-
Notifications
You must be signed in to change notification settings - Fork 339
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] "Back" button appears in MSAL.net (which was not appearing in ADAL.net) #4738
Comments
This is a service problem, SDK does not control UI |
@bgavrilMS it does seem odd, however, that the behavior would be different between ADAL and MSAL in UI rendering (even if it's not the library that controls the UI). Let me reach out to service folks and see if we can get some clarity here. |
ADAL talks to v1 endpoint and MSAL talks to v2. It could be the different out-of-the-box behaviors of the two endpoints. Just a hypothesis, though. I did not try it myself. :-) |
@smohanty05 - let's take a look at the HTTP requests that are issued by ADAL and one issued by MSAL. Can you please post those here (without authenticating/providing credentials). I want to see if there is a good way for us to see the delta between what ADAL does vs. what MSAL does. You can use a tool like Fiddler on Windows to get this data. |
@localden , please find the Fiddler result for ADAL and MSAL. |
@smohanty05 I only see the Same as last time - please don't enter any creds 😀 |
@smohanty05 appreciate the context, we are investigating. |
@smohanty05 , can you apply the same change as in #4836 and see if it can resolve the issue? |
@fengga , the issue is resolved with WithExtraQueryParameters("haschrome=1"). Thanks a lot! So, should we use this in our code wherever we use WithPrompt or this fix would be part of MSAL.net goods? |
That PR was merged. Before the next release I think you can just use _WithExtraQueryParameters("haschrome=1") on your side. |
Thank you @fengga! |
#4836 For ADAL fix was done though, ref. is AzureAD/azure-activedirectory-library-for-objc#632. |
Library version used
Microsoft.Identity.Client 4.60.3
.NET version
.net framework 4.8
Scenario
PublicClient - desktop app
Is this a new or an existing app?
The app is in production, I haven't upgraded MSAL, but started seeing this issue
Issue description and reproduction steps
I am migrating from ADAL.net to MSAL.net
From desktop app username is sent to the method which acquires token.
publicClient = PublicClientApplicationBuilder.Create(clientId) .WithAuthority(authority) .WithRedirectUri(redirectUri.ToString()) .Build(); FileCache.EnableSerialization(publicClient.UserTokenCache); var accounts = await publicClient.GetAccountsAsync(); AuthenticationResult result = null; try { result = await publicClient.AcquireTokenSilent(scopes, accounts.FirstOrDefault()) .ExecuteAsync(); if (!string.IsNullOrEmpty(userName) && !result.Account.Username.Equals(userName + "@" + tenant, StringComparison.InvariantCultureIgnoreCase)) throw new MsalUiRequiredException(MsalError.MultipleTokensMatchedError, "Multiple tokens matched"); } catch (MsalUiRequiredException ex) { if (ex.ErrorCode == MsalError.MultipleTokensMatchedError) { // clear the cache ClearCache(); } if (string.IsNullOrEmpty(userName)) result = await publicClient.AcquireTokenInteractive(scopes) .WithPrompt(Prompt.ForceLogin) .ExecuteAsync(); else result = await publicClient.AcquireTokenInteractive(scopes) .WithPrompt(Prompt.ForceLogin) .WithLoginHint(userName + "@" + tenant) .ExecuteAsync();
AcquireTokenInteractive showing the dialog box with "Back" button when username provided to the method is an invalid user. But there is no use of Back button here. Clicking on it causes User Authentication Cancelled exception.
In ADAL.net, the old code was as below:
authContext = new AuthenticationContext(authority, new FileCache()); AuthenticationResult result = null; try { result = await authContext.AcquireTokenSilentAsync(resourceId, clientId); if (!string.IsNullOrEmpty(userName) && !result.UserInfo.DisplayableId.Equals(userName + "@" + tenant, StringComparison.InvariantCultureIgnoreCase)) { throw new AdalException(AdalError.MultipleTokensMatched); } } catch (AdalException ex) { if (ex.ErrorCode == AdalError.UserInteractionRequired || ex.ErrorCode == AdalError.FailedToAcquireTokenSilently || ex.ErrorCode == AdalError.MultipleTokensMatched) { if(ex.ErrorCode == AdalError.MultipleTokensMatched) { if (authContext != null) authContext.TokenCache.Clear(); } if (string.IsNullOrEmpty(userName)) { result = await authContext.AcquireTokenAsync(resourceId, clientId, redirectUri, new PlatformParameters(PromptBehavior.Always)); } else { result = await authContext.AcquireTokenAsync(resourceId, clientId, redirectUri, new PlatformParameters(PromptBehavior.Always), new UserIdentifier(userName + "@" + tenant, UserIdentifierType.RequiredDisplayableId)); } } }
I have attached screenshots from both MSAL.net and ADAL.net below.
MSAL.net=>
ADAL.net=>
Users will consider this as regression after migration from ADAL.net to MSAL.net.
Is there a way to remove/hide the Back button?
Relevant code snippets
No response
Expected behavior
Back button should not be shown in this case as there is no use of it (in the scenario described).
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
No response
The text was updated successfully, but these errors were encountered: