Enhancement/error hints #1060
Enhancement/error hints #1060
Conversation
Onokaev
requested review from
adhiambovivian,
ddyett,
ElinorW,
millicentachieng and
thewahome
as code owners
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://jolly-sand-0ac78c710-1060.centralus.azurestaticapps.net |
| Message: `Authentication failed: ${errorCode ? errorCode.replace('_', ' ') : ''}`, | ||
| }); | ||
| Message: `Authentication failed: ${ | ||
| errorCode ? errorCode.replace('_', ' ') : '' |
There was a problem hiding this comment.
This will replace only the first occurrence of the _ character. Try doing it like this
| errorCode ? errorCode.replace('_', ' ') : '' | |
| errorCode ? errorCode.replace(/_/g, ' '): '' |
There was a problem hiding this comment.
Yes. Let me fix that
| const deleteHomeAccountId = () : void => { | ||
| localStorage.removeItem(HOME_ACCOUNT_KEY); | ||
| } |
There was a problem hiding this comment.
This method has already been declared in the modules\authentication\AuthenticationWrapper.ts file as a private method. Changing it to a public function enables access to it from outside of the class
There was a problem hiding this comment.
Okay. Let me fix this also
| <FormattedMessage id={`Signing you ${loginInProgress ? 'in' : 'out'}...`} /> | ||
| </Label>} | ||
| </div>; | ||
| const getErrorAndHint = (errorCode: string): string => { |
There was a problem hiding this comment.
A function should do one thing only. Consider breaking down the functionalities here so that the getErrorAndHint() function gets the error with the hint (if a hint exists) and clearing the cache happens in an appropriately named function that is called elsewhere
There was a problem hiding this comment.
I agree. Let me break it down.
| for(const errorItem of AuthErrorList){ | ||
| if( errorItem.trim() === errorCode.trim() ){ | ||
| return true; | ||
| } | ||
| } | ||
| return false; |
There was a problem hiding this comment.
This could give the same result
| for(const errorItem of AuthErrorList){ | |
| if( errorItem.trim() === errorCode.trim() ){ | |
| return true; | |
| } | |
| } | |
| return false; | |
| return AuthErrorList.includes(errorCode.trim()); |
There was a problem hiding this comment.
Yeah. I've seen it. Shorter and cleaner. Let me fix this also
| @@ -20,6 +20,6 @@ export function getLoginType(): LoginType { | |||
| * -js/blob/9274fac6d100a6300eb2faa4c94aa2431b1ca4b0/lib/msal-browser/src/utils/BrowserUtils.ts#L49 | |||
| */ | |||
| export function getCurrentUri(): string { | |||
| const currentUrl = window.location.href.split('?')[0].split('#')[0]; | |||
| return currentUrl.toLowerCase(); | |||
| const currentUrl = window.location.href.split('?')[0].split('#')[0] + 'blank.html'; | |||
There was a problem hiding this comment.
question: what is the effect of adding the blank.html to the URL?
There was a problem hiding this comment.
We will no longer be getting monitor_window_timeout errors according to the msal documentation. I could use your input on this
| if(this.checkIfAuthResultError(errorCode) && !this.consentingToNewScopes){ | ||
| this.clearCache(); | ||
| this.deleteHomeAccountId(); | ||
| window.sessionStorage.clear(); | ||
| this.eraseInteractionInProgressCookie(); | ||
| const result = await msalApplication.loginPopup(popUpRequest); | ||
| this.storeHomeAccountId(result.account!); | ||
| return result; | ||
| } |
There was a problem hiding this comment.
nitpick: Check the indentation in this section
suggestion: There is a chance for a situation where the user will be in a popup loop since the error doesn't self resolve if the app tries to re-request a login popup. It could be safer to throw the error after clearing the cache since the user will get a hint about what went wrong
There was a problem hiding this comment.
That's a good idea. I missed that. I'll throw the error after clearing the cache.
| window.sessionStorage.clear(); | ||
| } | ||
| } | ||
| return errorCode.replace('_', ' ') + ' ' + translateMessage('Tip') + ': ' + errorMessageHint; |
There was a problem hiding this comment.
This should return the tip message if the error message hint exists
There was a problem hiding this comment.
Let me add a check for that also. Nice observation
| @@ -115,7 +115,7 @@ export function consentToScopes(scopes: string[]): Function { | |||
| dispatch( | |||
| setQueryResponseStatus({ | |||
| statusText: translateMessage('Scope consent failed'), | |||
| status: errorCode, | |||
| status: errorCode + ' ' + translateMessage('Tip') + ': ' + translateMessage('Access to permission denied'), | |||
There was a problem hiding this comment.
question: Is this the only situation that consenting to permissions fails?
There was a problem hiding this comment.
They are two situations. The first one is an authentication error (access_denied) when a user is signing in to GE for the first time : If the user's tenant admin has restricted consent to client applications, they'll get the access denied error (Authentication failed: access_denied)
The second one is when a user is signed in to GE but they cannot consent to certain permissions because the tenant admin has blocked that. For this case, the user gets a 'Scope consent failed: access_denied
Is there a different scenario I have left out?
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://jolly-sand-0ac78c710-1060.centralus.azurestaticapps.net |
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://jolly-sand-0ac78c710-1060.centralus.azurestaticapps.net |
1 similar comment
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://jolly-sand-0ac78c710-1060.centralus.azurestaticapps.net |
package.json
Outdated
| @@ -6,7 +6,7 @@ | |||
| "@azure/msal-browser": "2.12.0", | |||
| "@babel/core": "7.12.13", | |||
| "@babel/eslint-parser": "7.12.13", | |||
| "@fluentui/react": "8.28.0", | |||
| "@fluentui/react": "^8.28.0", | |||
There was a problem hiding this comment.
Let's keep this one at a constant.. So we can remove ^
| @@ -6,4 +6,5 @@ export interface IStatus { | |||
| status: number; | |||
| statusText: string; | |||
| duration?: number; | |||
| hint?: string; | |||
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://jolly-sand-0ac78c710-1060.centralus.azurestaticapps.net |
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://jolly-sand-0ac78c710-1060.centralus.azurestaticapps.net |
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://jolly-sand-0ac78c710-1060.centralus.azurestaticapps.net |
|
Azure Static Web Apps: Your stage site is ready! Visit it here: https://jolly-sand-0ac78c710-1060.centralus.azurestaticapps.net |
* Feature: Highlights the previously selected query (#1006) * Task: upgrade packages flagged by dependabot (#1054) * Task: Fluent upgrade (#1056) * Fix: ProfileType persistence (#1074) * Enhancement: error hints (#1060) * Bug: Persisting request body (#1055) * Fix: Sample queries UI bugs (#1084) * Fix: Disable aria-required children rule (#1080) * Task: Fix failing profile test (#1086) * Enhancement: permissions radio buttons change (#1087) * Task: add English file transfer automation (#1075)
Overview
Solves the following authentication errors: null_or_empty_id_token,authorization_code_missing_from_server_response, no_tokens_found, invalid_request, user_login_error,nonce_mismatch_error, login_progress_error, interaction_in_progress,
'interaction_required, invalid_grant, endpoints_resolution_error, monitor_window_timeout.
Shows the user hints in case of common user mistakes like cancelling authentication popups, more information when scope consent is blocked and general hints on what to do when an authentication error occurs.
Demo
Notice the tip displayed after a user cancels the popup
Error and hint when a user cancels the auth consent on the auth pop-up window
Notes
Users might still get the authentication errors when signing in, but will not be blocked. Retrying a sign-in for the second time succeeds.
Testing Instructions
-Try signing in then cancel the window pop-up. A hint will be displayed on a messagebar on what to do.
-Sign in with your account and cancel the consent process or close the pop-up window. A hint will be displayed on what to do.