Closed WilliamWatterson86 closed 5 years ago
@parakhj. what would be your recommendation?
Interesting. Yea, you will have to reauthenticate the user using the sign-up or sign in (SUSI) policy. Because the user will already be signed in, SSO should kick in and so the user shouldnt have to sign in again. The only problem is that they may see a flash.
That being said, any reason why you have a SUSI and a sign up policy?
@parakhj @jmprieur - thanks for your reply. I wanted to have a Register and SignIn button on the main page of the app mainly just for UI reasons, nothing functional. I could potentially remove it and just have a "Register/Signup" button.
@WilliamWatterson86 : can we close this issue? or do you expect something from us?
@jmprieur sorry should have commented back. I just removed the link to the register page and all good now. So forcing users to use the signup sign in flow. So happy to close
Thanks for the update @WilliamWatterson86
Which Version of MSAL are you using ? v2.6.2
Which platform has the issue? Xamarin
What authentication flow has the issue?
Repro I have a Xamarin app. I initialise the PublicClientApplication in my App.xaml.cs like so:
AuthenticationClient
= new PublicClientApplication(ApplicationSettings.ClientID, ApplicationSettings.Authority) { RedirectUri = $"msal{ApplicationSettings.ClientID}://auth"};
The Authority I am setting here is my custom B2C SignUpSignIn policy.
On the first page of the app the user has the option to "Register" or "Sign in".
If they tap on the register button, I launch my B2C SignUp policy like this:
ar = await App.AuthenticationClient.AcquireTokenAsync(ApplicationSettings.Scopes, "", UIBehavior.SelectAccount, string.Empty, null, ApplicationSettings.AuthoritySignUp, App.UiParent);
If they tap on the Sign in button, I launch my B2C SignUpSignIn policy like this:
ar = await App.AuthenticationClient.AcquireTokenAsync(ApplicationSettings.Scopes, "", UIBehavior.ForceLogin, string.Empty, null, ApplicationSettings.AuthoritySignUpSignIn, App.UiParent);
I seem to have an issue where if the user uses the "Register" link (which logs the user in using the Signup policy) - after a period of time i get the following error when authenticating silently before I contact my API:
Microsoft.Identity.Client.MsalUiRequiredException: AADB2C90088: The provided grant has not been issued for this endpoint. Actual Value : B2C_1_DimplexWiFiSignUpSignIn and Expected Value : B2C_1_DimplexWiFiSignUp Correlation ID: 8f3ef529-7520-4bc6-bead-7768b4a9e077 Timestamp: 2019-01-11 15:23:40Z
I think I understand what this means - I logged in using the SignUp policy and that is what my refresh token had - but i am trying to reauthenticate using the SignInSignUp policy (which as you can see from the code above I configured the PublicClientApplication with when my app started up). My question is what can I do to get around this issue? Do I need to do something to force a refresh of the token or something using the policy I am going to be using for the rest of the app?
Additional context/ Logs / Screenshots Stacktrace of error: Stacktrace as follows: Microsoft.Identity.Core.OAuth2 OAuth2Client.CreateErrorResponse (Microsoft.Identity.Core.Http.HttpResponse response, Microsoft.Identity.Core.RequestContext requestContext) Microsoft.Identity.Core.OAuth2 OAuth2Client.CreateResponse[T] (Microsoft.Identity.Core.Http.HttpResponse response, Microsoft.Identity.Core.RequestContext requestContext, System.Boolean addCorrelationId) Microsoft.Identity.Core.OAuth2 OAuth2Client+d10`1[T].MoveNext ()
Microsoft.Identity.Core.OAuth2
OAuth2Client+d 9.MoveNext ()
Microsoft.Identity.Client.Internal.Requests
RequestBase+d34.MoveNext ()
Microsoft.Identity.Client.Internal.Requests
RequestBase+d 33.MoveNext ()
Microsoft.Identity.Client.Internal.Requests
SilentRequest+d4.MoveNext ()
Microsoft.Identity.Client.Internal.Requests
RequestBase+d 28.MoveNext ()
Microsoft.Identity.Client
ClientApplicationBase+d60.MoveNext ()
Microsoft.Identity.Client
ClientApplicationBase+d 56.MoveNext ()
DimplexWiFi.Services
Client+d0.MoveNext ()
DimplexWiFi.Services
Client+d 1`1[T].MoveNext ()