generic-oauth2
generic-oauth2 copied to clipboard
capacitor-community
Bug: Cannot open azure B2C log in page on android because of Caching
Capacitor version:
Run npx cap doctor:
Latest Dependencies:
@capacitor/cli: 2.2.1
@capacitor/core: 2.2.1
@capacitor/android: 2.2.1
@capacitor/electron: 2.2.1
@capacitor/ios: 2.2.1
Installed Dependencies:
@capacitor/electron not installed
@capacitor/cli 2.1.2
@capacitor/core 2.1.2
@capacitor/android 2.1.2
@capacitor/ios 2.1.2
[success] Android looking great! 👌
Found 6 Capacitor plugins for ios:
@byteowls/capacitor-oauth2 (2.0.0)
capacitor-secure-storage-plugin (0.4.0)
cordova-plugin-androidx-adapter (1.1.1)
cordova-plugin-camera (4.1.0)
cordova-plugin-inappbrowser (4.0.1-dev)
cordova-plugin-video-editor (1.1.3)
[success] iOS looking great! 👌
Library version:
- 2.0.0
OAuth Provider:
- Azure AD B2C
- Azure App Registration
Your Plugin Configuration
{
appId: *appID*,
// tslint:disable-next-line:max-line-length
authorizationBaseUrl: 'https://TENANT.b2clogin.com/TENANT.onmicrosoft.com/B2C_1_SIGNIN/oauth2/v2.0/authorize',
scope: 'openid offline_access https://TENANT.onmicrosoft.com/messaging-functions/user_impersonation',
responseType: 'code',
pkceEnable: true,
accessTokenEndpoint: '',
web: {
redirectUrl: 'http://localhost:8100/auth',
windowTarget: '_self'
},
android: {
pkceEnabled: true,
responseType: 'code',
redirectUrl: 'io.bleepr.app://auth',
accessTokenEndpoint: 'https://TENANT.b2clogin.com/TENANT.onmicrosoft.com/B2C_1_SIGNIN/oauth2/v2.0/token',
handleResultOnNewIntent: true,
handleResultOnActivityResult: true
},
ios: {
pkceEnabled: true,
responseType: 'code',
redirectUrl: 'io.bleepr.app://auth',
accessTokenEndpoint: 'https://TENANT.b2clogin.com/TENANT.onmicrosoft.com/B2C_1_SIGNIN/oauth2/v2.0/token',
}
Affected Platform(s):
- Android Pixel 2 Android Studio Emulator
Current Behavior
Currently when trying to login the authenticate function redirects to the login page for azure B2C page, but the page doesn't load, it just get stucks loading. I never get the opportunity to input my login details, and therefore am not redirected to the app.
If I background the app, and then reopen the app, I get the following error message:
Line 8724 - Msg: OAuth rejected Error: ERR_ANDROID_NO_INTENT
Expected Behavior
Login screen should appear and then I should be redirected back.
Other Information
Immediately after calling the authenticate function this is my output in the logcat:
2020-07-05 16:26:20.002 21769-21849/io.bleepr.bleeprApp D/Capacitor: Starting activity for result
2020-07-05 16:26:20.047 21769-21769/io.bleepr.bleeprApp D/Capacitor: App paused
2020-07-05 16:26:20.195 21769-21805/io.bleepr.bleeprApp D/EGL_emulation: eglMakeCurrent: 0xef121e20: ver 3 0 (tinfo 0xbfb2ac50)
2020-07-05 16:26:20.207 21769-21805/io.bleepr.bleeprApp D/EGL_emulation: eglMakeCurrent: 0xef121e20: ver 3 0 (tinfo 0xbfb2ac50)
2020-07-05 16:26:20.296 21769-21843/io.bleepr.bleeprApp D/Capacitor: Handling local request: http://localhost/assets/icon/favicon.ico
2020-07-05 16:26:20.333 21769-21843/io.bleepr.bleeprApp D/Capacitor: Handling local request: http://localhost/tap-click-8339ee48-js-es2015.js
2020-07-05 16:26:20.335 21769-21817/io.bleepr.bleeprApp D/Capacitor: Handling local request: http://localhost/status-tap-6ad895ca-js-es2015.js
2020-07-05 16:26:20.336 21769-21817/io.bleepr.bleeprApp D/Capacitor: Handling local request: http://localhost/index-120c8c20-js-es2015.js
2020-07-05 16:26:20.336 21769-21882/io.bleepr.bleeprApp V/Capacitor/Plugin: To native (Capacitor plugin): callbackId: 118528365, pluginId: App, methodName: addListener
2020-07-05 16:26:20.336 21769-21882/io.bleepr.bleeprApp V/Capacitor: callback: 118528365, pluginId: App, methodName: addListener, methodData: {"eventName":"backButton"}
2020-07-05 16:26:20.337 21769-21832/io.bleepr.bleeprApp D/Capacitor: Handling local request: http://localhost/focus-visible-15ada7f7-js-es2015.js
2020-07-05 16:26:22.498 21769-21805/io.bleepr.bleeprApp D/EGL_emulation: eglMakeCurrent: 0xef121e20: ver 3 0 (tinfo 0xbfb2ac50)
2020-07-05 16:26:22.501 21769-21769/io.bleepr.bleeprApp D/Capacitor/App: Firing change: false
2020-07-05 16:26:22.501 21769-21769/io.bleepr.bleeprApp V/Capacitor/App: Notifying listeners for event appStateChange
2020-07-05 16:26:22.513 21769-21769/io.bleepr.bleeprApp D/Capacitor: App stopped
2020-07-05 16:26:22.513 21769-21769/io.bleepr.bleeprApp D/Capacitor: Saving instance state!
2020-07-05 16:26:22.540 21769-21861/io.bleepr.bleeprApp D/EGL_emulation: eglMakeCurrent: 0xef1227c0: ver 3 0 (tinfo 0xef1a8c90)
2020-07-05 16:26:22.542 21769-21861/io.bleepr.bleeprApp D/EGL_emulation: eglMakeCurrent: 0xef136790: ver 3 0 (tinfo 0xef1a8c90)
2020-07-05 16:26:27.548 21769-21785/io.bleepr.bleeprApp W/System: A resource failed to call release.
2020-07-05 16:26:27.549 21769-21785/io.bleepr.bleeprApp I/chatty: uid=10173(io.bleepr.bleeprApp) FinalizerDaemon identical 8 lines
2020-07-05 16:26:27.549 21769-21785/io.bleepr.bleeprApp W/System: A resource failed to call release.
I have tried all fixes including those in #91 and #96 . Has anybody come up against this issue?
If I clear the browser cache on the emulator then the log in page does open. So I think the login credentials may have been cached and then they aren't being handled appropriately. If I then try and log in, when I click the sign in page, nothing happens. The browser does not close and the promise is not resolved from the authentication function.
In this circumstance the following is being displayed in the log:
2020-07-05 19:41:15.204 2318-8835/? I/ActivityTaskManager: START u0 {cmp=io.bleepr.bleeprApp/net.openid.appauth.AuthorizationManagementActivity (has extras)} from uid 10149
2020-07-05 19:41:15.206 2162-2381/? D/iorapd: Cannot find compiled trace in sqlite for package_name: io.bleepr.bleeprApp activity_name: net.openid.appauth.AuthorizationManagementActivity
2020-07-05 19:44:25.484 2318-2411/? W/InputDispatcher: channel 'ef63aab io.bleepr.bleeprApp/net.openid.appauth.AuthorizationManagementActivity (server)' ~ Consumer closed input channel or an error occurred. events=0x9
2020-07-05 19:44:25.484 2318-2411/? E/InputDispatcher: channel 'ef63aab io.bleepr.bleeprApp/net.openid.appauth.AuthorizationManagementActivity (server)' ~ Channel is unrecoverably broken and will be disposed!
2020-07-05 19:44:25.499 2318-9051/? W/InputDispatcher: Attempted to unregister already unregistered input channel 'ef63aab io.bleepr.bleeprApp/net.openid.appauth.AuthorizationManagementActivity (server)'
I have the same issu when I try to authenticate with a different email address, I get the token from the previous login, it seems that the username and password are cached. How can I avoid caching them?
I'm currently looking at old issues as I released a new version 3.0.0 just a few days ago.
If you can and it is still relevant please test this issue with the new version. (Capacitor 3.0.0 required)
Add the new logsEnabled parameter to enabled extensive logging.
I keep this issue open a few days and close it afterwards if there is no feedback.
BR
I would like to give more information about what happens when you use B2C and to present the "patch" I use.
When you log in using B2C, they put a cookie inside the web view, the cookie has an expiration time that spans between 15 minutes to 24 hours (can be set in Azure config). If you log out the cookie is not removed from the web view and the next time you log in the cookie may not be expired and the SignupSignIn flow continues without asking you for the password.
Here is my patch, I always remove the cookie before using the authenticate method. In order to do that I use the method authenticate with the B2C logout URL as authorizationBaseUrl in the options variable. When I do that, the app opens a blank web view, throws an error that I catch. This action removes the cookie from the web view, so I continue with the proper authenticate flow and now the web view prompts the username and password form.
I hope this information may help you to improve the logout method for B2C. If something is not clear please reach out to me. Thanks for your job and the time that you spend on this plugin.
Marco
Adding prompt=login as a query parameter ensures to request user enters their credentials all the time.
