Preventing Single Sign On (SSO) Redirects From Opening a New Window Inside a Progressive Web Application (PWA)

I was recently working on a PWA application that utilizes SSO and one odd behavior that I noticed right off the bat was the fact that the SSO redirects forces the application to open a new window inside the browser instead of carrying the redirect inside the application shell. This is problematic as it defies the whole purpose of a PWA which attempts to make a web application feel native. Furthermore, the behavior varied depending on the browser/platform where the application was being loaded. Specifically, the issue was present under Chrome for Windows and Safari for IOS.

It turns out that SSO under PWA is broken on Chrome for Desktop as of Chrome version 70. The good news is that the W3C web.manifest standard has changed and no longer requires out of scope navigation to be opened in a new window. Here is what the spec states:

Unlike previous versions of this specification, user agents are no longer required or allowed to block off-scope navigations, or open them in a new top-level browsing context. This practice broke a lot of sites that navigate to a URL on another origin…

Fortunately, Chrome version 71 fixes this issue as it implements the updated standard. At the time of writing this post version 71 was still in Beta so you would have to install the Beta version to test the behavior.