microsoft-authentication-library-for-android icon indicating copy to clipboard operation
microsoft-authentication-library-for-android copied to clipboard
verified publisher icon AzureAD

SSO Login Flow: Password Manager Prompt Not Triggered Before Callback to Native App

Open harshaddmi opened this issue 1 year ago • 2 comments

Describe the bug In the Single Sign-On (SSO) login flow, after entering the email and password and clicking the sign-in button, the callback to the native application does not trigger a prompt to save login credentials by the password manager before moving to the native app.

To Reproduce Steps to reproduce the behavior:

1.Navigate to the login page. 2.Enter the email and password. 3.Click on the sign-in button. 4.Observe that the callback to the native application occurs, but no prompt to save login credentials is triggered.

Expected behavior A prompt to save login credentials by the password manager should appear after successful sign-in during the SSO login flow, similar to the behavior observed in the SSO signup flow.

Actual Behavior No prompt to save login credentials is triggered after successful sign-in during the SSO login flow.

Smartphone Details:

  • Device: Google Pixel and OnePlus
  • Android Version: API Level 33
  • Browser: Chrome Browser
  • MSAL Version: 4.9.+

Additional context During the SSO Signup flow, the password manager correctly prompts to save login credentials. This behavior is observed because the signup flow involves a form with a "Continue" button to move to the next page inside the browser. The password manager correctly detects and prompts to save the login credentials in this scenario.

This prompts the question of whether the lack of a similar prompt during the SSO login flow is expected behavior or if there is a potential issue preventing the password manager from detecting and prompting to save login credentials after the callback to the native application.

The goal is to understand the consistency of password manager prompts across both SSO login and signup flows and to ensure a seamless and user-friendly experience for saving and managing login credentials.

Please note: Do not include sensitive information like PII, OII, credentials, secrets, and tokens.

For privacy/security issues, please see instructions here

harshaddmi avatar Mar 06 '24 04:03 harshaddmi

@harshaddmi Hi is this device Password manager or an external Password manager app like Authenticator?

negoe avatar Mar 26 '24 14:03 negoe

@negoe Password manager in question is the built-in functionality within the Chrome Browser on Android devices. The login flow utilizes the MSAL (Microsoft Authentication Library) SDK, which opens authentication flows in a Chrome Browser tab

Microsoft Documentation on MSAL Android Single Sign-On: https://learn.microsoft.com/en-us/entra/identity-platform/msal-android-single-sign-on

Google Chrome Developer Documentation on Custom Tabs for Android: https://developer.chrome.com/docs/android/custom-tabs

These resources provide additional information about implementing Single Sign-On with MSAL on Android and utilizing Custom Tabs in Chrome Browser for authentication flows.

harshaddmi avatar Mar 26 '24 15:03 harshaddmi