[Bug] - MSAL fails on deployed Xamarin Forms Android application with exception message
See original GitHub issueI don’t currently have any logs, it works fine in the android emulator, but when released to an android device via Intune Company Portal, it fails with the following: “[Android Broker] The broker redirect uri is incorrect, it should be…”
Which version of MSAL.NET are you using? MSAL Version 4.35.0
Platform Xamarin Forms Android built with C# on .Net 5
What authentication flow has the issue?
- Desktop / Mobile [X] Interactive
Other? I have provided a detailed explanation and screenshots of configurations on Stack Overflow at: https://stackoverflow.com/questions/69351967/xamarin-forms-android-authentication-failure-on-deployment-using-msal-library
Is this a new or existing app? This is a new app or experiment. –>
Repro
//OAuthSettings is a class containing my values to pass to the methods of the
//PublicClientApplicationBuilder
var builder = PublicClientApplicationBuilder
.Create(OAuthSettings.ApplicationId)
.WithTenantId(OAuthSettings.TenantId)
.WithBroker()
.WithRedirectUri(OAuthSettings.RedirectUri);
PCA = builder.Build();
try
{
var accounts = await PCA.GetAccountsAsync();
var silentAuthResult = await PCA
.AcquireTokenSilent(new string[] { "api://xxxxxxxxxxxxxx/.default" }, accounts.FirstOrDefault())
.ExecuteAsync();
AccessToken = new JwtSecurityToken(silentAuthResult.AccessToken);
//more code removed for brevity
}
catch (MsalUiRequiredException msalEx)
{
var windowLocatorService = DependencyService.Get<IParentWindowLocatorService>();
// Prompt the user to sign-in
var interactiveRequest = PCA.AcquireTokenInteractive(new string[] { "api://xxxxxxxxxxxxxxxxxxx/.default" });
//Used for Android and iOS
AuthUIParent = windowLocatorService?.GetCurrentParentWindow();
if (AuthUIParent != null)
{
interactiveRequest = interactiveRequest
.WithParentActivityOrWindow(AuthUIParent);
}
//
var interactiveAuthResult = await interactiveRequest.ExecuteAsync();
AccessToken = new JwtSecurityToken(interactiveAuthResult.AccessToken);
}
Expected behavior I expect it to present the user with the login page to enter their email address and password, then to be prompted to authenticate using the Microsoft Authenticator as brokered authentication flow.
Actual behavior As soon as the Login button is clicked to start the authentication process an error is presented with the following: [Android Broker] The broker redirect uri is incorrect, it should be…
Possible solution n/a
Additional context / logs / screenshots Please see provided Stack Overflow link above for screenshots and more information
Issue Analytics
- State:
- Created 2 years ago
- Comments:10 (4 by maintainers)
Top GitHub Comments
Nevermind on the previous comment. All is working. You were all very helpful, closing this.
@trwalke Ok. So we were able to successfully authenticate, but now we are facing a problem where any other person who installs the application gets an error saying “Broker Error: User or Admin consent required…”, we saw in Azure portal that my name was listed under user consent and I was able to successfully login, but no one else’s name would show up. We removed my name from the azure portal and now I get that error as well. We tried granting admin consent for all users in Azure AD but that seems to have no affect. So now we have gone from one issue to another. It doesn’t appear that MSAL can handle this consent issue, or if it can, I must need to add more code for the consent piece? Exact error code: AADSTS65001