search

AzureAD / microsoft-authentication-library-for-js

Microsoft Authentication Library (MSAL) for JS
http://aka.ms/aadv2
MIT License
3.64k stars 2.65k forks source link

Error: Uncaught (in promise): BrowserAuthError: block_iframe_reload #6956

Closed captain01010101 closed 5 months ago

captain01010101 commented 7 months ago

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.7.1

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

3.0.12

Public or Confidential Client?

Public

Description

Attempting to run angular application inside of a iFrame without using a poup for the login method. I would like the angular app to redirect to the default b2c login experience. The Angular App has a login button that calls this.authService.loginRedirect(); I have configured a custom domain; e.g. login.example.com instead of example.b2clogin. The page and the iframe application will reside on different origins.

Error Message

core.mjs:10614 ERROR Error: Uncaught (in promise): BrowserAuthError: block_iframe_reload: Request was blocked inside an iframe because MSAL detected an authentication response. For more visit: aka.ms/msaljs/browser-errors BrowserAuthError: block_iframe_reload: Request was blocked inside an iframe because MSAL detected an authentication response. For more visit: aka.ms/msaljs/browser-errors at createBrowserAuthError (BrowserAuthError.mjs:264:12) at blockReloadInHiddenIframes (BrowserUtils.mjs:70:37) at StandardController.preflightBrowserEnvironmentCheck (StandardController.mjs:879:35) at StandardController.mjs:254:14 at Generator.next () at asyncGeneratorStep (asyncToGenerator.js:3:1) at _next (asyncToGenerator.js:22:1) at asyncToGenerator.js:27:1 at new ZoneAwarePromise (zone.js:1411:21) at asyncToGenerator.js:19:1 at resolvePromise (zone.js:1193:31) at resolvePromise (zone.js:1147:17) at zone.js:1100:17 at zone.js:1116:33 at asyncGeneratorStep (asyncToGenerator.js:10:1) at _next (asyncToGenerator.js:22:1) at asyncToGenerator.js:27:1 at new ZoneAwarePromise (zone.js:1411:21) at asyncToGenerator.js:19:1 at StandardController.loginRedirect (StandardController.mjs:1149:12) Show 22 more frames

MSAL Logs

[Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getTemporaryCache: No cache item found in local storage styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getAccountKeys called styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Info - Emitting event: msal:loginStart styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function standardInteractionClientInitializeAuthorizationRequest styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function initializeBaseRequest styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from initializeBaseRequest styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getActiveAccount: No active account filters cache schema found, looking for legacy schema styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getActiveAccount: No active account found styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getTemporaryCache: No cache item found in local storage styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getTemporaryCache: No cache item found in local storage styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from standardInteractionClientInitializeAuthorizationRequest styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.updateCacheEntries called styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function standardInteractionClientInitializeAuthorizationCodeRequest styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function generatePkceCodes styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function generateCodeVerifier styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function getRandomValues styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from getRandomValues styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from generateCodeVerifier styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function generateCodeChallengeFromVerifier styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function sha256Digest styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from sha256Digest styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from generateCodeChallengeFromVerifier styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from generatePkceCodes styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from standardInteractionClientInitializeAuthorizationCodeRequest styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function standardInteractionClientCreateAuthCodeClient styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function standardInteractionClientGetClientConfiguration styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function standardInteractionClientGetDiscoveredAuthority styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function authorityFactoryCreateDiscoveredInstance styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function authorityResolveEndpointsAsync styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function authorityUpdateCloudDiscoveryMetadata styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from authorityUpdateCloudDiscoveryMetadata styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function authorityUpdateEndpointMetadata styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Executing function authorityGetEndpointMetadataFromNetwork styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from authorityGetEndpointMetadataFromNetwork styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from authorityUpdateEndpointMetadata styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.setAuthorityMetadata called styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from authorityResolveEndpointsAsync styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from authorityFactoryCreateDiscoveredInstance styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from standardInteractionClientGetDiscoveredAuthority styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from standardInteractionClientGetClientConfiguration styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - Returning result from standardInteractionClientCreateAuthCodeClient styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - isNativeAvailable called styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : msal.js.browser@3.9.0 : Trace - isNativeAvailable: allowNativeBroker is not enabled, returning false styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : @azure/msal-common@14.7.0 : Trace - Executing function authClientCreateQueryString styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-1dd1-7f66-9c96-bb8831ff51d9] : @azure/msal-common@14.7.0 : Trace - Returning result from authClientCreateQueryString styles.js:1 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.cacheCodeRequest called 0.0.0.0/:1 Third-party cookie will be blocked. Learn more in the Issues tab. 0.0.0.0/:1 Third-party cookie will be blocked. Learn more in the Issues tab. polyfills.js:1 [webpack-dev-server] Server started: Hot Module Replacement disabled, Live Reloading enabled, Progress disabled, Overlay enabled. core.mjs:26656 Angular is running in development mode. app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - initialize called app.module.ts:70 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Info - Emitting event: msal:initializeStart app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - Executing function clearTokensAndKeysWithClaims app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getTokenKeys called core.mjs:26656 Angular is running in development mode. app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - Returning result from clearTokensAndKeysWithClaims app.module.ts:70 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Info - Emitting event: msal:initializeEnd app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getAccountKeys called app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getCachedNativeRequest called app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getTemporaryCache: No cache item found in local storage app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getCachedNativeRequest: No cached native request found app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getTemporaryCache: No cache item found in local storage app.module.ts:70 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Info - Emitting event: msal:handleRedirectStart app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - handleRedirectPromise - acquiring token from web flow app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - Executing function handleRedirectPromise app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getTemporaryCache: No cache item found in local storage app.module.ts:70 [Fri, 15 Mar 2024 14:46:27 GMT] : [018e4294-2036-77f3-9228-87c097a0574c] : msal.js.browser@3.9.0 : Info - handleRedirectPromise called but there is no interaction in progress, returning null. app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - Returning result from handleRedirectPromise app.module.ts:70 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Info - Emitting event: msal:handleRedirectEnd app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getAccountKeys called app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getAccountKeys called app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getAccountKeys called app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getAccountKeys called app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getAccountKeys called app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getAccountKeys called app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getAccountKeys called app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getAccountKeys called app.module.ts:79 [Fri, 15 Mar 2024 14:46:27 GMT] : [] : @azure/msal-browser@3.9.0 : Trace - BrowserCacheManager.getAccountKeys called

Network Trace (Preferrably Fiddler)

MSAL Configuration

{    
    auth: {
      clientId: 'xxxxxx_xxxx_xxxx_xxxx_xxxxxxxx',
      authority: 'https://login.example.io/xxxxxx_xxxx_xxxx_xxxx_xxxxxxxx/b2c_1_susi',
      redirectUri: '/',
      postLogoutRedirectUri: '/',
      knownAuthorities: ['login.beancounter.io']
    },
    cache: {
// have tried multiple combinations
      cacheLocation: BrowserCacheLocation.LocalStorage, 
      storeAuthStateInCookie: false, 
    },
    system: {
      allowNativeBroker: false, // Disables WAM Broker
      allowRedirectInIframe: true
   }
}

Relevant Code Snippets

if (this.msalGuardConfig.authRequest) {
                this.authService.loginRedirect({ ...this.msalGuardConfig.authRequest, ...userFlowRequest } as RedirectRequest);
            } else {
                this.authService.loginRedirect(userFlowRequest);
            }

Reproduction Steps

  1. Create web page hosted on localhost
  2. embed angular application inside iframe with different origin (deployed to www)
  3. attempt to login via the angular application

Expected Behavior

Redirected to b2c login page

Identity Provider

Azure B2C Basic Policy

Browsers Affected (Select all that apply)

Chrome

Regression

No response

Source

External (Customer)

tnorling commented 5 months ago

This error is thrown when making a redirect request inside an iframe with any of the following properties in the hash fragment: code, error, error_description, state

Can you please double check the url of your iframe to ensure none of those properties are present in the hash when making the request? If you didn't put them there then they may be unprocessed responses from a previous login attempt.

captain01010101 commented 5 months ago

This can be closed I ended up not using the iframe.