azure-active-directory - SSO experience between token based and cookie based application

Question

Currently I have two applications with broken sso experience. Below is scenario :

Application 1 is Single Page Application, that uses Azure AD as an authorization end point and OAuth 2.0 implicit authorization grant to secure its web API back end (in short I refer this as Azure AD token base authentication) Almost similar to below flow :

Application 2 is a web application that uses OpenIDConnectAuthentication middleware in tandem with CookieAuthenticationMiddleWare and uses same Azure AD as authorization end point(in short I refer this as Azure AD cookie based authentication) Almost similar to below flow :

Is this broken SSO experience between application with token base authentication and application with cookie base authentication is expected ?

I accept I could have debugged and checked why and what before posting, but just wanted to see if its known issue before I go ahead with local code set up and all.

Answer 1

This is probably the best Azure Sample for achieving the experience you are looking for: https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect

You should not be prompted to enter the username and password a second time. At most you may have to click a second time to sign in but even that can be configured within the code. Here's a video my colleague and I made demonstrating how to set up this experience with two web apps using the Azure sample. Based on your description, this seems to be what you are looking to achieve.