oidc-client icon indicating copy to clipboard operation
oidc-client copied to clipboard

Published 20 hours ago verified publisher icon AxaFrance

Callback not caught, URL with obtained code remains in the browser

Open nikPast opened this issue 2 years ago • 14 comments

Issue and Steps to Reproduce

Using Azure as Identity provider makes Callback not called, also tried with sample application by changing only the relevant categories in configuration.

Versions

6.4.18

Screenshots

Screenshot 2023-02-27 at 14 31 44

Expected

Callback gets executed and you can retrieve the access token

Actual

Additional Details

  • Installed packages:

nikPast avatar Feb 27 '23 13:02 nikPast

hi @nikPast , Thank you very much for your issue.

Do you have a sample of your configuration?

guillaume-chervet avatar Feb 27 '23 13:02 guillaume-chervet

Sure, please note that I'm hiding client_id and tenant_id for policy. const configuration = { client_id: '**', redirect_uri: window.location.origin + '/authentication/callback', silent_redirect_uri: window.location.origin + '/authentication/silent-callback', // Optional activate silent-signin that use cookies between OIDC server and client javascript to restore the session scope: 'openid profile email offline_access', authority: 'https://login.microsoftonline.com//v2.0', service_worker_relative_url: '/OidcServiceWorker.js', service_worker_only: true, };

nikPast avatar Feb 27 '23 14:02 nikPast

thank you @nikPast, do you have an error log or something else in the console?

You try without service worker first for simplicity:

const configuration = {
client_id: '**************************',
redirect_uri: window.location.origin + '/authentication/callback',
silent_redirect_uri: window.location.origin + '/authentication/silent-callback', // Optional activate silent-signin that use cookies between OIDC server and client javascript to restore the session
scope: 'openid profile email offline_access',
authority: 'https://login.microsoftonline.com/************************/v2.0',
};

guillaume-chervet avatar Feb 27 '23 15:02 guillaume-chervet

I did it and in neither the cases I found any error

nikPast avatar Feb 27 '23 15:02 nikPast

hi @nikPast , did you removed previous service worker registration before your test ? image

guillaume-chervet avatar Feb 27 '23 15:02 guillaume-chervet

do you have the your OidcProvider setting Code ? it seem the OIdcProvider never called during the callback route.

guillaume-chervet avatar Feb 27 '23 15:02 guillaume-chervet

Screenshot 2023-02-27 alle 17 49 44 I can't see any active service worker. I tried with the official msal library and it works

nikPast avatar Feb 27 '23 16:02 nikPast

Thank you @nikPast for your feedbaks.

Which logs do you have if you logs events?

https://github.com/AxaGuilDEv/react-oidc/blob/a6b607a3c29b3fd55c799550936e45e1863cd3d1/packages/react/src/App.tsx#L40

Which azure Service are you using? I may try to reproduce it.

guillaume-chervet avatar Feb 27 '23 17:02 guillaume-chervet

Hi, I don't log events, to reproduce it just create a new app registration in azure and follow the basic authentication process to that application. Azure offers a free account for creating an application

nikPast avatar Feb 28 '23 08:02 nikPast

I don't know if it can help, but through the callback url from azure it returns {code, state, sessionstate}, no issuer, no scopes in the url. Following the demo with Identity4 these last parameters are returned, could be the issue?

nikPast avatar Feb 28 '23 08:02 nikPast

Thank you @nikPast for your help? Do you know the azure step your are using to create an azure Authentification Compoment? for example the name of the resource your are creating? I need just more information to understand what youare using on azure.

yes may be no scope may be bring a problem for example.

guillaume-chervet avatar Mar 02 '23 19:03 guillaume-chervet

The process is: Create a new app in azure portal. Retrieve clientID and tenantID from there. The authority url is: https://login.microsoftonline.com/tenantID/v2.0. you can use any scope including the one included in your example. It just misses the callback, the authentication code is correctly returned inside the browser url but not handled by the library.

nikPast avatar Mar 02 '23 20:03 nikPast

Thank you @nikPast for your information. I do not understand wich resource I need to create : image

I'am used to webapp but it does not create any auth provider.

guillaume-chervet avatar Mar 04 '23 18:03 guillaume-chervet

@nikPast

I am working on an app at the moment, against Azure AD B2C. Using the demo in the repo, I can get receive callback and app authentication works as expected. Because i haven't exposed any API or added API permissions to the app, I removed api from the scope demands, and change token_renew_mode to id_token_invalid .

My config looks similar to yours:

export const configurationMicrosoftB2C = {
    client_id: 'xxxx',
    redirect_uri: window.location.origin + '/authentication/callback',
    silent_redirect_uri: window.location.origin + '/authentication/silent-callback',
    scope: 'openid profile email offline_access',
    authority: 'https://{tenant}.b2clogin.com/tfp/{tenant}/b2c_1_{tenant}/v2.0/',
    refresh_time_before_tokens_expiration_in_second: 40,
    service_worker_relative_url: '/OidcServiceWorker.js',
    service_worker_only: false,
    token_renew_mode: 'id_token_invalid',
};

The only other setting I think I modified was in the user flow, set the Claim representing user flow to tfp .

jafin avatar Mar 05 '23 04:03 jafin