rohitnarula7176
commented
6 years ago @thiner The errors you are are referring to refer to two different things. errorDesc refers to the error you received at the time of login. After we extract this error , we then call your callback function with this error.
The last error in the try catch is to handle the case where your callback function encounters any errors. This is the correct sequence. Can you elaborate on the issue you are facing.
Version: 1.0.17 Browser: Chrome 65.0.3325.181 (Official Build) (32-bit)
Scenario: I logged in to portal.azure.net with account dummy@live.com, then I open my web app in another browser tab, this web app is configured in AAD with access limitation that allow only company accounts. The web application appears infinite login process.
The URL replied by AAD with error message as below:
http://localhost:8081/#error=invalid_request&error_description=AADSTS90072%3a+User+account+%27[dummy]%40live.com%27+from+identity+provider+%27live.com%27+does+not+exist+in+tenant+%27ZHM%27+and+cannot+access+the+application+%[application id]%27+in+that+tenant.++The+account+needs+to+be+added+as+an+external+user+in+the+tenant+first.++Sign+out+and+sign+in+again+with+a+different+Azure+Active+Directory+user+account.%0d%0aTrace+ID%3a+5fa7c8dc-ec5b-432e-b9eb-28bde0d61600%0d%0aCorrelation+ID%3a+0da3dc0b-830b-42a4-a0a3-cc0e27488da8%0d%0aTimestamp%3a+2018-04-12+10%3a31%3a45Z&state=2252ce78-7e36-4ba0-a66c-be300ee294bdI can't even see this error message until I put a break point in before the line creating AuthenticationContext instance. By dig into adal.js, I found the root cause inhandleWindowCallback().First of all, I think trying to process error message after process token is not correct. Second, even though you extract error message, but doesn't properly handle it, it gives adal.js a
validflag that token is retrieved but actually not.