Microsoft-authentication-library-for-js: loginRedirect() does not work

Created on 13 Mar 2020 · 23Comments · Source: AzureAD/microsoft-authentication-library-for-js

Library

[ ] @azure/[email protected]

Framework

angular v8

Description

loginRedirect() does not return to msal: loginSuccess() and the user does not get logged in.

Expected behavior

It should logs in the user.

Browsers

It does not work in all the browser.

msal-angular question

Source

satish1597

👍2

All 23 comments

@satish1597 Can you please provide more information? Is this under all circumstances? What is your configuration? Are you calling handleRedirectCallback? Are you receiving any errors?

jasonnutter on 13 Mar 2020

@jasonnutter

This is my configuration:

MsalModule.forRoot({ auth: { clientId: '<client-id>', validateAuthority: false, redirectUri: 'https://localhost:44316/', postLogoutRedirectUri: 'https://localhost:44316/', navigateToLoginRequestUrl: true, }, cache: { cacheLocation: 'localStorage', storeAuthStateInCookie: isIE, // set to true for IE 11 }, system: { tokenRenewalOffsetSeconds: 120, } }, { popUp: false; unprotectedResources: ['https://www.microsoft.com/en-us/'], extraQueryParameters: {} })
This is my handleRedirectCallback()

this.authService.handleRedirectCallback((authError, response) => { if (authError) { console.error('Redirect Error: ', authError.errorMessage); return; } console.log('Redirect Success: ', response.accessToken); });

My issue is that when I call loginRedirect() function, it redirects me to the sign in page of the tenant. But after I fill my details and click on Sign in it does not get redirected to the msal: loginSuccess() broadcast service.

It does not show any error in the console as well.

satish1597 on 19 Mar 2020

👍1

I have the same problem, if i use loginPopup(), everything works fine, I get all the log and the authError is populated.
But if I use loginRedirect(), the authError object is empty and the logger is never called.

Just use the last angular-9 sample and change popUp option to false.

BenjaminBorlet on 22 Mar 2020

I'm encountering this issue only in Edge. The page is not redirected to the login page but handleRedirectCallback returns "Redirect success" with redirectResponse property values either null or or empty.

jasperin on 23 Mar 2020

This issue is related to a bug in the core library module "msal-core". If you look at handleRedirectCallback method in the UserAgentApplication class, there's a quick validation that's being done:

const cachedHash = this.cacheStorage.getItem(TemporaryCacheKeys.URL_HASH);
if (cachedHash) {
this.processCallBack(cachedHash, null);
}

I've spent hours trying to get a workaround to this issue. I found that this value is getting set in a number of places. If you look at the app local storage the keys are there. Unfortunately, the value for these keys are empty strings which makes the condition above false.

I say keys because you'll find two:
msal.urlHash
msal.{CLIENT_ID}.urlHash

Thanks,
Isaac

ikemtz on 24 Mar 2020

We made some fixes to handleRedirectCallback that will be available in the next version of MSAL, which I think may fix these issues.

One things I did notice is that this part of the sample:

    this.authService.handleRedirectCallback((authError, response) => {
      if (authError) {
        console.error('Redirect Error: ', authError.errorMessage);
        return;
      }

      console.log('Redirect Success: ', response.accessToken);
    });

Should be:

    this.authService.handleRedirectCallback((authError, response) => {
      if (authError) {
        console.error('Redirect Error: ', authError.errorMessage);
        return;
      }

      // Response could be an ID token (after loginRedirect operations)
      // or an access token (after acquireTokenRedirect operations)
      console.log('Redirect Success: ', response);
    });

I'll get that fixed in the samples.

jasonnutter on 26 Mar 2020

👍1

@jasonnutter When will be the next version available?

satish1597 on 27 Mar 2020

👍1

@satish1597 Soon, at least in beta (potentially this week). I'll post here when its available.

jasonnutter on 31 Mar 2020

@jasonnutter I'm encountering the same issue-- I've validated my authority url's multiple times, and when I call loginRedirect I am getting this error:

Error: could not resolve endpoints. Please check network and try again.

And I am also getting this response object with empty values inside of handleRedirectCallback:

uniqueId: ""
tenantId: ""
tokenType: ""
idToken: null
accessToken: ""
scopes: null
expiresOn: null
account: null
accountState: undefined

Will the update potentially resolve this issue?

roneesh on 2 Apr 2020

@roneesh Can you try [email protected] and let me know if you still get the error?

jasonnutter on 6 Apr 2020

@jasonnutter My issue was resolved by adding validateAuthority: false to my config, so all good on my end. Thanks to you and the rest of the team for being so responsive.

roneesh on 7 Apr 2020

@jasonnutter Is [email protected] out? I updated the latest version and [email protected] got installed.

satish1597 on 7 Apr 2020

@satish1597 Sorry, yes I meant beta.0.

jasonnutter on 7 Apr 2020

@satish1597 Following up. Did [email protected] fix your issue? beta.1 has also been released since the last update. Let us know if this can be closed. Thanks

tnorling on 21 Apr 2020

@tnorling No I am still facing the same issue. There is nothing getting logged on console. And after the redirect from tenant, it is not receiving any token.

satish1597 on 21 Apr 2020

@BenjaminBorlet Is your issue solved by this update?

satish1597 on 21 Apr 2020

I'll look into this ASAP and come back to you

BenjaminBorlet on 21 Apr 2020

@satish1597 Can you check your network requests and see if the response token is being returned in the hash on redirect? Also do you see the token being cached in local storage?

If you're able to reproduce this using one of our samples and/or provide logs, network traces, etc. we can better assist you in debugging this.

tnorling on 24 Apr 2020

@tnorling
I tried with the sample app. It is running fine there. So I don't know if the issue is something in my code or not. Because I had used the same sample code in my code as well but it is not working properly. I checked the local storage and token is being saved there and it gets cleared as soon as it is stored. With the network I found out that for the authresp I am recieving 302 status code.

satish1597 on 27 Apr 2020

@satish1597 Were you able to solve your issue? If it's running fine with the sample app then it likely isn't an issue with msal. Also [email protected] was released a few days ago and contains a fix for a token caching bug we found. May be worth a shot. If you can provide a link to a repo containing a reproduction of this behavior we can investigate.

tnorling on 30 Apr 2020

@tnorling My code is in the repo at https://github.com/satish1597/msal The problem is still there with the latest version of msal I have used. Login by popup works completely fine for me but login by Redirect does not work still.

satish1597 on 1 May 2020

@satish1597 It looks like you are calling handleRedirectCallback and subscribing to the msal:loginSuccess broadcast in your profile component but this component is never being used. Setting the redirectUri: http://localhost:4200/profile seemed to fix this. Keep in mind that whatever page you return to after redirection must initialize msal in order to save the token. You can then call handleRedirectCallback or subscribe to msal:loginSuccess to continue your app flow.

tnorling on 1 May 2020

@tnorling Thank you for your help. It is working now fine for me. Really appreciate the help you provided. Thanks once again.

satish1597 on 2 May 2020

Was this page helpful?

0 / 5 - 0 ratings