Open jkKania opened 1 year ago
JasSuri
commented
10 months ago We will not be releasing an API for these UI interactions.
All of these should deliver UI facing error messages to the DOM, that was the design, and errors returned back to the app are intercepted by MSAL.
The polling for phone verification is normal, we await the user to press the hash key on their phone, which picks up the response on the server, eventually.
jkKania
commented
10 months ago Hello @JasSuri thank you for your response.
Clearly there is already API behind the scenes to which a policy template sends AJAX requests and which handles the responses returned to custom policy pages. This is no doubt and out of discussion. Please do not take my comments personally since I am describing my experience from developer perspective who has to integrate with technology. Main problem (lack of error description) with this particular template for developer is when I want to react in key moments like:
From my perspective its just rubbish and honestly it deserves to use some other commercial API to make such calls and use self asserted template as a core to overwrite the page and perform custom AJAX call to commercial API that would handle requests properly but is this what company pays for this technology? I mean its nice you guys at least took effort to handle mfa authentication using phone number but I cannot answer myself a question why somebody not developed that template as carefully as mfa email template on some industry standard (deadlines?).
At the end of the day developer is left alone with half cooked solution to integrate with which is sad and disappointing.
Could you tell me if there is any incomming tool to wrap the process of developing policies? Are there any planned upgrades on custom policies in the future or further development of b2c? Thank you with advance.
Lastly refering to this msal part of your answer - we are talking here about moment of being on the policy page, not returning back to application, and even if - then what error application will get and is supposed to return? Ooops something went wrong? Because as I said this page returns none information about what went wrong even when user exceed number of attempts also not specified by any documentation. Not mentioning it should be configurable in custom policy xml files...
Pretending problem does not exist is not a very constructive way of dealing with it.
Hello I start this issue to put down all insufficiencies of this control making developers life unnecessarily harder. Hopefuly someone mercily will pick this up.
unlike to email mfa control phone verification returns 400 bad request suggesting that you, the developer failed but in reality it is just information that you made too many requests and your phone number got blocked separately for sms and voice call and you have to figure out this on yourself. Can you guys fix that and put any description for this error? I mean is it that much?
so after experiences with email mfa control developer may expect to have another control with conventions such as creating requests and responses formats similar on phone mfa page - nothing could be further from the truth. Can you guys fix this api that responds to this controls, to return some json with errors in format containing code, message and exception name? If not hire me I will do this for you. Im serious.
another pain in the neck is fact that phone control des not send requests on separate endpoints in api, no it sends them to the same endpoint that probably has switch or if statements inside based on requests parameters instead of just puting part of logic to separate controllers endpoint.
another weird behaviour is pushing ajax requests in a loop during phone call. It looks like a workaround or something.
Also the real problem is time after which you get error message pushed into DOM instead of actually getting it from response, making developers guess when and where desired error message text will be returned.
Okay, I think it is all or at least most of burning issues, can you answer if this topics will be addressed and when, or which version of this control or will they be addressed at all? If not then if reasonable solution is to build own control on top of self asserted template using my own api that would send request to some external paid service with sms and phone calls?
Thank you.