Prasad-MSFT
commented
3 weeks ago Hi @LeonYasoon, thanks for raising your issue. Could you please provide more details on your issue? Any repro video would be really helpful.
Open LeonYasoon opened 3 weeks ago
Prasad-MSFT
commented
3 weeks ago Hi @LeonYasoon, thanks for raising your issue. Could you please provide more details on your issue? Any repro video would be really helpful.
LeonYasoon
commented
3 weeks ago Sure, here is what the flow looks like:
Open a Microsoft adminconsent login URL that is shaped like https://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id={{CLIENTID}}&scope={{SCOPES}}&redirect_uri={{REDIRECTURI}}&state={{STATE}}
Select an admin account and approve the request
Sometimes, the redirect uri that is provided with the adminconsent URL is called with the provided state but also with the string "Sign+in+to+your+account" appended to the state query, which can be seen here in our access logs:
LeonYasoon
commented
3 weeks ago Also, please excuse me if this is not the right place to raise this request and feel free to point me in the right direction.
Prasad-MSFT
commented
3 weeks ago Thanks for providing the details. We are checking this with engineering team. We will inform you once we have any update.
Hi Teams. Not sure where to correct place to raise this issue would be, so please feel free to point me in the right direction.
When creating an adminconsent URL like
https://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id={{CLIENTID}}&scope={{SCOPES}}&redirect_uri={{REDIRECTURI}}&state={{STATE}}and confirming the admin consent, the user is sometimes redirect to a URI that is shaped like{{REDIRECTURI}}?admin_consent=True&tenant={{TENANTID}}&state={{state}}Sign+in+to+your+accountwhich leads to the state being corrupted by the string "Sign in to your account" beeing appended.