Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

After loginRedirect success, no active account exists #5155

Closed
danielvoigt opened this issue Aug 31, 2022 · 5 comments
Closed

After loginRedirect success, no active account exists #5155

danielvoigt opened this issue Aug 31, 2022 · 5 comments
Assignees
@tnorling
Labels
answered Question has received "first qualified response" b2c Related to Azure B2C library-specific issues bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package Needs: Author Feedback Awaiting response from issue author no-issue-activity Issue author has not responded in 5 days public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@danielvoigt
Copy link
Contributor

danielvoigt commented Aug 31, 2022
edited
Loading

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.28.1

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

2.4.1

Public or Confidential Client?

Public

Description

After successfully logging with AD B2C using the loginRedirect method and getting redirected back to the SPA, MSAL is unable to retrieve the active account of the user. So ultimately the login fails.

Following the documentation for using loginRedirect with msal-angular: https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-angular-auth-code

Steps to reproduce:

  1. use the loginRedirect method to initiate the login flow (MsalService.loginRedirect())
  2. subscribe to the LOGIN_SUCCESS event on the component that is the redirectUri. For example
  ngOnInit(): void {
    this.msalBroadcastService.msalSubject$
      .pipe(
        filter((msg: EventMessage) => msg.eventType === EventType.LOGIN_SUCCESS),
      )
      .subscribe((result: EventMessage) => {
        // the error is here - no active account
        const isLoggedIn =  this.msalService.instance.getActiveAccount() === null // this should be true, but it isn't working
        console.log(result);
      });
  }
  1. There should be an active account available after the subscription for the LOGIN_SUCCESS events receives an event message on login success - but there isn't. The getActiveAccount method returns null.

Notes:

  • I have used the same configuration to successfully login with the MsalService.loginPopup method, so the configuration of the SPA shouldn't be an issue. However, there are currently blocking bugs with the loginPopup flow, as it doesn't work with MacOS in full-screen mode and there are also reports of the flow not working on iOS, so that's currently not usable. Issues: Login popup flow does not work for full-screen browsers #5123 popup flow broken in full-screen macOS #4921
  • I have experienced a similar issue with msal-browser where after a successful AD B2C login there is no active account, and thus the login fails. That's essentially the same behavior that is happening here, just different code. That is documented in this unresolved issue: Unable to acquire token silently after B2C login and redirection to SPA redirectUri #4935
  • This is the third attempt at getting MSAL for B2C to work. We first attempted to get msal-browser to work, then loginPopup with msal-angular, and now msal-angular with loginRedirect. We've experienced unresolved issues for all these MSAL B2C flows.

Error Message

No error messages, but the user is not successfully logged in with an active account after a successful loginRedirect and

Msal Logs

No response

MSAL Configuration

{
    auth: {
      clientId: 'uuid-goes-here',
      authority:
        'https://company-name.b2clogin.com/company-name.onmicrosoft.com/B2C_1_SignInOnly',
      redirectUri: 'http://localhost:4200',
      knownAuthorities: ['company-name.b2clogin.com'],
      postLogoutRedirectUri: 'http://localhost:4200',
      navigateToLoginRequestUrl: true,
    },
  }

Relevant Code Snippets

see description

Reproduction Steps

see description

Expected Behavior

on the LOGIN_SUCCESS event, you should be able to retrieve an active account and be successfully logged in.
the MsalService.getActiveAccount method should not be null

Identity Provider

Azure B2C Basic Policy

Browsers Affected (Select all that apply)

Chrome

Regression

No response

Source

External (Customer)
@danielvoigt danielvoigt added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Aug 31, 2022
@ghost ghost added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Aug 31, 2022
@github-actions github-actions bot added b2c Related to Azure B2C library-specific issues msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications labels Aug 31, 2022
@ghost ghost assigned tnorling Aug 31, 2022
@tnorling
Copy link
Collaborator

@danielvoigt Where are you setting the active account?

@ghost ghost added answered Question has received "first qualified response" Needs: Author Feedback Awaiting response from issue author and removed Needs: Attention 👋 Awaiting response from the MSAL.js team labels Aug 31, 2022
@Core121
Copy link

Core121 commented Sep 1, 2022

You have to do something like this, since for some reason setting the active account isn't something MSAL handles.

this.msalBroadcastService.inProgress$
      .pipe(
        filter((status: InteractionStatus) => status === InteractionStatus.None),
        takeUntil(this._destroying$)
      )
      .subscribe(() => {
        this.checkAndSetActiveAccount();
      })

checkAndSetActiveAccount() {
    let activeAccount = this.msalService.instance.getActiveAccount();

    if (!activeAccount && this.msalService.instance.getAllAccounts().length > 0) {
      let accounts = this.msalService.instance.getAllAccounts();
      this.msalService.instance.setActiveAccount(accounts[0]);
    }
  }

If you have any more trouble check out this example

@ghost
Copy link

ghost commented Sep 7, 2022

@danielvoigt This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.

@ghost ghost added the no-issue-activity Issue author has not responded in 5 days label Sep 7, 2022
@bmahall
Copy link
Contributor

bmahall commented Sep 8, 2022

@danielvoigt Are you still facing any issues in setting active account?

@ghost ghost closed this as completed Sep 16, 2022
@hgc10120
Copy link

Yes. I can confirm that this is still an issue that requires a workaround.

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tnorling tnorling

Labels
answered Question has received "first qualified response" b2c Related to Azure B2C library-specific issues bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package Needs: Author Feedback Awaiting response from issue author no-issue-activity Issue author has not responded in 5 days public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tnorling @danielvoigt @hgc10120 @Core121 @bmahall