Infinite loop when trying to login to website from iOS 12 #1329
Comments
|
@daemnin : do you see this any iOS version? or only iOS 12? |
|
@jasoncoolmax I've only test this on devices with iOS 12, But it seems strange since we have another website using the same AAD with similar configurations but running on .NET Core 1.1 and an older version of adal and that website has no issues |
|
@jmprieur after reading though the comments in the link you posted, it seems that is the same bug but the workaround posted there isn't working for me. It is not giving me a Principal in the AuthorizationCodeReceivedContext |
|
@henrik-me : another iOS12 ... |
jmprieur
changed the title
jmprieur
changed the title
|
@daemnin The asp.net team has issued this security advisory https://github.com/aspnet/Security/issues/1864 I'm closing this issue, as it is external to the library. cc: @jmprieur @henrik-me |
Which Version of ADAL are you using ?
ADAL 3.19.8
Which platform has the issue?
.NET Core 2.1
What authentication flow has the issue?
Repro
Minimal repository
Expected behavior
The user can use his/her credentials to access the website and then retrive an access token for an API call.
Actual behavior
When an iOS user enters his/hers credentials and click the Login button it redirects to the website (as expected) but then the website redirects again to login.microsoftonline.com and keeps doing this back and forwards leaving the user in an infinite loop. If the user stops the browser and try to access the website's url again, it will load the correctly with the session started.
This happens only on iOS. It works on Mac OS, Windows and Android. The site where this was implemented was working correctly a few weeks back.
Possible Solution
I think it's related to how iOS handles the cookies but I'm not sure.
The text was updated successfully, but these errors were encountered: