In my application
1) the user clicks on the C2QB button
2) the OAUTH popup window appears
3) the user authorizes access to QB account
4) the authorization works
but...
the popup does not close. My application runs in the popup browser. The authorization works.
I can't figure out what I am doing wrong.
From the accessToken(and accessSecret) callback handler redirect to an intermediate page to close the child window and to take the control to the parent page.
<script type="text/javascript">
window.opener.location = '<%=APP_URL%>/home.htm';
window.close();
</script>
Thanks
I found what I was doing wrong. I was using Server.Transfer to go to new pages in my app instead of Response.Redirect. This causes the URL in the browser to not update. Which caused the window.close statement in OauthHandler to not execute. Thanks for your help.
Related
I am using MICROSOFT AUTHENTICATION LIBRARY in our angular 10 project. I have used MSAL loginPopup() function to login the user in our active directory. But sometimes When I click the login function msal login pop appear and when I close the parent window it does not redirect in the next page stuck there and on the browser debugger console window it shows this error
(ERROR BrowserAuthError: hash_empty_error: Hash value cannot be processed because it is empty. Please verify that your redirect URI is not clearing the hash. Given Url:)
What worked for me in my ReactJS application was to set the redirectUri to a blank page or a page that does not implement MSAL. If your application is only using popup and silent APIs you can set this on the PublicClientApplication config like below:
export const msalConfig = {
auth: {
clientId: process.env.REACT_APP_CLIENTID,
authority: `https://login.microsoftonline.com/${process.env.REACT_APP_TENANTID}`,
redirectUri: 'http://localhost:3000/blank.html'
},
cache: {
cacheLocation: "localStorage"
}
}
If your application also needs to support redirect APIs you can set the redirectUri on a per request basis:
msalInstance.loginPopup({
redirectUri: "http://localhost:3000/blank.html"
})
After some research I found out that the problem was related to the redirect Uri, and most resources pointed to adding a blank page as the redirect Uri in a popup flow. However most of the answers were related to React. I tried a few options for adding a blank html page but it was not so simple. I did not want to waste much time on this issue, because the app is new and we might go with the redirect flow in the future.
Then I remembered that the problems started when we configured the home page, which is the redirect target, to be authenticated with MSAL Guard.
Since I couldn`t easily add a blank html page, I added a blank-page component configured in the Router with blank-page path. The component had no functionality and was not related to MSAL, MSAL Guard or MSAL Interceptor.
This solved it for me. I hope this helps.
PWA Freezing after OpenID authorizes user [iOS Safari Standalone]
I have built a simple PWA for our security staff that allows employees to click links and view content about our company's policies on various matters. The app uses Microsoft's OWIN middleware library to authorize our employees' access into the app via their enterprise Microsoft login creds. When a user clicks the 'Employee Sign in' prompt on our login page, they are redirected to Microsoft's domain to complete the sign-in process. Once sign in is complete, they are redirected back to our app's home page.
The Problem
The problem appears only to arise when iOS users (v13) pin the app to their homescreen and then launch the app in standalone mode, and only after the user has completely terminated the app and then returned. We've tested the app on Chrome, Safari (non-standalone mode), Firefox, and the issue does not present in those browswers. The app functions seamlessly up until the point that the user has completed their Microsoft signin and been redirected back to the home page. At this point, if a user clicks a link to another page (within the app), the app completely locks up, doesn't respond to further button clicks, and doesn't load the page prompted by the user. No errors are thrown in the console.
What we've found immediately kicks everything back into gear is if the user switches to another app (even just for a second) and then switches back to our PWA when it's locked up. At this point, the page that the user attempted to navigate to loads immediately without further prompting and the app works 100% seamlessly after this point. It's only the initial version of the default page that freezes.
Potential Causes
My current working theory is that the problem is being caused by some combination of the following:
Redirection to Microsoft's sign in portal. When the user is sent to Microsoft for auth and then sent back to our domain, there could be issues with session/cookie continuity.
iOS's standalone mode. In conjunction with the above, is it possible that using third-party authentication and briefly leaving the domain of the PWA is causing problems with future page navigation. This is supported by the idea that no other browsers or devices have this issue, and my research suggests that Apple support for PWAs is still in its early stages.
Service worker failure. We have done significant testing to ensure that a service worker is being properly installed and registered when a user first enters the site. We have checks to re-register the SW just in case it is dropped at any point in page navigation. We are confident that at the time a user is redirected back to our home page after authentication that there is an active service worker that handles page GET requests. I have also tested explicitly caching the linked pages accessible from our home page during the service worker's registration to see if serving the page from the cache would alleviate the issue. It did not. This is the code in sw.js that handles fetch requests (taken from Google's handy guide):
// "cache-first" approach for requests from client. Will try to get the file from the cache.
// If no match found, it will send the request onto the network. If both fail serve fallback page.
self.addEventListener("fetch", function (event) {
if (event.request.method !== "GET") return;
event.respondWith(
// Try the cache
caches.match(event.request).then(function (response) {
console.log("[service worker] attempting to fetch file from cache...");
return response || fetch(event.request);
}).catch(function () {
// If both fail, show a generic fallback:
return caches.match(offlineFallbackPage);
})
);
});
I have remotely debugged the PWA in standalone using a Mac, and what I have verified is that the click event that fires when a user clicks a link to navigate to a new page IS being properly handled, so the problem truly appears to lie in the loading of the linked pages themselves. Beyond that, debugging remotely has confirmed that there are no HTTP GET errors (or any other errors) firing at all when attempting to navigate to other pages on the site.
This is the first PWA I've ever built and I'm a novice with all this stuff. So I'd love to know if I'm missing anything or where I can go from here. I've scoured all the forums and can't seem to find answers anywhere. Thanks!
I had a very similar problem in my very specific case. but my pwa (packaged with PwaBuilder) froze on oidc signout, when redirect to applications home url.
In XCode I observed an error stating:
could not signal service com.apple.webkit.webcontent 113 could not find specified service
The problem did not occur with my Identity Provider redirect back, but with the following redirect which initiated the OIDC client library which I am using oidc-client-ts. It turns out that there are two possible ways to set the location/url of a window, assign or setting href. And the library uses assign by default. Changing assign to replace href lead to my iOS PWA not to freeze anymore. Very specific use case but it might help somebody else...
auth.signoutRedirect({
post_logout_redirect_uri: process.env.BASE_URI,
redirectMethod: "replace",
});
Recently I moved my Web App to Authenticate using our AzureAD but since then I need to refresh my home page every 1 hour to have it Authenticated else I am getting UnAuthorized Request.
I wanted to have this request mainly because I have a CCTV page where I will use this page in our common television for our Operation people to view the recent happenings on Onsite (This page won't be touched by anytime and this is just for viewing purpose). This CCTV page contains only images and I will refresh this page every 3 mins using the following Javascript. So the issue here is
My CCTV url is https://app.company.com/cctv and this page gets the data from API https://app.company.com/api/cctv. This was working fine until I move to AzureAD. Even in the AzureAD when I first open the page it works perfectly fine. But after around 1 hour my API returns UnAuthorizedResponse. Even if I try to refresh this CCTV page https://app.company.com/cctv it does not work. Authentication works only when I refresh the home page (https://app.company.com). I am not sure why this issue occurs.
Note: I have my both MVC controller and Web API controller in same
project
Please let me know if you can't understand my above explanation.
setTimeout(function () {
window.location.reload(1);
}, 180000);
I fixed the issue using the following code in Authentication Filter when I can't find the user data/profile.
filterContext.Result = new HttpUnauthorizedResult();
This actually redirects the page to do Authentication when I refresh that page.
I have a JSF web application and I am adding the jsessionid in the URL using URL rewriting. The reason is our users want to log into the application using different accounts in each browser instance or using multiple tabs of the same browser. I was successful in implementing this.
However, I am having one problem.
Whenever the application opens a popup window, the control goes to the popup, but when the user clicks on any link in the main window, it throws an internal server error without any further descriptions. I have checked show user-friendly error messages in IE, but is of no use. Any idea why the main window errors out when the popup is opened.
Please let me know if you need further clarifications.
Thanks.
I'm using the new twitter #anywhere api for logging in on the client using a popup. The api docs are here
https://dev.twitter.com/docs/anywhere/welcome#auth-events
Ive created a very simple example of their api, but after hitting "connect" on the popup, twitter just says "Something is technically wrong" as seen here in this screenshot
http://cl.ly/0A321R1Z2W1o3v0P0t0z
Here is my setup for doing this (note ive already created my app on twitter)
var api = "http://platform.twitter.com/anywhere.js?id={MY_API_KEY}&v=1";
$.getScript(api,function() {
twttr.anywhere(function (tw) {
console.log("tw",tw);
// bind auth compelte event
tw.bind("authComplete", function (e, user) {
console.log("tw auth complete",e,user);
});
// calling sign in triggeers the above event
tw.signIn();
});
});
So it opens the popup, lets me sign into twitter, and then when I hit connect, i get that odd error from twitter.
Any ideas what could be going wrong?
Thanks!
Update - I found this page of people having similar problems, but the solution they offered didn't change anything.
https://dev.twitter.com/discussions/1286
And it might be important to note the domain I'm using is http://changeup.dev its a local domain. I have it setup in my hosts file already.
SO, i Figured it out. You NEED to have a callback URL for your app, (on the developer page) even though it says you don't. The callback URL needs to match your authorized domain as well.
Then, in your app, the URL that the callback is calling, NEEDS to include the twitter api. THEN, and only THEN will the window automatically close and execute the authComplete callback.
I did this on the same page I was logging in from
if(location.hash && location.hash.indexOf("oauth_access_token") != -1) {