Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Login with Microsoft AD authentication using signInWithWebUI is not successful. #3606

Open
bbdev9805 opened this issue Apr 11, 2024 · 8 comments
Labels
auth Issues related to the Auth category bug Something isn't working follow up Requires follow up from maintainers

Comments

@bbdev9805
Copy link

Describe the bug

There is a pattern in which login with Microsoft AD authentication using SignInWithWebUI is not successful. This issue occurs when Microsoft Intune Conditional Access is set to require an app protection policy. This setting requires authentication to be performed on Edge. However, signInWithWebUI uses ASWebAuthenticationSession. Therefore, Microsoft authentication screen will appear asking to launch in Edge. After launching Edge, a HostedUI error screen is displayed in the browser. After that, if entering the email address on the Hosted UI screen, the app will call back. When returning to the app, the Microsoft authentication screen remains displayed.

スクリーンショット 2024-04-11 19 04 46

Steps To Reproduce

Steps to reproduce the behavior:
1. Open the app and login with Hosted UI
2. Launch Edge from the Microsoft authentication screen
3. Enter the email address on HostedUI
4. Authentication not completed

Expected behavior

No error occurs in HostedUI after launching Edge from the Microsoft authentication screen. Then, return to the app, close the Microsoft authentication screen, and complete the sign-in.

Amplify Framework Version

2.28.0

Amplify Categories

Auth

Dependency manager

Swift PM

Swift version

5.1

CLI version

12.10.1

Xcode version

15.3

Relevant log output

<details>
<summary>Log Messages</summary>


INSERT LOG MESSAGES HERE
```

Is this a regression?

Yes

Regression additional context

No response

Platforms

No response

OS Version

iOS 16, 17

Device

iPad

Specific to simulators

No response

Additional context

No response

@phantumcode
Copy link
Contributor

@bbdev9805 Thanks for submitting the issue. We will attempt to reproduce the issue and investigate further.

@phantumcode phantumcode added bug Something isn't working auth Issues related to the Auth category labels Apr 11, 2024
@thisisabhash thisisabhash added the follow up Requires follow up from maintainers label Jun 14, 2024
@harsh62
Copy link
Member

harsh62 commented Jun 25, 2024

@bbdev9805 Are you still facing the issue?

@bbdev9805
Copy link
Author

@harsh62 Yes, This issue has not been solved.

@harsh62
Copy link
Member

harsh62 commented Jul 11, 2024

@bbdev9805 So I am able to create a very similar environment that you have, and not able to reproduce the issue. Would you be able to provide verbose logs when this issue happens? You can enable verbose logging to the console by doing this before calling Amplify.configure:

Amplify.Logging.logLevel = .verbose

Additionally, can you also provide your amplifyconfiguration.json file redacted all the sensitive information.

Lastly, have you made sure that the redirect URI has been setup correctly in the app?

@bbdev9805
Copy link
Author

@harsh62 How should I provide the logs and the amplifyconfiguration.json file? The redirect URI is set up correctly. The issue occurs when authentication is required on Edge, as described below. If Microsoft Intune Conditional Access is not configured, the ASWebAuthenticationSession appears and the sign-in completes successfully.

This issue occurs when Microsoft Intune Conditional Access is set to require an app protection policy. This setting requires authentication to be performed on Edge.

@harsh62
Copy link
Member

harsh62 commented Jul 16, 2024

Thank you @bbdev9805 . I will try to setup the account with the setting that you provided and see if I can recreate the issue.

@bbdev9805
Copy link
Author

@harsh62 Is there any update regarding this issue?

I have rechecked the actual behavior. After displaying the authentication screen with signInWithWebUI and launching Edge to complete the authentication, it returns to the app via a callback. Since the app is launched from the Edge app via a callback, the SceneDelegate is triggered, and the callback URL contains the code. However, the signInWithWebUI API does not return a result, and the authentication screen remains displayed. Is it possible to complete the sign-in process when the authentication is completed and the user returns to the original app via a callback after transitioning to Edge?

@github-actions github-actions bot added the pending-maintainer-response Issue is pending response from an Amplify team member label Dec 18, 2024
@ruisebas
Copy link
Member

Thanks for the additional details and sorry for losing track.
We're trying to reproduce this issue but are having trouble setting up an app with Microsoft AD authentication. Once we sort that out, we'll post an update here.

Thanks.

@github-actions github-actions bot removed the pending-maintainer-response Issue is pending response from an Amplify team member label Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auth Issues related to the Auth category bug Something isn't working follow up Requires follow up from maintainers
Projects
None yet
Development

No branches or pull requests

5 participants