3.19.6 UWP AcquireTokenAsync - AdalServiceException: "User canceled authentication" without canceling

[avorobjovs]

Hi,

I have a UWP application and need to authorize with Azure AD.

I use ADAL v 3.19.6. But I have the AdalServiceException "User canceled authentication" every time when I try to call the AcquireTokenAsync. Authentication popup is not opening at all, but the exception is thrown after half a second. I tried to rollback the ADAL to version 3.17.3, but the result is the same.

Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: User canceled authentication
   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenInteractiveHandler.VerifyAuthorizationResult()
   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenInteractiveHandler.<PreTokenRequestAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<RunAsync>d__57.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenCommonAsync>d__39.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenAsync>d__29.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at UwpAdalTest.MainPage.<AuthorizeKc>d__3.MoveNext()
    ErrorCode: authentication_canceled
    StatusCode: 0

My Windows version: Windows 10 Version 1709 (OS Build 16299.431)

My UWP application: Target version: Windows 10 Fall Creator Update (10.0; Build 16299) Min version: Windows 10 November Update (10.0; Build 10586) Microsoft.NETCore.UniversalWindowsPlatform: Version 6.1.5 Microsoft.IdentityModel.Clients.ActiveDirectory: Version 3.19.6

There is my code:

try
{
    string authority = "https://login.microsoftonline.com/5ab0514a-59fa-4283-934f-xxxxxxxxxxxx";
    string resource = "5cdb7752-5e4b-4090-ae19-xxxxxxxxxxxx";
    string clientId = "973ed211-3215-4ee4-93ce-xxxxxxxxxxxx";
    string redirectUri = "http://dummy.xxxxxxxxxx.com";

    AuthenticationContext authContext = new AuthenticationContext(authority);
    AuthenticationResult authResult = await authContext.AcquireTokenAsync(resource, clientId, new Uri(redirectUri), new PlatformParameters(PromptBehavior.Auto, true), UserIdentifier.AnyUser);
    string authHeader = authResult.CreateAuthorizationHeader();
}
catch (Exception ex)
{
    var s = ex.ToString();
}

There is the LoggerCallbackHandler log:

Information 2018-06-04T12:34:59.9832192Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: ADAL PCL.WinRT with assembly version '3.19.6.14301', file version '3.19.50523.1839' and informational version '1ae77ee16c2204403e53d7e652ddc8f4d315cfb1' is running...
Information 2018-06-04T12:34:59.9892129Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: === Token Acquisition started:
    Authority: https://login.microsoftonline.com/5ab0514a-59fa-4283-934f-xxxxxxxxxxxx/
    Resource: 5cdb7752-5e4b-4090-ae19-xxxxxxxxxxxx
    ClientId: 973ed211-3215-4ee4-93ce-xxxxxxxxxxxx
    CacheType: null
    Authentication Target: User

Verbose 2018-06-04T12:35:01.4318532Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: Loading from cache.
Verbose 2018-06-04T12:35:01.4408181Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: Looking up cache for a token...
Information 2018-06-04T12:35:01.4478185Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: No matching token was found in the cache
Verbose 2018-06-04T12:35:01.4478185Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: Looking up cache for a token...
Information 2018-06-04T12:35:01.4478185Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: No matching token was found in the cache
Verbose 2018-06-04T12:35:01.4478185Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: Looking up cache for a token...
Information 2018-06-04T12:35:01.4478185Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: No matching token was found in the cache
Verbose 2018-06-04T12:35:01.4478185Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: Looking up cache for a token...
Information 2018-06-04T12:35:01.4478185Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: No matching token was found in the cache
Verbose 2018-06-04T12:35:01.4478185Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: Looking up cache for a token...
Information 2018-06-04T12:35:01.4478185Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: No matching token was found in the cache
Verbose 2018-06-04T12:35:01.4478185Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: Looking up cache for a token...
Information 2018-06-04T12:35:01.4478185Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: No matching token was found in the cache
Error 2018-06-04T12:35:03.2547086Z: 184bfd24-04bd-409d-a115-39294e1a2e97 - LoggerBase.cs: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: User canceled authentication
   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenInteractiveHandler.VerifyAuthorizationResult()
   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenInteractiveHandler.<PreTokenRequestAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.<RunAsync>d__57.MoveNext()
    ErrorCode: authentication_canceled
    StatusCode: 0

There is a Fiddler log:

GET https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/5ab0514a-59fa-4283-934f-xxxxxxxxxxxx/oauth2/authorize HTTP/1.1
client-request-id: b8281a8f-524d-4b5a-9c08-4ff9624e6ef2
return-client-request-id: true
x-client-DM: 80WQ
Accept: application/json
x-client-Ver: 3.19.6.14301
x-ms-PKeyAuth: 1.0
x-client-CPU: x64
x-client-SKU: PCL.WinRT
Host: login.microsoftonline.com
Connection: Keep-Alive

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
client-request-id: b8281a8f-524d-4b5a-9c08-4ff9624e6ef2
x-ms-request-id: e3e3e6cb-d285-4743-88af-26e6dcc93000
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: esctx=AQABAAAAAADX8GCi6Js6SK82TsD2Pb7rPnG97cBXAGBrUR5_5uEaqRmabCGFuePX0MG41BryfYwvlEWVWoHM2rjjwT6mtvUKWvDfDd6G7YYCNEUa0T2onfZYLRcGh3jgGxq2Djf9l9xbkDj5S_CjHSft1q6r3fL2jFlrAISym4JX-6gUKNxktSWV8D-YpyPrzWFfnemJb1kgAA; domain=.login.microsoftonline.com; path=/; secure; HttpOnly
Set-Cookie: x-ms-gateway-slice=019; path=/; secure; HttpOnly
Set-Cookie: stsservicecookie=ests; path=/; secure; HttpOnly
X-Powered-By: ASP.NET
Date: Mon, 04 Jun 2018 12:07:45 GMT
Content-Length: 975

{"tenant_discovery_endpoint":"https://login.microsoftonline.com/5ab0514a-59fa-4283-934f-xxxxxxxxxxxx/.well-known/openid-configuration","api-version":"1.1","metadata":[{"preferred_network":"login.microsoftonline.com","preferred_cache":"login.windows.net","aliases":["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{"preferred_network":"login.partner.microsoftonline.cn","preferred_cache":"login.partner.microsoftonline.cn","aliases":["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{"preferred_network":"login.microsoftonline.de","preferred_cache":"login.microsoftonline.de","aliases":["login.microsoftonline.de"]},{"preferred_network":"login.microsoftonline.us","preferred_cache":"login.microsoftonline.us","aliases":["login.microsoftonline.us","login.usgovcloudapi.net"]},{"preferred_network":"login-us.microsoftonline.com","preferred_cache":"login-us.microsoftonline.com","aliases":["login-us.microsoftonline.com"]}]}

[jennyf19]

@avorobjovs Did you set up everything according to what is recommended in Properties Specific to UWP?

[avorobjovs]

@jennyf19 I set up everything according to this documentation. I also tried to change the UseCorporateNetwork in the PlatformParameters to FALSE. But the result is the same.

Only the redirectUri for my app is not the callback URI for windows store applications. Because we use the same settings in the Azure portal for an authorization from UWP, Xamarin.iOS, Xamarin.Android and other apps. How is it important for ADAL authorization? Should we mandatory set the callback URI for windows store applications in the Azure portal?

[jmprieur]

See the documentation: https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Acquiring-tokens-interactively---Public-client-application-flows#getting-the-redirect-uri-in-the-case-of-windows-universal-apps