Target SharePoint environment
SharePoint Online
What SharePoint development model, framework, SDK or API is this about?
💥 SharePoint Framework
Developer environment
Windows
What browser(s) / client(s) have you tested
Additional environment details
SPFx version: 1.21
Browser: Microsoft Edge and Safari on iOS (latest version, managed via Intune)
Auth context:
- Managed browser (Intune)
- SSO enabled
- PKeyAuth
Security configuration:
Third-party cookies / tracking blocked (cannot be changed due to security policy)
Describe the bug / error
When using aadHttpClientFactory.getClient() in SPFx 1.21, token acquisition fails in mobile scenarios where third-party cookies are blocked (Edge on iOS, managed via Intune).
Instead of falling back to an interactive or recoverable auth flow, the request fails with an unrecoverable error:
InteractionRequiredAuthError: login_required: AADSTS50058:
A silent sign-in request was sent but no user is signed in.
The cookies used to represent the user's session were not sent in the request to Azure AD.
This appears to be caused by cookies not being sent in the silent auth request, but the framework does not gracefully handle this condition.
Key observations:
- We are using aadHttpClientFactory in a very standard way (getClient() + API call).
- The implementation resides in a shared library component, but nothing unusual is being done.
- The failure is consistent and reproducible in environments where third-party cookies are blocked.
- There is no fallback or recovery mechanism that is successfully working triggered by SPFx.
Steps to reproduce
- Deploy an SPFx web part that calls an API using aadHttpClientFactory.getClient().
- Open the SharePoint page in Edge on iOS (managed via Intune).
- Ensure third-party cookies are blocked.
- Authenticate normally and load the page (initial load may succeed depending on session state).
- Clear browser cookies OR let the session expire.
- Reload or revisit the SharePoint page.
Alternate repro (forced):
- Load SharePoint page with SPFx web part using aadHttpClientFactory.
- Delete all cookies on the device.
- Reload the page on mobile.
- Observe failure during token acquisition.
Be aware, this is inconsistent but it is reproducible and quite common in our environment with these configurations
Expected behavior
- If silent token acquisition fails due to missing cookies, SPFx should:
- Fall back to an interactive authentication flow, or
- Provide a recoverable mechanism instead of throwing a hard failure.
- The application should not enter a broken state where API calls cannot proceed.
Target SharePoint environment
SharePoint Online
What SharePoint development model, framework, SDK or API is this about?
💥 SharePoint Framework
Developer environment
Windows
What browser(s) / client(s) have you tested
Additional environment details
SPFx version: 1.21
Browser: Microsoft Edge and Safari on iOS (latest version, managed via Intune)
Auth context:
Security configuration:
Third-party cookies / tracking blocked (cannot be changed due to security policy)
Describe the bug / error
When using aadHttpClientFactory.getClient() in SPFx 1.21, token acquisition fails in mobile scenarios where third-party cookies are blocked (Edge on iOS, managed via Intune).
Instead of falling back to an interactive or recoverable auth flow, the request fails with an unrecoverable error:
This appears to be caused by cookies not being sent in the silent auth request, but the framework does not gracefully handle this condition.
Key observations:
Steps to reproduce
Alternate repro (forced):
Be aware, this is inconsistent but it is reproducible and quite common in our environment with these configurations
Expected behavior