Infinite acquire token loops and AADSTS50058 error**. When an application that is run on Microsoft Edge tries to acquire a token for a resource, the application may get stuck in an infinite loop of the acquire token call. The following error is returned from Microsoft Entra ID in your network trace:
+
+    `Error :login_required; Error description:AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com)`
+
+- **Pop-up window doesn't close or is stuck when using login through pop-up window to authenticate**. When authenticating through a pop-up window in Microsoft Edge or IE (InPrivate), after entering credentials and signing in, if multiple domains across security zones are involved in the navigation, the pop-up window doesn't close because `MSAL.js` loses the handle to the pop-up window.
+
+- **Cannot log in using redirect URL prefixed with tauri**. The only supported schemes for redirect URIs are `https:` for production apps and `http://localhost` for local development. If you attempt to use a different scheme, like `tauri://localhost`, for a mobile or desktop application, the below error message appears. This error arises as a result of how the backend of the SPA is designed.
+
+    `AADSTS90023: Cross-origin token redemption is permitted only for the 'Single-Page Application' client-type or 'Native' client-type with origin registered in AllowedOriginForNativeAppCorsRequestInOAuthToken allow list.`
+
+### Update: Fix available in MSAL.js 0.2.3
+Fixes for the authentication redirect loop issues have been released in [MSAL.js 0.2.3](https://github.com/AzureAD/microsoft-authentication-library-for-js/releases). Enable the flag `storeAuthStateInCookie` in the MSAL.js config to take advantage of this fix. By default this flag is set to false.
+
+When the `storeAuthStateInCookie` flag is enabled, MSAL.js uses the browser cookies to store the request state required for validation of the auth flows.
+
+> [!NOTE]
+> This fix is not yet available for the `msal-angular` and `msal-angularjs` wrappers. This fix doesn't address the issue with pop-up windows.
+
+#### Other workarounds
+Make sure to test that your issue is occurring only on the specific version of Microsoft Edge browser and works on the other browsers before adopting these workarounds.
+1. As a first step to get around these issues, ensure that the application ___domain and any other sites involved in the redirects of the authentication flow are added as trusted sites in the security settings of the browser. This ensures the redirects belong to the same security zone.
+To do so, follow these steps:
+    - Open **Internet Explorer** and click on the **settings** (gear icon) in the top-right corner
+    - Select **Internet Options**
+    - Select the **Security** tab
+    - Under the **Trusted Sites** option, click on the **sites** button and add the URLs in the dialog box that opens.
+
+4. As mentioned before, since only the session storage is cleared during the regular navigation, you may configure MSAL.js to use the local storage instead. This can be set as the `cacheLocation` config parameter while initializing MSAL.
+
+Note, these workarounds won't solve the issue for InPrivate browsing since both session and local storage are cleared.
+
+## Issues due to popup blockers
+
+There are cases when popups are blocked in IE or Microsoft Edge, for example when a second popup occurs during [multi-factor authentication](~/identity/authentication/concept-mfa-howitworks.md). You'll get an alert in the browser to allow for the pop-up window once or always. If you choose to allow, the browser opens the pop-up window automatically and returns a `null` handle for it. As a result, the library doesn't have a handle for the window and there's no way to close the pop-up window. The same issue doesn't happen in Chrome when it prompts you to allow pop-up windows because it doesn't automatically open a pop-up window.
+
+As a **workaround**, developers need to allow popups in IE and Microsoft Edge before they start using their app to avoid this issue.
+
+## Next steps
+Learn more about [Using MSAL.js in Internet Explorer](msal-js-use-ie-browser.md).

msal-javascript-conceptual/browser/migrate-adal-js-to-msal-js.md

@@ -21,9 +21,8 @@ ms.topic: how-to
 
 ## Prerequisites
 
-- You must set the **Platform** / **Reply URL Type** to **Single-page application** on App Registration portal (if you have other platforms added in your app registration, such as **Web**, you need to make sure the redirect URIs don't overlap. See: [Redirect URI restrictions](./reply-url.md))
-- You must provide [polyfills](./msal-js-use-ie-browser.md) for ES6 features that MSAL.js relies on (for example, promises) in order to run your apps on **Internet Explorer**
-- Migrate your Microsoft Entra apps to [v2 endpoint](v2-overview.md) if you haven't already
+- You must set the **Platform** / **Reply URL Type** to **Single-page application** on App Registration portal (if you have other platforms added in your app registration, such as **Web**, you need to make sure the redirect URIs don't overlap. See: [Redirect URI restrictions](/entra/identity-platform/reply-url))
+- You must provide [polyfills](./use-ie-browser.md) for ES6 features that MSAL.js relies on (for example, promises) in order to run your apps on **Internet Explorer**
 
 ## Install and import MSAL
 
@@ -226,21 +225,21 @@ const getAccessToken = async() => {
 
 ## Cache and retrieve tokens
 
-Like ADAL.js, MSAL.js caches tokens and other authentication artifacts in browser storage, using the [Web Storage API](https://developer.mozilla.org/docs/Web/API/Web_Storage_API). You're recommended to use `sessionStorage` option (see: [configuration](#configure-msal)) because it's more secure in storing tokens that are acquired by your users, but `localStorage` will give you [Single Sign On](./msal-js-sso.md) across tabs and user sessions.
+Like ADAL.js, MSAL.js caches tokens and other authentication artifacts in browser storage, using the [Web Storage API](https://developer.mozilla.org/docs/Web/API/Web_Storage_API). You're recommended to use `sessionStorage` option (see: [configuration](#configure-msal)) because it's more secure in storing tokens that are acquired by your users, but `localStorage` will give you [Single Sign On](./single-sign-on.md) across tabs and user sessions.
 
 Importantly, you aren't supposed to access the cache directly. Instead, you should use an appropriate MSAL.js API for retrieving authentication artifacts like access tokens or user accounts.
 
 ## Renew tokens with refresh tokens
 
-ADAL.js uses the [OAuth 2.0 implicit flow](./v2-oauth2-implicit-grant-flow.md), which doesn't return refresh tokens for security reasons (refresh tokens have longer lifetime than access tokens and are therefore more dangerous in the hands of malicious actors). Hence, ADAL.js performs token renewal using a hidden IFrame so that the user isn't repeatedly prompted to authenticate.
+ADAL.js uses the [OAuth 2.0 implicit flow](/entra/identity-platform//v2-oauth2-implicit-grant-flow), which doesn't return refresh tokens for security reasons (refresh tokens have longer lifetime than access tokens and are therefore more dangerous in the hands of malicious actors). Hence, ADAL.js performs token renewal using a hidden IFrame so that the user isn't repeatedly prompted to authenticate.
 
 With the auth code flow with PKCE support, apps using MSAL.js 2.x obtain refresh tokens along with ID and access tokens, which can be used to renew them. The usage of refresh tokens is abstracted away, and the developers aren't supposed to build logic around them. Instead, MSAL manages token renewal using refresh tokens by itself. Your previous token cache with ADAL.js won't be transferable to MSAL.js, as the token cache schema has changed and incompatible with the schema used in ADAL.js.
 
 ## Handle errors and exceptions
 
 When using MSAL.js, the most common type of error you might face is the `interaction_in_progress` error. This error is thrown when an interactive API (`loginPopup`, `loginRedirect`, `acquireTokenPopup`, `acquireTokenRedirect`) is invoked while another interactive API is still in progress. The `login*` and `acquireToken*` APIs are *async* so you'll need to ensure that the resulting promises have resolved before invoking another one.
 
-Another common error is `interaction_required`. This error is often resolved by initiating an interactive token acquisition prompt. For instance, the web API you're trying to access might have a [Conditional Access](~/identity/conditional-access/overview.md) policy in place, requiring the user to perform [multifactor authentication](~/identity/authentication/concept-mfa-howitworks.md) (MFA). In that case, handling `interaction_required` error by triggering `acquireTokenPopup` or `acquireTokenRedirect` will prompt the user for MFA, allowing them to fullfil it.
+Another common error is `interaction_required`. This error is often resolved by initiating an interactive token acquisition prompt. For instance, the web API you're trying to access might have a [Conditional Access](/entra/identity/conditional-access/overview) policy in place, requiring the user to perform [multifactor authentication](/entra/identity/authentication/concept-mfa-howitworks) (MFA). In that case, handling `interaction_required` error by triggering `acquireTokenPopup` or `acquireTokenRedirect` will prompt the user for MFA, allowing them to fullfil it.
 
 Yet another common error you might face is `consent_required`, which occurs when permissions required for obtaining an access token for a protected resource aren't consented by the user. As in `interaction_required`, the solution for `consent_required` error is often initiating an interactive token acquisition prompt, using either `acquireTokenPopup` or `acquireTokenRedirect`.
 

msal-javascript-conceptual/browser/performance.md

@@ -10,11 +10,7 @@ ms.author: emilylauber
 ms.reviewer: dmwendia, cwerner, owenrichards, kengaderdus
 ---
 
-# Performance
-
-Please refer to [msal-common/performance](../../msal-common/docs/performance.md) first, which outlines the techniques your application can use to improve the performance of token acquisition using MSAL. Read below for measuring performance in your apps.
-
-## Measuring performance
+# Measuring performance
 
 Applications that want to measure the performance of authentication flows in MSAL.js can do so manually, or consume the performance measures taken by the library itself.
 Consuming performance measurements requires setting performance client in [telemetry configuration options](./configuration.md#telemetry-config-options) and adding performance callback.
@@ -45,8 +41,6 @@ const msalInstance = new PublicClientApplication({
 msalInstance.initialize();
 ```
 
-**Note**: You can pass your own performance telemetry client that implements [IPerformanceClient](../../msal-common/src/telemetry/performance/IPerformanceClient.ts) to customize telemetry management.
-
 ### Add performance callback
 
 Applications can register a callback to receive performance measurements taken by the library. These measurement will include end-to-end measurements for top-level APIs, as well as measurements for important internal APIs.
@@ -91,7 +85,7 @@ const event: PerformanceEvent = {
 }
 ```
 
-The complete details for `PerformanceEvents` objects can be found [here](../../msal-common/src/telemetry/performance/PerformanceEvent.ts). Below is a list of some notable properties:
+The complete details for `PerformanceEvents` objects can be found [here](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-common/src/telemetry/performance/PerformanceClient.ts). Below is a list of some notable properties:
 
 | **Property**                       | Type      | Description                                                            |
 | ---------------------------------- | --------- | ---------------------------------------------------------------------- |

msal-javascript-conceptual/browser/prompt-behavior.md

@@ -82,8 +82,8 @@ In some cases however, the prompt value `none` can be used together with an inte
 
 ## Next steps
 
-- [Single sign-on with MSAL.js](MIP-sso.md)
-- [Handle errors and exceptions in MSAL.js](MIP-errors.md)
+- [Single sign-on with MSAL.js](single-sign-on.md)
+- [Handle errors and exceptions in MSAL.js](errors.md)
 - [Handle ITP in Safari and other browsers where third-party cookies are blocked](/entra/identity-platform/reference-third-party-cookies-spas.md)
 - [OAuth 2.0 authorization code flow on the Microsoft identity platform](/entra/identity-platform/v2-oauth2-auth-code-flow.md)
 - [OpenID Connect on the Microsoft identity platform](/entra/identity-platform/v2-protocols-oidc.md)

msal-javascript-conceptual/browser/use-ie-browser.md

@@ -0,0 +1,51 @@
+---
+title: Issues on Internet Explorer (MSAL.js)
+description: Use the Microsoft Authentication Library for JavaScript (MSAL.js) with Internet Explorer browser.
+author: OwenRichards1
+manager: CelesteDG
+ms.author: owenrichards
+ms.custom: devx-track-js
+ms.date: 12/01/2021
+ms.reviewer: saeeda
+ms.service: active-directory
+ms.subservice: develop
+ms.topic: conceptual
+#Customer intent: As an application developer, I want to learn about issues with MSAL.js library so I can decide if this platform meets my application development needs and requirements.
+---
+
+# Known issues on Internet Explorer browsers (MSAL.js)
+
+For better compatibility with Internet Explorer, we generate the Microsoft Authentication Library for JavaScript (MSAL.js) for [JavaScript ES5](https://262.ecma-international.org/5.1/), but there are other things to consider as you develop your application.
+
+## Run an app in Internet Explorer
+
+Internet Explorer lacks native support for JavaScript Promises, required by MSAL.js.
+
+To support JavaScript Promises in an Internet Explorer app, reference a Promise polyfill before you reference MSAL.js.
+
+```html
+<script
+  src="https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.3.4/bluebird.min.js"
+  class="pre"
+></script>
+```
+
+## Debugging an application running in Internet Explorer
+
+### Running in production
+
+Deploying your application to production (for instance in Azure Web apps) normally works fine, provided the end user has accepted popups. We tested it with Internet Explorer 11.
+
+### Running locally
+
+To debug your application locally, temporarily disable Internet Explorer's _Protected Mode_ during your debugging session.
+
+  1. In Internet Explorer, select **Tools** > **Internet Options** > **Security** tab > **Internet** zone.
+  1. Clear the **Enable Protected Mode (requires restarting Internet Explorer)** checkbox.
+  1. Select **OK** to restart Internet Explorer.
+
+When you're done debugging, follow the previous steps and select (instead of clear) the **Enable Protected Mode (requires restarting Internet Explorer)** checkbox.
+
+## Next steps
+
+Learn more about [Known issues when using MSAL.js in Internet Explorer](./known-issues-ie-edge-browsers.md).

msal-javascript-conceptual/browser/v1-migration.md

@@ -12,13 +12,11 @@ ms.reviewer: dmwendia, cwerner, owenrichards, kengaderdus
 
 # Migrating from MSAL v1.x to MSAL v2.x
 
-If you are new to MSAL, you should start [here](./initialization.md).
-
-If you are coming from [MSAL v1.x](../../msal-common/), you can follow this guide to update your code to use [MSAL v2.x](../../msal-browser/).
+If you are new to MSAL, you should start [here](./initialization.md). If you are coming from MSAL v1.x, you can follow this guide to update your code to use MSAL v2.x
 
 ## 1. Update application registration
 
-Go to the Azure AD portal for your tenant and review the App Registrations. You can create a [new registration](https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration#create-the-app-registration) for MSAL 2.x or you can [update your existing registration](https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow) for the registration that you are using for MSAL 1.x.
+Go to the Azure AD portal for your tenant and review the App Registrations. You can create a [new registration](/entra/identity-platform/scenario-spa-app-registration#create-the-app-registration) for MSAL 2.x or you can [update your existing registration](/entra/identity-platform/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow) for the registration that you are using for MSAL 1.x.
 
 ## 2. Add the msal-browser package to your project
 

msal-javascript-conceptual/browser/v2-migration.md

@@ -14,9 +14,9 @@ ms.reviewer: dmwendia, cwerner, owenrichards, kengaderdus
 
 If you are new to MSAL, you should start [here](./initialization.md).
 
-If you are coming from [MSAL v1.x](../../msal-core/), you should check [this guide](./v1-migration.md) first to migrate to [MSAL v2.x](../../msal-browser/) and then follow next steps.
+If you are coming from MSAL v1.x, you should check [this guide](./v1-migration.md) first to migrate to MSAL v2.x and then follow next steps.
 
-If you are coming from [MSAL v2.x](../../msal-browser/), you can follow this guide to update your code to use [MSAL v3.x](../../msal-browser/).
+If you are coming from MSAL v2.x, you can follow this guide to update your code to use MSAL v3.x.
 
 ## Breaking changes
 
@@ -90,7 +90,7 @@ const msalInstance = new msal.PublicClientApplication(msalConfig);
 await msalInstance.initialize();
 ```
 
-All other APIs are backward compatible with [MSAL v2.x](../../msal-browser/). It is recommended to take a look at the [default sample](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-browser-samples/VanillaJSTestApp2.0) to see a working example of MSAL v3.0.
+All other APIs are backward compatible with MSAL v2.x. It is recommended to take a look at the [default sample](https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-browser-samples/VanillaJSTestApp2.0) to see a working example of MSAL v3.0.
 
 ### Crypto