dotnet
WebAuthenticator doesn't support Azure App Service callback response.
Description
I would like to use WebAuthenticator when also using Azure App Service Authentication. Unfortunately, EasyAuth does not return the token and expiry in a format that WebAuthenticator understands. To fix this, I propose that we add a "ResponseDecoder" option to WebAuthenticator.
Public API Changes
I'd suggest having a new interface IWebAuthenticatorResponseDecoder:
public interface IWebAuthenticatorResponseDecoder
{
IDictionary<string, string> DecodeResponseUri(Uri uri);
}
Then, in WebAuthenticator, have a new public property:
public IWebAuthenticatorResponseDecoder? ResponseDecoder { get; set; }
This gets passed as an optional parameter to the constructor of WebAuthenticatorResult (the one that gets passed the Uri). When the response decoder is not null, it is called to convert the Uri into a dictionary (and then everything progresses as normal). When the response decoder is null, the current method (WebUtils.ParseQueryString()) is used to decode the response.
Intended Use-Case
Authenticating to Azure App Service when using Azure App Service Authentication & Authorization.
The generalized method proposed allows customers to parse the callback URL for any platform, and allows App Service to release their own package that has the decoder in it if they desire.
... and I'm happy to contribute a PR for the changes (including tests) if folks think this is the right solution to the problem.
Do you have an example of the invalid/strange/unique format?
I am wondering if we should also just make the full Uri available as a property. This decoder aspect is very nice, so we should investigate that still.
The reason I call this out is that I am not 100% confident that the runtime is still in memory in some cases. I am thinking on Android when the Auth pops the dialog, the app may be stopped. Not sure if that is the app or just the activity. Need to test that. But, we do have an await here so even if the entire app is shut down, the code will never run again as the runtime would have unloaded all the code after the await... So maybe I am wrong? Need to talk to my Android experts.
But either way, having a way to intercept the parsing - or escape from it - is a very good idea.
An example of an App Service response:
https://web-adhal-test.azurewebsites.net/.auth/login/done#token=%7B%22authenticationToken%22%3A%22eyJhbGXXXXXzI1NiIsInR5cCI6IkpXVCJ9.eyJzdGFibGVfc2lkIjoic2lkOjc2YmFlYTg0N2U5ZDdiYzIxMTVkYmEyMTQxNDcwNWUwIiwic3ViIjoic2lkOjVkMWU3YTM5Y2I1NjY1ODhjNGNlYjAxNmVkOTQ0ZDUyIiwiaWRwIjoiYWFkIiwidmVyIjoiMyIsIm5iZiI6MTY2OTY1NDc5NiwiZXhwIjoxNjY5NjU5MjU5LCJpYXQiOjE2Njk2NTQ3OTYsImlzcyI6Imh0dHBzOi8vd2ViLWFkaGFsLXRlc3QuYXp1cmV3ZWJzaXRlcy5uZXQvIiwiYXVkIjoiaHR0cHM6Ly93ZWItYWRoYWwtdGVzdC5henVyZXdlYnNpdGVzLm5ldC8ifQ.D40VnD2QwUutI0mSNoSV1ccVI1jy85xCBMZSibrjDPU%22%2C%22user%22%3A%7B%22userId%22%3A%22sid%3A5d1e7a39cb56658XXXXXX16ed944d52%22%7D%7D
I've replaced some critical letters in the auth token a userId SID for security.
We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process.
Yep can totally replicate this.
I set up a server side authenticator following the tutorial on Microsoft Learn: https://learn.microsoft.com/en-us/dotnet/maui/platform-integration/communication/authentication?view=net-maui-7.0&tabs=android
When my WebAuthenticator calls my endpoint, via WebAuthenticator.Default.AuthenticateAsync, the API endpoint processes the Auth request then when returning back to the MAUI app - nothing... the MAUI app just freezes and a response is never captured when debugging..
Anyone know a workaround?
