search

aws-amplify / amplify-swift

A declarative library for application development using cloud services.
Apache License 2.0
438 stars 190 forks source link

Login with Microsoft AD authentication using signInWithWebUI is not successful. #3606

Open bbdev9805 opened 3 months ago

bbdev9805 commented 3 months ago

Describe the bug

There is a pattern in which login with Microsoft AD authentication using SignInWithWebUI is not successful. This issue occurs when Microsoft Intune Conditional Access is set to require an app protection policy. This setting requires authentication to be performed on Edge. However, signInWithWebUI uses ASWebAuthenticationSession. Therefore, Microsoft authentication screen will appear asking to launch in Edge. After launching Edge, a HostedUI error screen is displayed in the browser. After that, if entering the email address on the Hosted UI screen, the app will call back. When returning to the app, the Microsoft authentication screen remains displayed.

スクリーンショット 2024-04-11 19 04 46

Steps To Reproduce

Steps to reproduce the behavior:
1. Open the app and login with Hosted UI
2. Launch Edge from the Microsoft authentication screen
3. Enter the email address on HostedUI
4. Authentication not completed

Expected behavior

No error occurs in HostedUI after launching Edge from the Microsoft authentication screen. Then, return to the app, close the Microsoft authentication screen, and complete the sign-in.

Amplify Framework Version

2.28.0

Amplify Categories

Auth

Dependency manager

Swift PM

Swift version

5.1

CLI version

12.10.1

Xcode version

15.3

Relevant log output

<details>
<summary>Log Messages</summary>

INSERT LOG MESSAGES HERE



### Is this a regression?

Yes

### Regression additional context

_No response_

### Platforms

_No response_

### OS Version

iOS 16, 17

### Device

iPad

### Specific to simulators

_No response_

### Additional context

_No response_
phantumcode commented 3 months ago

@bbdev9805 Thanks for submitting the issue. We will attempt to reproduce the issue and investigate further.

harsh62 commented 3 weeks ago

@bbdev9805 Are you still facing the issue?

bbdev9805 commented 3 weeks ago

@harsh62 Yes, This issue has not been solved.

harsh62 commented 1 week ago

@bbdev9805 So I am able to create a very similar environment that you have, and not able to reproduce the issue. Would you be able to provide verbose logs when this issue happens? You can enable verbose logging to the console by doing this before calling Amplify.configure:

Amplify.Logging.logLevel = .verbose

Additionally, can you also provide your amplifyconfiguration.json file redacted all the sensitive information.

Lastly, have you made sure that the redirect URI has been setup correctly in the app?

bbdev9805 commented 5 days ago

@harsh62 How should I provide the logs and the amplifyconfiguration.json file? The redirect URI is set up correctly. The issue occurs when authentication is required on Edge, as described below. If Microsoft Intune Conditional Access is not configured, the ASWebAuthenticationSession appears and the sign-in completes successfully.

This issue occurs when Microsoft Intune Conditional Access is set to require an app protection policy. This setting requires authentication to be performed on Edge.

harsh62 commented 5 days ago

Thank you @bbdev9805 . I will try to setup the account with the setting that you provided and see if I can recreate the issue.