Remembered Users list is not displayed in UWP on authentication
Closed this issue · 13 comments
Which Version of ADAL are you using ?
ADAL 4.5.1
Which platform has the issue?
UWP, xamarin iOS
What authentication flow has the issue?
- Desktop / Mobile
- Interactive
- Integrated Windows Auth
- Username Password
- Device code flow (browserless)
- Web App
- Authorization code
- OBO
- Web API
- OBO
Other? - please describe;
Is this a new or existing app?
This is a new app but ready to go in production
Repro
This is a code to sign out the user on UWP.
AuthenticationContext authContext = new AuthenticationContext($"{tenantUrl}/{tenantId}");
authContext.TokenCache.Clear();
Windows.Web.Http.Filters.HttpBaseProtocolFilter myFilter = new Windows.Web.Http.Filters.HttpBaseProtocolFilter();
var cookieManager = myFilter.CookieManager;
var cookieUri = new System.Uri(tenantUrl);
HttpCookieCollection myCookieJar = cookieManager.GetCookies(cookieUri);
foreach (HttpCookie cookie in myCookieJar)
{
cookieManager.DeleteCookie(cookie);
}
Expected behavior
If you are using ADAL on UWP to authenticate your user and successfully authenticated to your application and signed out from application and after some time if you try to login on same device and application then it should show last remembered user(s) email list who logged in earlier on same device and application to proceed for authentication with them and should ask password only or alternatively you can login with new account.
Actual behavior
In UWP if you logged in and signed out from same device and application and try to login again on same device and application after sometime then it is not showing the remembered user list to choose from it and always ask for email and password for authentication flow.
Same thing is working fine for Xamarin.iOS where as its not working for UWP even though its Windows tablet/desktop running with edge browser.
Possible Solution
Additional context/ Logs / Screenshots
This is the window which is missing on UWP. This windows appears to show last logged out users to proceed authentication by selecting one of them
@Arslan007 Any chance you can update to latest version ADAL v5.0.2-preview? Would be nice to see if it can repo there as well.
@jennyf19 Just tried updating to latest preview of ADAL v5.0.2-preview and also tried with combination of updating to ADAL and MSAL to latest preview packages but same issue exist.
@Arslan007 Can you provide the exact repro steps? and just to clarify, you got the same behavior w/MSAL?
@jennyf19 I can send two different videos from iOS and UWP showing the behavior on two differant platforms but how I can send you securely/privately ?
Just for adding more info from logs that what I am seeing on logout action.
Exception thrown: 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalSilentTokenAcquisitionException' in System.Private.CoreLib.dll
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalSilentTokenAcquisitionException: Failed to acquire token silently as no token was found in the cache. Call method AcquireToken
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenSilentHandler.SendTokenRequestAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.CheckAndAcquireTokenUsingBrokerAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.RunAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenSilentCommonAsync(String resource, ClientKey clientKey, UserIdentifier userId, IPlatformParameters parameters)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenSilentAsync(String resource, String clientId, UserIdentifier userId)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenSilentAsync(String resource, String clientId)
at XApp.UI.UWP.Services.Authenticator.AuthenticateUri(Uri uri, String applicationId, String resourceId, AuthenticationContext authContext, PlatformParameters parameters)
ErrorCode: failed_to_acquire_token_silently
Exception thrown: 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException' in System.Private.CoreLib.dll
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException: authentication_ui_failed: The browser based authentication dialog failed to complete ---> System.Exception: The process terminated unexpectedly. (Exception from HRESULT: 0x8007042B)
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Platform.WebUI.<>c__DisplayClass4_0.<<AcquireAuthorizationAsync>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Platform.DispatcherTaskExtensions.<>c__DisplayClass0_0`1.<<RunTaskAsync>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Platform.DispatcherTaskExtensions.RunTaskAsync[T](CoreDispatcher dispatcher, Func`1 func, CoreDispatcherPriority priority)
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Platform.WebUI.AcquireAuthorizationAsync(Uri authorizationUri, Uri redirectUri, RequestContext requestContext)
--- End of inner exception stack trace ---
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Platform.WebUI.AcquireAuthorizationAsync(Uri authorizationUri, Uri redirectUri, RequestContext requestContext)
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenInteractiveHandler.AcquireAuthorizationAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenInteractiveHandler.PreTokenRequestAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.RunAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenCommonAsync(String resource, String clientId, Uri redirectUri, IPlatformParameters parameters, UserIdentifier userId, String extraQueryParameters, String claims, SynchronizationContext synchronizationContext)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenAsync(String resource, String clientId, Uri redirectUri, IPlatformParameters parameters)
at XApp.UI.UWP.Services.Authenticator.AuthenticateUri(Uri uri, String applicationId, String resourceId, AuthenticationContext authContext, PlatformParameters parameters)
ErrorCode: authentication_ui_failed
Exception thrown: 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException' in System.Private.CoreLib.dll
Exception thrown: 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException' in System.Private.CoreLib.dll
Exception thrown: 'Microsoft.IdentityModel.Clients.ActiveDirectory.AdalSilentTokenAcquisitionException' in System.Private.CoreLib.dll
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalSilentTokenAcquisitionException: Failed to acquire token silently as no token was found in the cache. Call method AcquireToken
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenSilentHandler.SendTokenRequestAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.CheckAndAcquireTokenUsingBrokerAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.RunAsync()
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenSilentCommonAsync(String resource, ClientKey clientKey, UserIdentifier userId, IPlatformParameters parameters)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenSilentAsync(String resource, String clientId, UserIdentifier userId)
at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireTokenSilentAsync(String resource, String clientId)
at XApp.UI.UWP.Services.Authenticator.AuthenticateUri(Uri uri, String applicationId, String resourceId, AuthenticationContext authContext, PlatformParameters parameters)
ErrorCode: failed_to_acquire_token_silently
@Arslan007 you can email info you want - jeferrie@microsoft.com
Steps to reproduce are pretty simple.
1- Authenticate with Azure AD from any UWP app which is using ADAL by providing email/password
2- Logout your user from that UWP app.
3- Try to login again from same UWP app. It should show list of remembered user as I have shown in attached image in original bug post.
P.S: While writing this I just saw you replied with your email. Sending you email as well with attachment
Much appreciated your quick prompt response
@Arslan007 not sure when myself, or someone on the team, will have time to look at this more thoroughly, but know it's on our radar.
@Arslan007 We synced off-line mainly on this, so here is an update, and a small fixed has been merged into dev as well. Will wait for your confirmation before closing.
Add this code to your app:
var x = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
Take the value (something like this: ms-app://s-1-15-2-111638678-219698677-36916742-1909548894-372823757-39941306-27685825/
) and register the value as a redirectUri in the portal for this app.
Then, back in the code,
result = await authContext.AcquireTokenAsync(todoListResourceId, clientId, redirectURI, new PlatformParameters(PromptBehavior.Auto, false));
Instead of passing in the above value (x) as the redirectURI, pass in null. ADAL will set the redirect uri to https://sso
which will route through the WebAuthenticationManager, and you should now see a list of the accounts, like on iOS.
You also might be interested in this documentation as well, especially if having issues on corp net.
@jennyf19 Thanks for the update here as well. I have tested this piece and shared my findings offline to you.
@jennyf19 I can confirm this fixes the issue for device but Not for Simulators. I am going to open new issue for simulator so it can be tracked. Thanks a lot for your support!!
Included in 5.0.3-preview release