Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication failure in safari browser(version- 13.3) and ios mobile devices (version 13.4.1)) #1694

Closed
divya2603 opened this issue May 22, 2020 · 2 comments
Closed

Authentication failure in safari browser(version- 13.3) and ios mobile devices (version 13.4.1)) #1694

divya2603 opened this issue May 22, 2020 · 2 comments
Labels
bug A problem that needs to be fixed for the feature to function as intended. known-issue Issue is already known and is either being investigated or is already fixed.

Comments

@divya2603
Copy link

Library

  • msal@1.3.0

Framework

React v16

Description

It is a single-tenant application. The incoming user is authenticated using msal.js. If the user exists in AD, they can access our application.

Security

Is this issue security related? NO

Regression

Did this behavior work before? NO

Configuration

const authContext = new UserAgentApplication({
auth: {
clientId: clientId,
authority: https://login.microsoftonline.com/${tenantId},
postLogoutRedirectUri: window.location.origin,
redirectUri: window.location.origin
},
cache: {
cacheLocation: "localStorage",
storeAuthStateInCookie: true
}
});

Reproduction steps

When the code is executed in Safari browser(version 13.1), acquireTokenSilent throws the following error:
ClientAuthError: URL navigated to is https://login.microsoftonline.com//oauth2/v2.0/authorize?response_type=token&scope=openid%20profile%20User.Read&client_id=<client_id>&redirect_uri=<redirect_uri>&state=&nonce=< ### >&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.0&client-request-id=<request_id>&prompt=none&response_mode=fragment, Token renewal operation failed due to timeout.

Expected behavior

The user should be authenticated successfully in safari browser as well.

Browsers

This is a browser specific behaviour. The authentication call fails only in Safari (version 13.1) and mobile iOS devices (version- 13.4.1). It works perfectly in all other browsers.
@divya2603 divya2603 added the bug A problem that needs to be fixed for the feature to function as intended. label May 22, 2020
@tnorling
Copy link
Collaborator

tnorling commented May 22, 2020
edited
Loading

@divya2603 Unfortunately due to Safari blocking third party cookies, acquireTokenSilent is expected not to work. As a workaround you can either enable third party cookies or call acquireTokenRedirect or acquireTokenPopup. You can read more about this issue here

Additionally, we have a new version of msal, known as msal@2.0 or msal-browser, which is currently in Public Preview that implements the Auth Code flow which solves this problem by using refresh tokens instead of acquiring tokens using a hidden iframe. You can read more about how this solves the problem here

Also see issue #1000

@tnorling tnorling added the known-issue Issue is already known and is either being investigated or is already fixed. label May 22, 2020
@tnorling
Copy link
Collaborator

Closing as this is expected behavior in msal 1.x. Let us know if you have any further questions. Thanks!

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 1, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug A problem that needs to be fixed for the feature to function as intended. known-issue Issue is already known and is either being investigated or is already fixed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tnorling @divya2603