eclipse.platform.swt icon indicating copy to clipboard operation
eclipse.platform.swt copied to clipboard
verified publisher icon eclipse-platform

SWT upgrade to version 3.126.0: WebView2 no longer passes Device info to Azure

Open pawanrajoriya opened this issue 2 months ago • 2 comments

We are using a Java17-based desktop application that federates users via Azure Entra ID using the OAuth2 Authorization Code Flow. Additionally, we enforce Azure Conditional Access policies with Device Assurance enabled.

Recently, we upgraded the SWT library to version 3.126.0, which introduced WebView2 as the underlying browser component. Post-upgrade, we observed that Device ID and Join Type information are no longer present in the interactive user sign-in logs in Azure Entra ID.

Observed Behavior:

  • Current WebView2 (Edge 140.0.0): Device ID and Join Type are missing in the sign-in logs.
Image
  • Previous WebView (IE 7.0): Device ID and Join Type were visible in the sign-in logs.
Image

This change is impacting our Conditional Access policies that rely on device information for compliance and access control.

Please help us for the same.

pawanrajoriya avatar Oct 22 '25 14:10 pawanrajoriya

Thank you for the report, but currently seems to be inconsistent and lacks some information:

  • Edge/WebView2 has been made SWT's default browser engine for Windows with the 4.32 release of Eclipse, which should include the 3.129 version of SWT: https://eclipse.dev/eclipse/news/news.html?file=4.32/platform.html. You mention that you upgraded to 3.126, but that SWT version should not use WebView2 by default. Can you please clarify?
  • Many improvements have been applied to the WebView2 adaptation in SWT throughout the latest releases, so please retest if the issue persist with latest SWT version (current development version is 3.132 whereas you refer to 3.126).
  • If the issue persists with latest SWT state, please provide a standalone reproducer, which shows the expected behavior when using IE engine and unexpected behavior when using WebView2.

HeikoKlare avatar Oct 27 '25 11:10 HeikoKlare

I'm quite sure this was actually implemented with https://github.com/eclipse-platform/eclipse.platform.swt/pull/1834 but currently is hidden behind a switch.

@pawanrajoriya: Can you try to set -Dorg.eclipse.swt.browser.Edge.allowSingleSignOnUsingOSPrimaryAccount=true via eclipse.ini?

@HeikoKlare: I wasn't even aware that this feature was/is supported by the old IE runtime. We might as well switch the default to true for Edge and make this opt-out.

sratz avatar Oct 27 '25 12:10 sratz