aws-amplify
Login with Microsoft AD authentication using signInWithWebUI is not successful.
Describe the bug
There is a pattern in which login with Microsoft AD authentication using SignInWithWebUI is not successful. This issue occurs when Microsoft Intune Conditional Access is set to require an app protection policy. This setting requires authentication to be performed on Edge. However, signInWithWebUI uses ASWebAuthenticationSession. Therefore, Microsoft authentication screen will appear asking to launch in Edge. After launching Edge, a HostedUI error screen is displayed in the browser. After that, if entering the email address on the Hosted UI screen, the app will call back. When returning to the app, the Microsoft authentication screen remains displayed.
Steps To Reproduce
Steps to reproduce the behavior:
1. Open the app and login with Hosted UI
2. Launch Edge from the Microsoft authentication screen
3. Enter the email address on HostedUI
4. Authentication not completed
Expected behavior
No error occurs in HostedUI after launching Edge from the Microsoft authentication screen. Then, return to the app, close the Microsoft authentication screen, and complete the sign-in.
Amplify Framework Version
2.28.0
Amplify Categories
Auth
Dependency manager
Swift PM
Swift version
5.1
CLI version
12.10.1
Xcode version
15.3
Relevant log output
<details>
<summary>Log Messages</summary>
INSERT LOG MESSAGES HERE
Is this a regression?
Yes
Regression additional context
No response
Platforms
No response
OS Version
iOS 16, 17
Device
iPad
Specific to simulators
No response
Additional context
No response
@bbdev9805 Thanks for submitting the issue. We will attempt to reproduce the issue and investigate further.
@bbdev9805 So I am able to create a very similar environment that you have, and not able to reproduce the issue. Would you be able to provide verbose logs when this issue happens? You can enable verbose logging to the console by doing this before calling Amplify.configure:
Amplify.Logging.logLevel = .verbose
Additionally, can you also provide your amplifyconfiguration.json file redacted all the sensitive information.
Lastly, have you made sure that the redirect URI has been setup correctly in the app?
@harsh62 How should I provide the logs and the amplifyconfiguration.json file? The redirect URI is set up correctly. The issue occurs when authentication is required on Edge, as described below. If Microsoft Intune Conditional Access is not configured, the ASWebAuthenticationSession appears and the sign-in completes successfully.
This issue occurs when Microsoft Intune Conditional Access is set to require an app protection policy. This setting requires authentication to be performed on Edge.
Thank you @bbdev9805 . I will try to setup the account with the setting that you provided and see if I can recreate the issue.
@harsh62 Is there any update regarding this issue?
I have rechecked the actual behavior. After displaying the authentication screen with signInWithWebUI and launching Edge to complete the authentication, it returns to the app via a callback. Since the app is launched from the Edge app via a callback, the SceneDelegate is triggered, and the callback URL contains the code. However, the signInWithWebUI API does not return a result, and the authentication screen remains displayed. Is it possible to complete the sign-in process when the authentication is completed and the user returns to the original app via a callback after transitioning to Edge?
Thanks for the additional details and sorry for losing track. We're trying to reproduce this issue but are having trouble setting up an app with Microsoft AD authentication. Once we sort that out, we'll post an update here.
Thanks.
@bbdev9805 Were you able to find a fix for this issue? Unfortunately, the issue was not prioritized and am trying to see if this is still something that needs to be worked on.