Override MSAL's system webview handling (#2258)

mjcheetham · web-flow · commit 88522e9b3147 · 2026-02-05T15:58:19.000Z
Since we have special handling on Linux (eg WSL support), we try to use
our own logic for launching the user's default web browser for
interactive authentication.

In the event we fail to start the browser, we fall back to using MSAL's
logic, with a preference of Edge (Chromium-based) - largely because this
is the only way to hook ourselves back into MSAL's default handling.
diff --git a/src/shared/Core/Authentication/MicrosoftAuthentication.cs b/src/shared/Core/Authentication/MicrosoftAuthentication.cs
@@ -754,10 +754,33 @@ private static EmbeddedWebViewOptions GetEmbeddedWebViewOptions()
             };
         }
 
-        private static SystemWebViewOptions GetSystemWebViewOptions()
+        private SystemWebViewOptions GetSystemWebViewOptions()
         {
             // TODO: add nicer HTML success and error pages
-            return new SystemWebViewOptions();
+            return new SystemWebViewOptions
+            {
+                OpenBrowserAsync = OpenBrowserFunc
+            };
+
+            // We have special handling for Linux and WSL to open the system browser
+            // so we need to use our own function here. Sorry MSAL!
+            Task OpenBrowserFunc(Uri uri)
+            {
+                try
+                {
+                    Context.SessionManager.OpenBrowser(uri);
+                }
+                catch (Exception ex)
+                {
+                    Context.Trace.WriteLine("Failed to open system web browser - using MSAL fallback");
+                    Context.Trace.WriteException(ex);
+
+                    // Fallback to MSAL's default browser opening logic, preferring Edge.
+                    return SystemWebViewOptions.OpenWithChromeEdgeBrowserAsync(uri);
+                }
+
+                return Task.CompletedTask;
+            }
         }
 
         private Task ShowDeviceCodeInTty(DeviceCodeResult dcr)
@@ -859,8 +882,14 @@ private void EnsureCanUseEmbeddedWebView()
 
         private bool CanUseSystemWebView(IPublicClientApplication app, Uri redirectUri)
         {
+            //
             // MSAL requires the application redirect URI is a loopback address to use the System WebView
-            return Context.SessionManager.IsWebBrowserAvailable && app.IsSystemWebViewAvailable && redirectUri.IsLoopback;
+            //
+            // Note: we do NOT check the MSAL 'IsSystemWebViewAvailable' property as it only
+            // looks for the presence of the DISPLAY environment variable on UNIX systems.
+            // This is insufficient as we instead handle launching the default browser ourselves.
+            //
+            return Context.SessionManager.IsWebBrowserAvailable && redirectUri.IsLoopback;
         }
 
         private void EnsureCanUseSystemWebView(IPublicClientApplication app, Uri redirectUri)
@@ -871,12 +900,6 @@ private void EnsureCanUseSystemWebView(IPublicClientApplication app, Uri redirec
                     "System web view is not available without a way to start a browser.");
             }
 
-            if (!app.IsSystemWebViewAvailable)
-            {
-                throw new Trace2InvalidOperationException(Context.Trace2,
-                    "System web view is not available on this platform.");
-            }
-
             if (!redirectUri.IsLoopback)
             {
                 throw new Trace2InvalidOperationException(Context.Trace2,
