-
Notifications
You must be signed in to change notification settings - Fork 339
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] HTTP Telemetry sends invalid data through HTTP Headers, causing MSAL to crash #1881
Comments
Looks like smth wrong with the headers. Anyway you can get hold of a network trace (Fiddler would be great) to inspect the headers? |
here it is |
@ssahon The fiddler trace does not seem to indicate the problem. Did you look at https://github.com/Azure-Samples/active-directory-b2c-dotnet-desktop/blob/133a352aed5ea9c30cf039ec88785c109c385b69/active-directory-b2c-wpf/MainWindow.xaml.cs#L43 where the sample is handling reset password. I was able to use the sample to reset password. |
Please provide more info and reopen @ssahon |
I have same issue.
What authentication flow has the issue?
My code is almost same as sample code.
Signin flow has no exception. After password was changed, we also gets FormatException with same message in Singin flow. Thank you. |
@akiratoda - do you have the exception stack trace and a Fiddler or some network trace? |
@bgavrilMS |
Thanks for the details @akiratoda (and very cool that you're using ICustomWebUi succesfully). I can't figure out which header value is causing this problem. The code is here: microsoft-authentication-library-for-dotnet/src/client/Microsoft.Identity.Client/Http/HttpManager.cs Line 87 in 5a61d0c
Would you be able to debug into MSAL and observe which header value is the culprit? We use SourceLink.GitHub so you should be able to debug into MSAL directly (e.g. disable "Just My Code" in VS) without having to clone the repo and build MSAL yourself. |
Very cool, that's a bug in MSAL (I updated the title), thanks. |
Is this the "next gen" password reset policy which is in preview? That error code is wrong, error codes are short, like "access_denied" or "invalid_grant". I'll sanitize this string so that it can go in the header, but we need to talk to B2C team to fix this error code. Since the flow is in preview, I expect them to change it. You should not depend on this string. |
I do not think so, I used b2c custom policy with almost no modifications, I do not think that I can control those error messages. |
No, you can't control these messages. There's a new userflow for reset password which I think is has a few issues, see AzureAD/microsoft-identity-web#729 (comment) |
no, I do not use this standard user flows. I use xml based custom b2c policies. https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-overview |
I have a fix, but I will also talk to B2C team to see if we can get that error code changed. I'll update the thread either way, but the fix will anyway be shipped with MSAL 4.23, probably end of week next week. |
We're still trying to track down why that error code is a full blown sentence. @akiratoda @ssahon - would it be possible to capture the authorization URI ? It looks like this: http[s]://<your_redirect_uri>/#error=access_denied&error_description=AADB2C90118%3a+The+user+has+forgotten+their+password.%0d%0aCorrelation+ID%3a+ac553bd9-2031-4a50-9b39-f638a7cc06de%0d%0aTimestamp%3a+2020-11-19+22%3a33%3a19Z%0d%0a It is when the browser finishes the flow. The current stack trace does not have it. |
from fiddler: this url is used before the error. in my case it shows UI to verify email, then UI to assign new password only after changing password I see the error |
Interesting. And the MsalException in your first screenshot shows the ErrorCode as being "The user has forggoten their password..."? |
new fiddler traces. As you can see there additional requests after your url |
ok it fixed http header issue but now I have error "no account or login hint was passed" after reset password while calling AcquireTokenSilent I checked claims after signin and after reset password they look the same should I create new bug? |
Which Version of MSAL are you using ?
Microsoft.Identity.Client 4.14.0
Platform
.net core 3.1 wpf
What authentication flow has the issue?
Interactive
Is this a new or existing app?
c. This is a new app or experiment
Repro
I've updated microsoft sample sample to work with b2c in .net core wpf application.
there was no reset password implementation so I added this functionality. It basically checks error code during signin and runs reset policy.
If I run reset flow I have weird error at the end related to http header processing
the only workaround to clean up publicClientApplication and signIn again
The text was updated successfully, but these errors were encountered: