-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSAL Doesn't Redirect on Safari #5696
Comments
@HansakaSS could you please elaborate on the issue? It's hard to determine what's going on without logs or a reproducible scenario. Is the failure happening after the user logs in and the login page redirects back to the application? Or is the issue happening when MSAL first redirects to the login page? My initial assumption if the problem is happening on the redirect back from the login screen is that there could be a race condition where the hash is being cleared by the apps routing logic before MSAL has a chance to parse the auth code. |
@hectormmg we were able to see following error on audits for users when they having the issue.
users were not able to redirect to the login page. |
@HansakaSS , it looks like, from your posted, the request is taking 118 seconds from the time you got the grant time to the time you used it in the above log, your 57 seconds over the allowed It looks like your grants are only valid for 60 seconds. |
@mlhamatms thanks for the response. Some users seems to have this problem continuously on the same device, even after clearing cache. but they were able to login on other devices without a problem. Some users were able log in on chrome but not in Safari. Also in case of this problem is there a way to let know the users know something went wrong or redirect to a another page to let user know more information about the problem ? |
@HansakaSS that error should cause MSAL to return an InteractionRequired error. The correct usage pattern is to call |
@HansakaSS This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale. |
we have applied the we were able to see the |
@HansakaSS The error message tells you exactly what is wrong and how to fix it. Did you have specific questions about this? |
@tnorling i understand that. but this is happening right after user login to the system. i wanted to prevent this from happening, is there a reason for this kind of behaviour ? |
You either didn't pass an account to |
@HansakaSS i think we are seeing similar issues in Safari using MSAL, it may be related to Safari's lack of look regex lookbehind, ours is erroring out in the MSAL function CredentialEntity.getCredentialType calling 'f (key.toLowerCase().search("(?<=" + separator + domainRe + ")" + separator + credVal + separator) !== -1) {' can you confirm if yours is failing there? If so I believe MSFT will need to change the search function to support Safari's lack of regex look behind |
@tnorling thanks, i have updated the code with the @JohnButare Yes we had the same issue, i believe it has been fixed now. you can find the discussion here. #5548 |
@HansakaSS This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale. |
@tnorling we have set the active account after login. now we have less |
This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @tnorling please follow up. |
What you've described is fine, although our recommended best-practice approach is to check if a user is signed in prior to calling |
@tnorling I understand now, Thanks everyone for the support. |
Core Library
MSAL.js v2 (@azure/msal-browser)
Core Library Version
2.32.1
Wrapper Library
MSAL Angular (@azure/msal-angular)
Wrapper Library Version
2.1.2
Public or Confidential Client?
Public
Description
User tying to redirect to the login page from the application on safari mobile and the msal does not respond to the request. works with Chrome IOS and Android.
We only see this issue sometimes but we have users complaining they are not able to log into the application.
We were not able to see any errors in our logs to detect anything related to this issue. We would like to get more information about the situation and monitoring to tackle this issue. any help would be appreciated.
Error Message
No response
Msal Logs
No response
MSAL Configuration
Relevant Code Snippets
Reproduction Steps
Expected Behavior
Needs to redirect to the login page.
Identity Provider
Azure AD / MSA
Browsers Affected (Select all that apply)
Safari
Regression
No response
Source
External (Customer)
The text was updated successfully, but these errors were encountered: