microsoft-authentication-library-for-dotnet icon indicating copy to clipboard operation
microsoft-authentication-library-for-dotnet copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

[Bug] The Interactive Authentication Process Hangs in Some Cases

Open msJinLei opened this issue 1 year ago • 0 comments

Library version used

4.49.1.0

.NET version

dotnent standard 2.0

Scenario

PublicClient - desktop app

Is this a new or an existing app?

The app is in production, and I have upgraded to a new version of MSAL

Issue description and reproduction steps

@josuelopes reports to Azure PowerShell repo that their interactive authentication process hangs in a specific case. See https://github.com/Azure/azure-powershell/issues/21909

  • Steps
    • Prepare a PowerShell script from the customer
    • Call the script using powershell.exe $scriptPath (Actually Windows PowerShell is called here)
    • Interactive authentication process starts and the browser is opened.
    • Input the number on the browser to authentication app
    • The browser is closed and CMD gets stuck.

image

After our investigation, interactive authentication process finishes inputting the credential and mobile app authentication but doesn’t get return when the browser is closed.

The logs just before token acquisition is printed https://github.com/msJinLei/azure-powershell/blob/ae65f3439934353180ef2637888dcb7cb1ba8579/src/Accounts/Authenticators/InteractiveUserAuthenticator.cs#L73 while the log just after not https://github.com/msJinLei/azure-powershell/blob/ae65f3439934353180ef2637888dcb7cb1ba8579/src/Accounts/Authentication/Factories/AuthenticationFactory.cs#L130

Relevant code snippets

Write-Host "Starting"

$TenantId = ""
$SubscriptionId = ""

$AzRequiredModules = @(
    @{Name = "Az.Accounts"; Version = [Version]"2.13.0"}
    ,@{Name = "Az.Storage"; Version = [Version]"5.6.0"}
)

$AvailableModules = Get-Module -ListAvailable
$ImportedModules = Get-Module

foreach ($AzModule in $AzRequiredModules) {
    # Removing module from session that doesn't fit the required version
    $ModulestoRemove = $ImportedModules | Where-Object { $_.Name -eq $AzModule.Name -and $_.Version -ne $AzModule.Version}
    $ModulestoRemove | ForEach-Object {
        Write-Host "Removing module $($_.Name) $($_.Version) from session..."
        Remove-Module -ModuleInfo $_ -Force
    }
}

foreach ($AzModule in $AzRequiredModules) {
    # Install module if not exists with required minimum
    $IsModuleAvailable = !!$($AvailableModules | Where-Object {$_.Name -eq $AzModule.Name -and $_.Version -eq $AzModule.Version})
    if (-Not $IsModuleAvailable) {
        Write-Host "Installing $($AzModule.Name) $($AzModule.Version)..."
        Install-Module -Name $AzModule.Name -RequiredVersion $AzModule.Version -Repository PSGallery -Scope CurrentUser -AllowClobber -Force
    }
    # Import module if not already present in session
    $IsModuleLoaded = !!$(Get-Module | Where-Object {$_.Name -eq $AzModule.Name -and $_.Version -eq $AzModule.Version})
    if (-Not $IsModuleLoaded) {
        Write-Host "Importing $($AzModule.Name) $($AzModule[1])..."
        Import-Module -Name $AzModule.Name -RequiredVersion $AzModule.Version -Scope Local -Force
    }
}

#Write-Host "Clear-AzContext"
Clear-AzContext -Scope CurrentUser -Force -ErrorAction SilentlyContinue
if (-Not $(Get-AzContext)) {
    #Write-Host "Connect-AzAccount -Tenant $tenantId -SubscriptionId $subscriptionId"
    Connect-AzAccount -Tenant $tenantId -SubscriptionId $subscriptionId
}
#Write-Host "Set-AzContext"
Set-AzContext -Tenant $tenantId -SubscriptionId $subscriptionId
#Write-Host "Get-AzContext.Account.Id"
$UserId = $(Get-AzContext).Account.Id

Write-host "User Connected $UserId"

Start-Sleep -Seconds 5

Expected behavior

The script doesn't hang

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

It can be workarounded by using WAM

msJinLei avatar Sep 25 '23 07:09 msJinLei