fix: skip reusing old token in embed mode with delegated auth

[LukasHirt]

Description

When Web is included in an iframe in embed mode with delegated authentication, skip reusing the old token. The parent application is responsible for handling the token and we do not really care about reloading there which the reuse seems to be intended to handle. If the old token is reused, it can lead to an error when fetching user with expired token. That will then lead to a redirect to access denied page once the delegated access_token is received.

Motivation and Context

Fixing a bug which leads to access denied page.

How Has This Been Tested?

• test environment: local
• test case 1: embed web in an iframe with delegated auth, postMessage with valid token, wait for the token to expire, remove the iframe, build the iframe again with expired token, postMessage with new valid token

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests

Checklist:

• Code changes
• Unit tests added
• Acceptance tests added
• Documentation ticket raised:

Open tasks:

• add tests
• add changelog

[LukasHirt]

I have also added a few logs into the code so that it is easier to debug the embed mode.

[kulmann]

I added two commits myself to fast-track this...
1: no extra changelog item needed as the delegated authentication was never publicly released. I just added the PR url to an existing changelog item
2: I reduced the log level of your new log messages to debug to not spam the browser console.

Otherwise perfect, thanks for jumping on this quickly 👍

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

53.8% Coverage
0.0% Duplication