microsoft-authentication-library-for-android
microsoft-authentication-library-for-android copied to clipboard
AzureAD
Intune get into infinity loop after confirm the password - MSAL did not receive any feedback.
Describe the bug We are using the Microsoft Authentication library for Android to authenticate our users, using the native solution. Our app just call the MSAL (MicrosoftAuth). After our user confirm the password (insert the password and touch in the Sign In button, the intune company portal, which we are using as broker, get into an infinity loop, and did not send any response to our app. This happened in production environment and stops almost 3K. employees to work.
Work around - Call the authentication process using the web browser.
Is your app live and in production or is this a development issue? Provide a clear and concise description of what the bug is.
Smartphone (please complete the following information):
- Device: Several Samsung devices, as A02, SM-A135M, SM-A146M, SM-A205G, SM-A127M... Motorola Edge 30 Pro... Android Emulator
- Android Version: Android 14 (UE1A.230829.036.A1), Android 13 (TISHS33.35-23-23-20-4-10), Android versions (10, 11, 12, 13, 14)
- Browser: We are using the Intune company portal as broker.
- MSAL Version: 4.10.0, 4.9.2, 4.9.0, 4.8.1, 4.7.0, 4.6.3, 4.6.2
Stacktrace We could no get the stacktrace. The problem could happened in communication between the broker and msal authentication library. We did not receive any information during the infinity loop.
To Reproduce Steps to reproduce the behavior:
- Create a project that use the MSAL to do the authentication process.
- Start the logon process using:
activity?.let {
microsoftClient?.acquireToken(
AcquireTokenParameters.Builder()
.startAuthorizationFromActivity(it)
.withPrompt(Prompt.LOGIN)
.withScopes(SCOPES)
.withCallback(object : AuthenticationCallback {
override fun onSuccess(authenticationResult: IAuthenticationResult?) {
msalCallback?.onLogin(authenticationResult)
}
override fun onError(exception: MsalException) {
msalCallback?.onError(exception)
}
override fun onCancel() {
msalCallback?.onCancel()
}
})
.build()
)
}
private val SCOPES = listOf("profile")//listOf("User.Read") // The option profile get into loop, the option User.Read call the MFA and works (we did not want to use MFA for this transaction, and it is the reason that we are using the broker)
- Insert the user name, or select one, goes to next page, insert the password, and try to continue on the process.
- You will see a loader in infinity loop.
auth_configuration.json:
{
"client_id" : "xxx-yyy-abc-5543",
"authorization_user_agent" : "DEFAULT",
"redirect_uri" : "msauth://com.problem.app/LDfjgaldhf102379",
"broker_redirect_uri_registered": true,
"shared_device_mode_supported": false,
"authorities" : [
{
"type": "AAD",
"audience": {
"type": "AzureADMyOrg",
"tenant_id": "xxx-fdafd-bacgf-arfaqr-13123"
}
}
]
}
AndroidManifest:
<activity
android:name="com.microsoft.identity.client.BrowserTabActivity"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data
android:scheme="msauth"
android:host="com.XXX.abc"
android:path="/1l23jhlkaHFALDKFJ" />
</intent-filter>
</activity>
Gradle: 7.4.2 or 8.2.1 (with this version it is necessary to do this:
implementation('com.microsoft.identity.client:msal:4.10.0'){
exclude group: "io.opentelemetry"
}
implementation("io.opentelemetry:opentelemetry-api:1.33.0")
implementation("io.opentelemetry:opentelemetry-context:1.33.0")
Intune version: 5.0.6093.0 e 5.0.6115.0
Expected behavior Receive authentication data from intune with the user access token.
Actual Behavior Infinity loop, until receive the message: We couldn't sign you in. Please Try again.
Screenshots
Additional context If I disable the the broker the process works good.
For privacy/security issues please see instructions here
