[Bug] Auth Redirect failure in ADAL on iOS
Deloyuri opened this issue · 17 comments
Logs and Network traces
network trace contains sensitive data and was submitted through support ticket
Which Version of MSAL are you using ?
ADAL .NET v3.19.8
Platform
xamarin iOS: 14.4.2 and 14.5
What authentication flow has the issue?
- Desktop / Mobile
- Interactive
- Integrated Windows Auth
- Username Password
- Device code flow (browserless)
- Web App
- Authorization code
- OBO
- Daemon App
- Service to Service calls
Other? - please describe;
- Authorization Code
Is this a new or existing app?
b. The app is in production, I haven't upgraded MSAL, but started seeing this issue
Repro
Able to reproduce on several devices with iOS Beta 14.5 (one 14.4.2), and any apps using ADAL 3.19.8 to authenticate.
Expected behavior
After entering password on company IDP in the webview of the app, I should be redirected back to the native app.
Actual behavior
I see a screen that says "Object moved to here". The link is as follows (app registration configured with reply URL for native app).
https://login.microsoftonline.com/urn%3aietf%3awg%3aoauth%3a2.0%3aoob%3fcode%3d0.ASYA8UXaNizdH02vE1q-RrmZIe37.......hDhXDof9-Guni2eluEYp85IAA%26session_state%3d312c6e64-1d4a-4310-8df4-9b56de6f
Possible Solution
Additional context/ Logs / Screenshots
This is an issue happening on ADAL.NET. I transferred it to the ADAL.NET repo.
@bgavrilMS @trwalke @jennyf19 @pmaytak : do we have a way of trying if MSAL.NET is also affected?
Which new issue, @Deloyuri : this is the same (just transferred from one repo to another)
@Deloyuri i understand.
Which xamarin version are you on?
You can pass in an HttpClientFactory for iOS...can you try passing in one that uses the managed handler, which doesn't care about the app going into the background and see if that one works? You would do something like this for the iOS factory:
Providing an HttpClient · https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Providing-an-HttpClient
@Deloyuri i would suggest passing in the HttpClient, as the solution. It shouldn't be a huge change in your code, do you have a test environment where you can try it?
and which version of Xamarin is being used?
@jennyf19 - note that injecting an HttpClient was implemented sometime in ADAL 5.x, pretty sure it isn't possible in ADAL 3.x. Why would a custom HttpClient fix this issue? Are you thinking about the recent Xamarin SDK bug?
@bgavrilMS i would like to see if the managed httpclient is not working as well, either netcore/mono has the issue.
@Deloyuri, as @bgavrilMS mentioned, you would need to move to latest ADAL version first.
recent Xamarin SDK bug
it wasn't a bug in Xamarin, it was a bug in the customer code.
you guys lost me a bit. As @bgavrilMS mentioned, the version of ADAL we have doesn't allow for swapping out HttpClient. Has anyone on your team been able to reproduce this? I'd suggest trying with the same version of ADAL as above, and on an iOS 14.5 beta device.
@Deloyuri we can try to repro on the latest version, but not on 3.x. our suggestion would be to use the HttpClient, as I mentioned above. Or move to MSAL.NET
Please let me know what you see when you try to reproduce with ADAL and iOS 14.5 beta.
@Deloyuri - just to set expectations, we do support ADAL 5.x but not ADAL 3.x. Each major version of the library has 1 year support from the team. We are not setup to repro ADAL 3.x bugs, we always ask developers to upgrade (ideally to MSAL, as making changes in ADAL is unlikely).
Ok, got it. Are you able to reproduce with ADAL 5.x?
@Deloyuri can you try updating to Xamarin iOS 14.14 and see if the issue repros there? There is an issue in mono, so you can either update the Xamarin iOS version to 14.14 or try passing in your own HttpClient, or updating to MSAL. Probably the move to 14.14 is least invasive to your app.