microsoft-authentication-library-for-js: Msal Intermittently returning null in redirect uri on IE/Edge/Safari

Hi,

I understand that this is a known issue as per the library wiki, however, Safari (MacOS X/iOS) appears to also be impacted by this issue.

Tested browsers:

IE 11.1155.15063.0
Edge 40.15063.674.0
Safari 11.1.2 (MacOS X High Sierra 10.13.6)
Safari (iOS 11.4.1)

Our solution:

React v16.4.1 (via create-react-app)
Msal v0.1.7
Utilizing sessionStorage (we are unable to utilize localStorage due to our applications use case. Note that we also experience the same issue on localStorage)
Using the loginRedirect method

As per https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/330#issuecomment-403889919, adding navigateToLoginRedirectUri: false to the UserAgentApplication options appears to somewhat alleviate this issue on IE/Safari but not on Edge.

However, we are seeing mixed and intermittent results when testing between a normal browser session and private/incognito session for our tests browsers. i.e. Working on normal session Safari but not on private session.

As we are releasing a public facing website, we cannot be asking our end-users to be adding the websites domain to their ‘trusted website’ lists in order for msal authentication to function as intended.

If a work-around for this issue will not be ready within the upcoming months, please advise a suitable alternative for AADB2C integration. (perhaps hello.js?)

Thanks

About this issue

Original URL
State: closed
Created 6 years ago
Reactions: 6
Comments: 30 (9 by maintainers)

Links to this issue

azure - navigateToLoginRequestUrl in MSAL Config is ignored in Microsoft Edge browser - Stack Overflow

Most upvoted comments

This issue is not fixed. I am using version 0.2.4 and need to support Chrome, IE11, Firefox and Edge. I am testing all changes I make with a new InPrivate browsing session after every change.

Using loginPopup, Chrome is the only browser that works 100% of the time. Firefox and IE11 require a refresh after logging in to acquire the access token. Edge always redirects to the /null in the popup.

Switching over to use loginRedirect, Edge still always redirects to /null

Adding the storeAuthStateInCookie property and setting to true no longer redirects to /null. However no id token is set in local storage. This is the same for both loginRedirect and loginPopup.

@nehaagrawal can you reopen this issue to reflect this. I will continue to update this comment as I investigate in detail.

Looking into the the Microsoft docs to see how they suggest handling IE and Edge doesn’t provide any answers.

Spent some more time looking at this. I can get the id token from the redirect. Following this I then try to get the access token on redirect. Coming back from the redirect for the access token the UserAgentApplication then crashes on setup as there is no id token.

With the logger attached:

logged: Thu, 31 Jan 2019 15:22:05 GMT:0.2.4-Info Processing the callback from redirect response eval code (2327) (28,5)

logged: Thu, 31 Jan 2019 15:22:05 GMT:0.2.4-Info State status:true; Request type:RENEW_TOKEN eval code (2327) (28,5)

logged: Thu, 31 Jan 2019 15:22:05 GMT:0.2.4-Info State is right eval code (2327) (28,5)

logged: Thu, 31 Jan 2019 15:22:05 GMT:0.2.4-Info Fragment has access token eval code (2327) (28,5)

SCRIPT5022: null or empty raw idtoken IdToken.js (32,1)

MarcusPenn on Jan 31, 2019

@nehaagrawal Thanks for the quick response. We would need to understand a timeline for this fix please, as we are smack dab in the middle of a SDLC programme which is dependent on this. We are happy to get into Private previews if those allow us to test out the fix. An update will be appreciated.

sayanghosh123 on Jul 18, 2018

My app which is about to launch to production is currently in pilot, but a few customers are reporting on Edge this is still occurring, where the site is attempting to redirect to [sitename].com/null. This is a blocker for our site to release at the moment… Doesn’t seem like this issue should be closed unless it’s being tracked somewhere else.

AndrewCraswell on Oct 9, 2019

@darrelmiller You’re confusion is not unfounded. I was looking at the PR on mobile yesterday and was confused as to why I saw he was passing in the flag, then he wasn’t, and then he was again. As far as I could tell, this was the only thing blocking IE and Edge from working. You can get IE working if you have the dev console opened. Maybe a tester had their console open?

Thank you @rohitnarula7176 for the fix!

bh3605 on Oct 12, 2018

@bh3605 Which library have you converted to (presumably hello.js?) and how have your experiences been with it so far?

adamtay on Oct 11, 2018

Also ran into this issue tonight in Firefox 61 (Windows 10).

jburman on Jul 24, 2018

@adamtay We are currently working on a fix for this issue and we are planing to release it in our future release.

nehaagrawal on Jul 18, 2018