MSAL, Microsoft's absolute dumpster fire of an authentication library. Who in their right mind designed this overcomplicated mess? The documentation reads like it was written by a committee of drunk orangutans throwing darts at a keyboard.
Want to do a simple login? HAHAHA GOOD LUCK! Here's 47 different configuration options you need to set up, three different flow types that are basically the same thing with slightly different names, and error messages that might as well be written in hieroglyphics. "AADSTS700054" yeah that's SUPER helpful, thanks Microsoft!
And don't even get me started on token caching. Oh, you thought your tokens would just... work? NOPE! Hope you enjoy debugging why your perfectly valid token is being treated like a expired coupon at a grocery store. The refresh token flow is about as reliable as a chocolate teapot.

I worked on a great project that was later axed and part of that was because of Msal issues. We literally only dealt with Msal issues. The app was otherwise stable. There were always issues with SSO, login, token validation...
It just couldn't work, like, at all.
I could see the clients getting fed up of the constant issues, yet, they couldn't move away from Microsoft since they'd already invested into their entreprise ecosystem. AzureAD, Office 365, you name it.

Shit like this is why I laugh whenever someone suggests that AGI will take over the world. Like, bro, we still haven't figured out how to make an auth library that actually works, and you think we're close to making a machine capable of thinking like a human?
Yeah right!

Msal.js. I give it 3/10..

The docs are duplicated, and in various states of out of date. Half the library seems to be undocumented based on how many edge case bugs I've hit, it offers a popup login but you have to have a set specified white list of urls you can launch the popup from which makes a popup login pointless...

Ontop of that my colleagues shat the bed on it and fucked the whole implementation including the azure b2c setup... We do not even have a backend app listed in the azure b2c apps. The redirect also won't work if you don't instantiate an object in a hidden iframe of your own website that fetches a token... This does not make life easy when you use a SPA framework and you have already implemented a whole pipeline abstracting the creation of this object behind layers dependency injection.. Nice.

After sifting through endless shit I finally have a solution. What a week.