Forum Discussion

ThusharaManchanayake's avatar
ThusharaManchanayake
Copper Contributor
May 19, 2023

Azure B2C in a frame because it set 'X-Frame-Options' to 'deny'.

Hi,

I am looking to add our client's customer web portal as Microsoft Team App. I used the Developer Portal to create a Personal App with a URL. Our program relies on third-party authentication services such as Azure B2C, Apple ID, and certain authentication and authorization for accounting system connections. We received the following error when the program performed the redirection for Azure B2C login. Many developers recommend permitting third-party cookies for that website. I tested it, as well as allowing all cookies. I'm still having no luck. Could someone please respond to the below questions?

 

Has anyone succeeded in redirecting to Azure B2C from the MS Team App? Any suggestions to fix the above issue are much appreciated.

Are you proposing the MS Team App platform for the addition of such an app with numerous third-party integrations?

 

 

 

 

 

  • @ ThusharaManchanayake - Thanks for reporting your issue.
    We will check this at our end and will get back to you.
      • Rajnivas_Thiyagarajan's avatar
        Rajnivas_Thiyagarajan
        Copper Contributor

        Hi ThusharaManchanayake Sayali-MSFT ,


        Have found the issue and rectified?

        Currently, we're in the process of integrating Single Sign-On (SSO) functionality into our React/Typescript based iframe web application, which operates within an iframe.
        For user authentication, we're utilizing Azure AD B2C, while AWS Cognito serves as our internal database for user data management. During development, within the iframe environment, we successfully implemented SSO login without any issues. However, upon deployment of our iframe application into the parent web application, we encountered an obstacle when trying to initiate the SSO login process. Specifically, we received the error message:
        "Refused to display 'https://test.b2clogin.com/' in a frame because it set 'X-Frame-Options' to 'deny'."
        Upon investigation, it became apparent that the 'X-Frame-Options' header for 'https://test.b2clogin.com/' is configured to 'deny', thereby preventing its display within iframes. Are there any potential solutions or workarounds for this issue?

        We got stucked in the issue for some day, and can't find any potential fixes :sad:.
        But found out your related threads having the same cause .
        Thanks for your help in Advance! :smile:

Resources