-
Notifications
You must be signed in to change notification settings - Fork 344
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AcquireTokenInteractive for AD B2C on .NET Core 3.0 WPF desktop client does not work #1213
Comments
@skanvk15 : @bgavrilMS just told me that he has been engaging with the B2C team, and they don't support it today; |
@jmprieur using http://localhost:* causes a parsing exception "Invalid RedirectURI was received (http://localhost:*) Not parseable into System.Uri class." |
@bgavrilMS has a sample: https://github.com/bgavrilMS/msal-interactive-netcore |
I was able to use the code from the sample, with few minor changes, where it is now working up to the point of launching the browser and getting user name and password. For this to work I had to register the app on the AD B2C tenant with a custom redirect URI (e.g. myappname://auth) which I then use in the creation of PublicClientApplication: public static IPublicClientApplication PublicClientApp { get; } = PublicClientApplicationBuilder.
Create(ClientId).
WithRedirectUri("myappname://auth").
Build(); The problem now is how to setup the TCP listener for the auth code? In the sample it is using http://localhost:port (where port is a free local port). But I cannot use that since the B2C app registration will not take such redirect URI? |
@skanvk15 - indeed, B2C does not allow this redirect uri to be used. We are discussing with them to remove the limitation. Until then unfortunately, I do not see any other workarounds except: a. Do not use .Net Core, use .Net Classic |
@bgavrilMS thanks for the update. Option (a) will not work for my solution, I have many other dependencies with .NET Core. Option (b) seems like the only choice for me. If an implementation in an extension lib can be provided that would be great. |
CC @jennyf19 who may be able to get an update from the B2C team on allowing http://localhost redirect uri @jmprieur @henrik-me - as an alternative, we could investigate MSAL for .Net Core 3 with WinForms support. This will require a bit of fiddling around:
I am mindful however that we may not want to take a dependecy on WinForms from .Net Core 3 and so we might want to provide this functionality as an extension, using |
@bgavrilMS : Thanks for the suggestions. I would like to be mindful of the time we have available for this investigation and ideally not bring something on this until netcore 3 has shipped. Will be happy to take contributions from people on this thread as well as others. |
@bgavrilMS there is no ETA yet, but this work is planned for Q1. Once I get a work item link, I'll forward it to you. |
Hi I would like to register our interest in this problem too. We are developing on dotnet core 3 preview 7 and WPF application. dot net core <3.0.0-preview7-27912-14> |
This work item is not scheduled for now, and we will probably not tackle it until .NET Core 3 is released with a non-preview tag. You can however implement your own, MSAL has an extensibility point that allows you to bring your own browser: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/CustomWebUi |
Hello, |
@cswierczynski-diam We have so far down prioritized providing the solution in the extensibility library as we want to make this feature part of the core library. The best option so far is to use the CustomWebUI approach as outlined by @bgavrilMS . @jennyf19 any updates on the B2C timeline? |
Just an update on this - B2C have now implemented support for http://localhost: so AcquireTokenInteractive will work for the Identity Providers that allow this kind of redirect uri. They will support |
I believe this is now in production. Closing. Please reopen if necessary. |
Which Version of MSAL are you using ?
MSAL 4.0.0
Platform
.NET Core 3.0
What authentication flow has the issue?
Is this a new or existing app?
This is a new app
Repro
Expected behavior
Call to AcquireTokenInteractive should open default browser and prompt user for login credentials. After login should return focus to app.
Actual behavior
AcquireTokenInteractive is throwing an exception:
"Only loopback redirect uri is supported, but urn:ietf:wg:oauth:2.0:oob was found. Configure http://localhost or http://localhost:port both during app registration and when you create the PublicClientApplication object. See https://aka.ms/msal-net-os-browser for details".
Additional context/ Logs / Screenshots
Here is the Azure portal AD B2C tenant app registration screen for native client:
link
On the AD B2C app registration I cannot add custom URI "http://localhost".
So how can a .NET Core Desktop WPF app use interactive login with B2C? Are there any other options and examples?
The text was updated successfully, but these errors were encountered: