search

dotnet / android

.NET for Android provides open-source bindings of the Android SDK for use with .NET managed languages such as C#
MIT License
1.93k stars 532 forks source link

Non-HTTPS URL redirect is not supported in a web view (android microsoft identity client msal) #9522

Closed Swodah closed 1 day ago

Swodah commented 1 week ago

Description

I have also described the issue in the MSAL github but it may be a maui - android issue more than a library issue so I am asking for help here as well. Link to the issue on the microsoft authentication library for dotnet github

https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4994

Short description: When I open A broker with azure B2C_1A authentication and it redirects to the national authentication which then redirects to an app for verification. The problem lies in the step where the national authentication redirects to the "MitID app" with intent://appswitchmitid.page.link/?link=https://appswitch.mitid.dk?ticket"ticketid"returnUrl%3DChrome&apn=dk.mitid.app.android&afl=https://appswitch.mitid.dk#Intent;package=com.google.android.gms;action=com.google.firebase.dynamiclinks.VIEW_DYNAMIC_LINK;scheme=https;S.browser_fallback_url=https://appswitch.mitid.dk;end;

I get the following error:

Microsoft.Identity.Client.MsalServiceException: Non-HTTPS URL redirect is not supported in a web view. This error happens when the authorization flow, which collects user credentials, gets redirected to a page that is not supported, for example if the redirect occurs over http. This error does not trigger for the final redirect, which can be http://localhost, but for intermediary redirects.Mitigation: This usually happens when using a federated directory which is not setup correctly.

I have tried various workaround but couldn't get it to accept the redirect (look at the linked issue to see in depth on my workaround attempts).

I hope someone knows a workaround to either the embedded webview or if it is a bug that can be fixed.

Steps to Reproduce

No sure how to make a reproduction project as you'd need a danish MitID connected to one of the testusers we have and all the clientid's/secrets that most likely shouldn't be public.

Link to public reproduction project repository

No response

Version with bug

9.0.0 GA

Is this a regression from previous behavior?

Not sure, did not test other versions

Last version that worked well

Unknown/Other

Affected platforms

Android

Affected platform versions

android 14 (34)

Did you find any workaround?

No response

Relevant log output

jpobst commented 1 day ago

Microsoft.Identity.Client.MsalServiceException

This looks like an exception that MSAL is explicitly checking for and throwing, and is not the result of the underlying platform. I don't think there's anything we can do here.