ADAL.NET uses an embedded web browser

There is one important thing that beginners with authentication libraries and Azure AD don't immediately understand: this is the fact that when getting token interactively, the content of the dialog box is not provided by the library, but really by the STS: the authentication endpoint sends some HTML and JavaScript which control the interaction.

Delegating this dialog (this dance) to the STS has many advantages:

• enabling redirections to other identity providers
• letting the STS control conditional access, for instance by having the user do multiple factor authentication during this authentication phase (entering a windows hello pin, or being called on his phone, or on an authentication app on his phone). In cases where multi factor authentication is required and the user has not set it up yet, s/he can even set it up just in time in the same dialog, entering his mobile phone number, and being guided to install an authentication application and scan a QR tag to add his account. This is an amazing experience!
• Letting the user change his password in this same dialog when the password has expired (providing additional fields for the old password and the new password)
• Enabling branding of the tenant, or the application (images) controlled by the Azure AD tenant admin / application owner.
• Enabling the user to consent to let the application access resources / scopes in his name just after the authentication.
• Last but not least, the password (if one was typed) is never stored by the application, nor the library.

To host this interaction with the STS, ADAL.NET uses an embedded web view. For all the platforms that provide UI, a dialog is provided by the library embedding a Web browser control.

For .NET Core, acquisition of tokens interactively is not available. Indeed, .NET Core does not provide UI yet.