search

SharePoint / sp-dev-docs

SharePoint & Viva Connections Developer Documentation
https://docs.microsoft.com/en-us/sharepoint/dev/
Creative Commons Attribution 4.0 International
1.24k stars 1.01k forks source link

SPFx aadHttpclient fails on iphone #9432

Open ag0059985 opened 9 months ago

ag0059985 commented 9 months ago

Target SharePoint environment

SharePoint Online

What SharePoint development model, framework, SDK or API is this about?

💥 SharePoint Framework

Developer environment

None

What browser(s) / client(s) have you tested

Additional environment details

Describe the bug / error

We have webparts which are using graph api and custom api, which is secured using Azure AD. When we place these webparts in a SharePoint online page, and try to open it Edge browser on iphone, page refreshes multiple times. Example - If we put 4 different webparts instance on the page, page refresh happens 4 times, and with each refresh, one webpart starts working.

Steps to reproduce

  1. Create a webpart which uses graph api or custom api (secured by Azure AD)
  2. Host the webpart on SPO page
  3. Open the page on Edge browser on iPhone

Expected behavior

Page should not refresh, and all webparts should work on the first page load.

ghost commented 9 months ago

Thank you for reporting this issue. We will be triaging your incoming issue as soon as possible.

kbeeveer46 commented 9 months ago

It's because Safari blocks third party cookies by default (in iOS, all browsers use Safari behind the scenes) and eventually all browsers will be blocking the cookies. The same issue occurs when using Safari on MacOS and Firefox when certain settings are enabled. Check out the reply in this post for the most recent status update https://github.com/SharePoint/sp-dev-docs/issues/9301

ag0059985 commented 9 months ago

Hi @kbeeveer46, thank you for the response. yes, i am aware of it on macOS, and its been resolved. but we are using edge browser on iphones, and strange thing is, each time page refreshes, one of the webpart starts working. so if on the page we have 4 different webparts, pages reloads 4 times, and than all webparts are working fine. we are following this link from MS for webpart implementation https://learn.microsoft.com/en-us/sharepoint/dev/spfx/use-aadhttpclient#connect-to-azure-ad-applications-using-the-aadhttpclient

kbeeveer46 commented 9 months ago

It doesn't matter if you are using Edge, Chrome, or Firefox (or any browser) on iOS. They are all using the same WebKit rendering engine as Safari. They all block third party cookies by default. You have to disable the setting within the browser to allow it (I think it's called cross site tracking). If you don't disable it, the browser has to do a full page refresh for the authentication which means every API calls has to refresh the page.

Here is an article that explains how all browsers are the same on iOS https://9to5mac.com/2023/02/07/new-iphone-browsers/

ag0059985 commented 9 months ago

thanks @kbeeveer46 for the help. i have disabled the cross site tracking on Safari and Edge browser both, and things are looking good. will do one more round of testing, before closing the issue.

AtDH01 commented 9 months ago

kbeeveer46

Useful and promising to see Microsoft are looking to change their implementation. @nick-pape back on your comment in this closed issue #9301 are you able to provide any clearer timelines for when the new auth flow will be ready?