microsoft-authentication-library-for-dotnet: [Bug] Azure AD B2C authentication fails on UWP

Logs and network traces Without logs or traces, it is unlikely that the team can investigate your issue. Capturing logs and network traces is described in Logging wiki.

Which version of MSAL.NET are you using? 4.53.0

Platform UWP with Xamarin.Forms

What authentication flow has the issue?

  • Desktop / Mobile
    • Interactive
    • Integrated Windows Authentication
    • Username Password
    • Device code flow (browserless)

Is this a new or existing app? The app is in production, I haven’t upgraded MSAL, but started seeing this issue.

Repro

  1. Clone the sample project
  2. Run and try to sign in

Expected behavior A successful login

Actual behavior First of all, we receive “We can’t connect to the service you need right now. Check your network connection or try this again later” error in the opened browser window. When open the Windows event log I see the following error

AuthHost encountered a navigation error at URL: <https://msoisalesstaging.b2clogin.com/tfp/msoisalesstaging.onmicrosoft.com/b2c_1_signin/oauth2/v2.0/authorize?scope=offline_access+openid+https%3A%2F%2Fmsoisalesstaging.onmicrosoft.com%2Fmsoisales%2Fmongodb-realm-sync+profile&response_type=code&client_id=a0789689-6dd6-4f8f-bacd-bef3bfbfcf4d&redirect_uri=ms-app%3A%2F%2Fs-1-15-2-1207448870-1919239748-1716570430-323877461-3067963371-1728433620-2282859050%2F&client-request-id=9de92785-4b16-4594-987b-caef9cb887aa&x-client-SKU=MSAL.UAP&x-client-Ver=4.49.1.0&x-client-CPU=x64&x-client-OS=Windows+10&x-client-DM=Blade+15+Advanced+Model+%28Early+2021%29+-+RZ09-036&prompt=select_account&code_challenge=3oVCkz54nCG7AOVClZOuAfrvNc-eegWjdgJlBSry9QY&code_challenge_method=S256&state=ca6fe89f-9c45-4879-828e-667e0700c9d67e5da2b1-f2d3-44e1-81f6-9f50c3337d11&client_info=1> with StatusCode: 0x800C000D.

Additional context / logs / screenshots / links to code

azure_ad_b2c_uwp_logs.zip

I have search for all of the possible suggested solutions about this issue such as

  1. Adding enterprise network capabilities
  2. Making sure the redirect URL is explicitly mentioned
  3. Making sure that we use recommended user flow

None of the above helped to solve the problem. The problem started happening in our production app without any changes, and currently, none of our users can log in, causing essentially global p1 for us. Also, the sample I shared is the official B2C sample for Xamarin.Forms and when I put our clientID and sign in process properties into the sample I see the same error. Probably something has changed that we are not aware.

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Reactions: 2
  • Comments: 26 (10 by maintainers)

Most upvoted comments

Folks, there will be some official communication about this incident and the mitigation coming out soon, such as time details, addressed directly to the affected subscription admins. There should not be anything that needs doing from anyone on this thread or anyone using UWP + B2C.

Update on this: currently, the rollback is happening on a tenant by tenant basis. @charlesroddie - your tenant is being reverted now, it’ll take time to propagate to all regions.

Will all tenants be rolled back eventually?

I will have an update on this shortly.

The issue has been resolved for me. I hope the next release of Azure AD will be a more successful one 😃 Thanks, @bgavrilMS for following up on the issue!

Update on this: currently, the rollback is happening on a tenant by tenant basis.

@charlesroddie - your tenant is being reverted now, it’ll take time to propagate to all regions.

@bgavrilMS Switching to $“msal{ClientID}😕/auth” removes the hang, but now we have “Can’t connect to the service you need right now…” AFTER submitting the correct credentials. To clarify further: initial UI with username and password shows up, but the process breaks after. It also properly reacts on incorrect credentials.

@arvizio I have a strong guess that the intermittency was because of the most recent change that potentially was released last week and was being gradually rolled out throughout the last 7 days. We observed a gradual increase in the relative frequency of this issue over the past week. And now, this new change is rolled out 100%, and that’s the reason it’s now 100% reproducible.

Yeah, I can repro with your app and with our test B2C coordinates, which we use in the samples …

@bgavrilMS We are having P1 with all of our customers 😦 And we need to resolve this issue ASAP.

Maui migration is on our Roadmap, but obviously, we need to resolve this issue to unblock our customers.

Thanks for taking a look into it!