auth0 / auth0-oidc-client-net

OIDC Client for .NET Desktop and Mobile applications
https://auth0.github.io/auth0-oidc-client-net/
Apache License 2.0
86 stars 49 forks source link

"This browser or app may not be secure" when using the Auth0 OIDC Client for .NET library #212

Closed ix42 closed 3 years ago

ix42 commented 3 years ago

Describe the problem

Hi, we are using the Auth0 OIDC Client for .NET library to authenticate from a C# app. However, for certain users, we get the infamous "This browser or app may not be secure. Try using a different browser. If you're already using a supported browser, you can try again to sign in." message. Anyone else encountered this problem? Any workarounds?

What was the expected behavior?

Login prompt to show up

Reproduction

We do not reproduce this constantly, just for certain users we have, the pattern we seem to observe is that they have Edge as their default browser.

Environment

Windows, C# app using Auth0.OidcClient.WinForms 3.2.2

frederikprijck commented 3 years ago

Would you be able to provide us with some way for us to try and reproduce this? Currently, there is not much information for us to work with.

Are the people that see the error perhaps running the application as an Administrator?

ix42 commented 3 years ago

Yes, the application runs as administrator.

We are currently testing this solution coming from one of your colleagues: https://community.auth0.com/t/howto-use-the-auth0-oidcclient-winforms-sdk-with-edge-chromium-webview2/57746 (seems to be needed as WebViewBrowser uses IE when running as administrator)

frederikprijck commented 3 years ago

Yes, it's a known thing for WebViewBrowser to use IE when running as administrator. There isn't much our SDK can control here, but using what is explained in that community post should allow you to prevent from falling back to IE when running as admin.

I will close the issue, as it seems to be all working as expected. Please feel free to continue the conversation and we can reopen if needed.

ix42 commented 3 years ago

We still encounter the problem above for certain users (with no clear pattern), even with the Edge browser workaround from that community link and running as non-admin. For example on a Windows 8.1 system, Edge version 93.0.961.52. Are there any other login alternatives you recommend for C# applications?