aspnetcore
aspnetcore copied to clipboard
dotnet
Version 17.11.0 - MSAL Exception Unhandled - Blazor WASM
This issue has been moved from a ticket on Developer Community.
[severity:I'm unable to use this version] [regression] [worked-in:17.10.3]
We upgraded VS2022 to the latest version 17.11.0 and in my Blazor WASM .NET 8 application I am now getting a refresh token error. I've upgraded the nuget packages to 8.0.8 and I am still getting this error. Applicaiton has been working for 3 years now.
What I am noticing is happening: User clicks to login, starts the Azure login process to either select their name, or enter credentials and perform MFA. In the browser I see the route goes from my applications login page, to the Microsoft Azure login page, not sure of technical name, user logs in, and is redirected back to my application, component renders "Completing Login", then generates the error.
I've placed code breaks to follow it along the way, but sense this happens in MSAL library I cannot step through it but here is what I see happening. Process to login is kicked off, user authenticates, I verify that in my code, and continue to the next part of the process which gathers additional User information from Graph, and our internal systems to create a user service. The very first call to get data is where this fails, if I click continue it will continue without errors as normal.
Publishing this to the server, hosted on IIS Manager, this is totally broken, the only way I can get a user from the login screen to the application is logging in, refresh a few times.
Running the exact code on the previous version of VS2022, 17.10.3 everything works as it should.
I've added a recording of this in place, please let me know what else I can do to assist in tracking this down because this has stopped deployment of our application because we are forced to run this version to get everyone on the team on the same version, if we had a way to install a specific version that would be great!
Original Comments
Feedback Bot on 8/20/2024, 06:44 PM:
(private comment, text removed)
Original Solutions
(no solutions)
The "token_refresh_required" error can happen for a few reasons. The most common one is that third party cookies are blocked by the browser causing silent iframe-based refresh attempts to fail and require a full page redirection to the OIDC provider to reauthenticate. Can you please provide a link to a GitHub repo that reproduces your issue and indicate what browser you are using?
Both me and a colleague got the same issue in the AuthenticationService.js file during normal login after upgrading to VS2022 17.11.1. The issue was not there in 17.10.x or earlier versions. If we clear the login stuff from localStorage (thus removing the expired token) it works for two hours until the token expires, so something seems to have broken regarding refresh tokens with VS 17.11.x since the same code has worked for years until we installed the latest studio.
It seems like more people here have the same issue: https://developercommunity.visualstudio.com/t/Visual-Studio-Community-2022-Version-17/10526532?sort=newest.
I don't have a project share to reproduce it either, but we're both using Edge and the issues started directly after upgrading to the 17.11.1 studio without any browser or nuget packages upgrades in between (last week for me and today when the colleague upgraded his studio).
@Souldrinker, does the problem reproduce on browsers other than Edge (Firefox, Safari)? Also, does the problem go away if you downgrade back to Visual Studio 17.10.x? We suspect that the browser might be acting differently after an update.
If possible, a minimal repro project that demonstrates the issue would be helpful. If you can provide one, please host it as a public repository on GitHub so we can take a look.
Please also see this document for a possible solution to the problem you're hitting.
Also, does the JS exception you're seeing eventually turn into a .NET exception? Maybe the debugger is breaking on the JS exception before it reaches .NET?
When I got the unhandled exception I stopped the execution and found this issue matching the error I got. I later realized that if I just press F5 to continue execution it seems it does not seem to cause any .NET exception, just the unhandled JS exception and I do get logged in without having to clear any tokens from localStorage and then I don't need to reauthenticate using the authenticator app to get logged in.
After that it works fine for most of the day (unless I wait 2 hours for the token to time out) before I get this JS exception again the next day.
So, it seems it may as you say just be a JavaScript exception breaking in the debugger before hitting .NET. However this didn't happen before the upgrade and the same happened today for a colleague when he upgraded VS without changing anything in the code, thus my assumption that this was related to the 17.11 upgrade.
I didn't try any other browser than Edge, but I can try to check again tomorrow at my work computer with other browsers. I'll see if I can try to get the same issue in a small github project, because this happens in our enterprise Blazor WASM project that started out originally in .NET Core 3.1 like 4-5 years ago (now upgraded to .NET8) where we use TFS source control .
I'm not used to put stuff on github and I'm not sure the same issue will occur in a fresh .NET8 project, but I can give it a try tomorrow.
@joj @sayedihashimi, was this change in JavaScript debugger behavior expected?
I reported this in the developers community and now I'm working on reproducing the issue in a new test application. So far what I am seeing as I slowly add in pieces of our authentication process is that when you add "AddAccountClaimsPrincipalFactory"<CustomClaimsHandler> to your authentication configuration and your custom claims handler inherits from AccountClaimsPrincipalFactory<RemoteUserAccount> is potentially causing the issue.
Leaving the standard login/logout process in tact is working but we need to add to the users Claims at time of successful login, and this has been working for 3+ years as the application start on .NET 5, went to 6, and now 8.
I've published our code to development instance using VS2022 Version 17.11.0 and 17.11.1, upgraded the required packages from 8.0.3 to 8.0.8 and when you login, it will get a valid token from Azure but when you are returned back to the application that is when this error happens, but when its on the server it just breaks the process and the only way to resolve is to refresh the page a couple times, or in my case click on the home icon, which is not what we are going to release to our end users.
We are unable to downgrade back to version 17.10.3 due to size of team and a lot of them don't have this version installed to downgrade too, yet another reason MS needs to allow us to install specific versions. To get everyone on the team on the same version is what started this for us.
I hope to get a repo that demonstrates the issue as soon as I add just enough of our process that will break the test application, hope that some of this info will be helpful in the mean time.
@joj @sayedihashimi, was this change in JavaScript debugger behavior expected?
I am not sure, @joj is out-of-office so I'm adding @PranavSenthilnathan
The below repo is an application that mimics my main application when the user logs in, they authenticate and when returned to the application it generates the error while it completes the login process.
Before posting repo, I did configure it to hit my applications API to ensure testing flow would be the same, though its not needed to generate the error sense it happens after login and before the first API call.
To reproduce the error you need to update the following in appsettings.Local.json AzureAd Section
- Authority URL with your Tenant Id
- Your Client Id
Scopes Section
- No need to update sense this fails before a call is made to API
Run the application in Kestrel mode
https://github.com/RickBenz/MSALAuth
@halter73 Repo Add FYI
I am also noticing that after the user is authenticated and returned to the application, the Http Client is not getting updated before it makes the call that fails. No request headers are present which will cause other issues with missing Authentication header and token.
@MackinnonBuck Why was the needs attention and needs repo tags removed from this issue? I am new to this process, so sorry if this seems like a silly quesiton.
This issue persists when you publish on the server as well, I can't pin point the root cause sense I have no access to debug MSAL library but I did provide a repo that demonstrates this issue, which until this is resolved we cannot publish new code.
Thanks in advanced :)
Closing this out in favor of the original VS feedback ticket. We think that the JS debugger is breaking on an exception that's handled by the framework.
FYI, also started running into this using the MSAL out of the box library with Blazor after 17.11 update. It seems their new debugging feature started breaking on all unhandled exceptions in every javascript file you have referenced, even if those exceptions are expected.
I resolved it by turning this off after the update to 17.11 of Visual Studio 2022:
- Go to Debug > Windows > Exception Settings
- Unmark Javascript Exceptions > Unchaught Exceptions
@xantari , Thanks a lot for this. I have had this problem for a little while and it was starting to get really frustating! at least this will allow a better development experience.
