microsoft-authentication-library-for-dotnet: [Bug] In WPF client the social login stack in the redirecting state
Which Version of MSAL are you using ? 4.3.1
Platform .NET 4.6.2
What authentication flow has the issue?
- Desktop / Mobile
- [ X ] Interactive
- Integrated Windows Auth
- Username Password
- Device code flow (browserless)
Is this a new or existing app? The app is in production
Repro Currently does not work the library at all if you call it from WPF. Even the sample application does not work, even my application does not work.
Repo: Use any type of WPF application, like the sample app.
- Download and Build the Microsoft Azure Sample App: https://github.com/Azure-Samples/active-directory-b2c-dotnet-desktop
- Start it.
- Click on the Sign In button.
- Click any type of social provider. (Facebook, Google, Microsoft)
- The Window Title change to “Redirecting…” and stack in this state.
Same with every WPF applications.
Check the sample code, but here is the method that called.
authResult = await (app as PublicClientApplication).AcquireTokenInteractive(App.ApiScopes)
.WithParentActivityOrWindow(new WindowInteropHelper(this).Handle)
.WithAccount(GetAccountByPolicy(accounts, App.PolicySignUpSignIn))
.ExecuteAsync();
Expected behavior A clear and concise description of what you expected to happen (or code).
Actual behavior A clear and concise description of what happens, e.g. exception is thrown, UI freezes
Possible Solution Maybe there is a problem on Microsoft B2C side, but the library does not handling this scenario.
Additional context/ Logs / Screenshots
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 36 (2 by maintainers)
Now it is working 😉
@foxyjess1 @xammob @TuroczyX @jondmcelroy The fix is out. I have confirmed that I am no longer hit the “redirecting…” page…can you please do so as well and let us know? Thank you.
Thanks @jennyf19 for driving this to resolution!
@jondmcelroy Thanks for the call-out on exactly what you’d like to see in the docs, that’s super helpful. I’ve added a work item to add an expanded explanation to the Use b2clogin.com doc. Will tag this issue in the PR once I get there.
Edit: And thanks to @TuroczyX for the steps and screenshots, love it!
@jondmcelroy Yes that is the document that I refereed. That is not describe well what you have to do. But as I see, you wrote the replay URL to a wrong place. Screenshots attached.
https://{your-tenant-name}.b2clogin.com/{your-tenant-name}.onmicrosoft.com/oauth2/authresp
In the previous version was /te in the URL. REMOVE IT! 😃
Confirmed! This is working for me now in our production app! Means we don’t have to rush out the change to b2clogin - although we’ll make sure we move to it soon! Thanks for the comms here! It’s been a very stressful 48 hours!!!
@TuroczyX Thanks for the direction, I finally figured out like you showed that I needed to update the app registration for the AD application NOT the B2C Application. The documentation needs to be updated with pictures and better explanation.
@jennyf19 Thanks for being on top of this and all of the communication!
For anyone else thinking about making the switch to b2clogin, you will need to update all of your applications to use the b2clogin at the same due to needing to validate the issuer at the server. So even if you properly authentication with the b2clogin at the client level, your server also needs to be updated to get metadata from the b2clogin.
I am hoping that the rollback happens soon so that I do not have to hotfix on a friday afternoon!
Thanks for the info! I hope this is the case and MS can address the issue. We can move to b2clogin - but we’d rather do it in a co trolled fashion than a massive rush to paper over MS’s cracks!!!
Appreciate the updates.
@foxyjess1 @xammob @TuroczyX @jondmcelroy B2C should have a fix out by end of day today, will update here if that timelines changes.
also, passing in my own HttpClient helped me get around the “redirecting” page.
documentation on setting this up
Thanks @jennyf19 … MS support have told us not to use the reg hack saying it’s unsafe - so we still have no solution for our users and re-deploying our desktop application using b2clogin.com is at least 2 weeks work… we’re desperate for a resolution…
thanks for the additional information @foxyjess1 and @xammob will update here as we learn more.
@TuroczyX @jondmcelroy With the repro @jondmcelroy sent me today, was able to repro the issue. Looks like the js code in window.location.replace is not executing
Hopefully will have more info for you tomorrow.
@jennyf19 I sent your an email with reproducible code.
I believe the documentation he is referring to is here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/b2clogin. The application page is confusing because there are both reply urls (for webapp) and redirect URIs. The redirect URIs dont let you post URIs with https and they also dont accept non https urls.
@jennyf19 Yes I have tried with both:
.WithB2CAuthority()
and.WithAuthority()
.@jennyf19 I am able to hit that endpoint and view the configuration.
Here is the screenshot of the error i am when clicking the social link to our active directory:
Yes, just the master is not. That used the old “login.microsoftonline.com” which does not work now.
@jennyf19 Its easy to reproduce. Just create a dotnet framework console program. Nuget in Microsoft.Identity.Client 4.3.1. Fill out the variables (tenantid, clientid, policy and scopes) and run the following code:
IF you try to use an OpenID/Social link it will hang.