Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] When using google IDP with B2C, login prompt fails #1561

Closed
1 task done
westleyMS opened this issue Jan 7, 2020 · 6 comments
Closed
1 task done

[Bug] When using google IDP with B2C, login prompt fails #1561

westleyMS opened this issue Jan 7, 2020 · 6 comments

Comments

@westleyMS
Copy link

westleyMS commented Jan 7, 2020

Which Version of MSAL are you using ?
MSAL 4.7.1

Platform
Net 4.5

What authentication flow has the issue?

  • Desktop / Mobile
    • Interactive

Is this a new or existing app?
New

Repro

    static async Task<AuthenticationResult> getToken()
    {
        string[] scopes = new string[] { "user.read" };
        
        var app = PublicClientApplicationBuilder.Create(clientId).WithTenantId("tenantName.onmicrosoft.com").WithRedirectUri("revoke://dummy").Build();
        var accounts = await app.GetAccountsAsync();
        AuthenticationResult result;
        try
        {
            result = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
                        .ExecuteAsync();
        }
        catch (MsalUiRequiredException)
        {
            result = await app.AcquireTokenInteractive(scopes)
                        .ExecuteAsync();
        }

        return result;
    }

Expected behavior
A token to be returned

Actual behavior
during logon, microsoft logon site redirects to google idp login, and shows the email, then when hitting 'next' we get an error about google not trusting the browser. Not sure why it doesn't trust it, it is the webbrowser control. Here is the error-
"This browser or app may not be secure.

Try using a different browser. If you’re already using a supported browser, you can refresh your screen and try again to sign in."

Possible Solution
We just need to find what kind of check the IDP is doing on the browser control that stops the login.

Additional context/ Logs / Screenshots
This all works fine if the user is from my AAD. Only Google IDP users fail.

@jmprieur
Copy link
Contributor

jmprieur commented Jan 7, 2020

@westleyMS : can you please share with me (internally is fine) how to configure the tenant to enable the Google IdP? I'm supposing here (from the code) that this is not a B2C scenario?

About the error, I think that Google probably wants you to use a system browser, instead of the embedded browser.
See https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-web-browsers#system-browser-experience-on-net-core
You'll also need to register http://localhost as a reply URI for your app

@westleyMS
Copy link
Author

@jmprieur
Copy link
Contributor

jmprieur commented Jan 8, 2020

Then if this is B2C, @westleyMS, you need to use a B2C authority ( .WithB2CAuthority).
Please have a look to https://github.com/Azure-Samples/active-directory-b2c-dotnet-desktop for instance. There are some subtleties for B2C.

See also https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/AAD-B2C-specifics

@jennyf19 jennyf19 changed the title [Bug] When using google IDP with AAD, login prompt fails [Bug] When using google IDP with B2C, login prompt fails Jan 9, 2020
@jennyf19
Copy link
Collaborator

@westleyMS are you still having issues with this?

@jmprieur
Copy link
Contributor

jmprieur commented Apr 7, 2020

Closing as this was answered

@jmprieur jmprieur closed this as completed Apr 7, 2020
@westleyMS
Copy link
Author

Thanks for your help @jmprieur it was an issue with google requiring using a system browser and not the web browser control.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants