ReAuth icon indicating copy to clipboard operation
ReAuth copied to clipboard
verified publisher icon TechnicianLP

Does not work while IPv6 is the default

Open 4censord opened this issue 3 years ago • 2 comments

To reproduce

  • Have IPv6 Enabled and configured as default either via system defaults or set -Djava.net.preferIPv6Addresses=true as additional launch option
  • Try to log in using This Device
  • After completing the Microsoft login process get redirected to something like http://127.0.0.1:52371/
  • See Unable to connect

The problem seems to bee that the java process is opening a socket for localhost (InetAddress.getLoopbackAddress()), and that gets resolved to [::1] (IPv6 localhost). But the redirect either gets resolved differently, or is simply hard-coded to 127.0.0.1.

This can be seen by using ss on Linux:

$ ss -tlp
State     Recv-Q    Send-Q       Local Address:Port              Peer Address:Port    Process                                         
LISTEN    0         50                   [::1]:52371                     [::]:*        users:(("java",pid=280710,fd=465))

I have tested this on Linux and macOS, versions:

Linux $HOSTNAME 5.18.15-arch1-1 #1 SMP PREEMPT_DYNAMIC Fri, 29 Jul 2022 22:52:39 +0000 x86_64 GNU/Linux
Darwin $HOSTNAME 21.6.0 Darwin Kernel Version 21.6.0: Sat Jun 18 17:07:25 PDT 2022; root:xnu-8020.140.41~1/RELEASE_X86_64 x86_64

With Firefox and safari, respectively

As far as I understand this happens here: https://github.com/TechnicianLP/ReAuth/blob/3ee5617be511eccb890998d1daeb7dfba5ca94b8/src/common/java/technicianlp/reauth/authentication/http/server/AuthenticationCodeServer.java#L32

I would say to solve this we should:

  • Check which IP versions are available
  • Listen on all available versions or
  • check what is the default (and what is available)
  • explicitly set the redirect URL to 127.0.0.1 or [::1]

4censord avatar Aug 03 '22 22:08 4censord

Thanks for bringing this to my attention. The redirect that is used after login has to be configured with Microsoft beforehand. The Problem being Microsoft not currently supporting [::1] as a redirect target. It should be possible to redirect to http://localhost:52371 instead whenever IPv6 is used, would that resolve your problem?

You should be able to use the "Any Device" Option on the right for logging in until this gets fixed.

TechnicianLP avatar Aug 04 '22 20:08 TechnicianLP

The redirect that is used after login has to be configured with Microsoft beforehand. The Problem being Microsoft not currently supporting [::1] as a redirect target.

Okay, surprising.

It should be possible to redirect to http://localhost:52371 instead whenever IPv6 is used, would that resolve your problem?

I assume that might make it worse in a fails intermittendly kind of way The local DNS resolver might round-robin answer with ipv4 and ipv6, leading it to only fail sometimes

The Problem being Microsoft not currently supporting [::1] as a redirect target.

I would just bind explicitly to the ipv4 localhost, maybe with

InetSocketAddress localAddress = new InetSocketAddress(InetAddress.getByName("127.0.0.1"), port);

Then redirecting to http://127.0.0.1:52371 should work even if ipv6 is preferred

It may be good to log the case that no ipv4 is available, and direct to this issue.

You should be able to use the "Any Device" Option on the right for logging in until this gets fixed.

Thank you, I will try that.

4censord avatar Aug 04 '22 22:08 4censord

Should be fixed for Version 4.0.6.

TechnicianLP avatar Nov 27 '22 21:11 TechnicianLP