Authentication fails when MS broker is installed on device

[johnathon101]

Ionic 4/Angular project I have had successful implementation of the MSAL login in iOS and Android up until the Microsoft Authenticator is present on the device.

In Android. as soon as the Microsoft Authenticator broker is installed on the device the plugin does not complete initialization and fails silently. Authentication works fine when the broker is not installed on the device.

In iOS, the authenticator account screen is presented, once an account is selected from the authenticator it loads the application. The error callback is fired with NSDomainError 50000.

I have put breakpoints throughout the MSAL framework library to try to capture a more meaningful error description but have been unable to.

Initialization is in the platform OnReady function. I have quadruple checked my tenant, client and hash keys and ensured they are passed into the sign in function in MSAL as well as returnUris in the MS Azure Portal, tried using MSAL from the cocoapod to go through the implementations and see what could be causing the error itself. I have tried varying settings in initialization including sending in the authority, adding a domain_hint, alternating AzureADMyOrg with the more open instances, changing user agent to DEFAULT provider. I verified the return URI is built correctly and present in the manifest and info.plist along with the scheme definition and msauthv2/v3 schemes.

At this point I am out of ideas, any help would be much appreciated!

Steps to reproduce: Install Ionic new application, install cordova-plugin-msal with tenant/client/hash, enable broker authentication, install Microsoft Authenticator on device, try to sign in.

iOS Error: 2020-05-19 06:22:50.066480-0500 TestProject[1710:562091] IonicDeepLinkPlugin: Handle link (internal) msauth.{Bundle Identifier is Here}://auth/broker?msg_protocol_ver=3&response={Huge Encrypted String}&hash={Base 64 String} TestProject[1710:562091] IonicDeepLinkPlugin: Handle link (internal) msauth.{Bundle Identifier is Here}://auth/broker?msg_protocol_ver=3&response={Huge Encrypted String}&hash={Base 64 String} TestProject[1710:562091] url scheme:msauth.{Bundle Identifier is Here} TestProject[1710:562091] url host:auth TestProject[1710:562091] Log in failed. TestProject[1710:562091] The operation couldn’t be completed. (MSALErrorDomain error -50000.)

Gist of initi/login: https://gist.github.com/johnathon101/125a103c25d3dfd9a09c587193f07c55

[wrobins]

Hello! Sorry you're having issues getting the broker to work. I tried setting up a new project based on your gist and ran it against my Azure tenant and couldn't replicate it so I'm not sure exactly what may be going on. However, you may want to pull down one of the newest releases of this plugin, either 2.3.0 or 2.4.0. These allow you to debug the plugin in much greater detail using the MSAL logger. The README has been updated with instructions on how to do it.

Let me know if you have any luck with it after using the logger.

[johnathon101]

Thanks for the quick response and work on this plugin. 2.3.0 did clear up our issue in iOS. The debug information is very helpful. I have not yet got android to work but it's not really throwing an error, it just seems to not make it back to the return function on the initialization scope, here is the entirety of the log 'VERBOSE' returns, there is never any Error logged. I am targeting AzureADMyOrg in the initialization settings. Log: https://gist.github.com/johnathon101/a3194f1df348e9f01df2015e8b028e36

[johnathon101]

This ticket can be closed, I was able to find the RedirectURI error issue in Android Studio, it was just not evident in the logger with the verbose flag.