Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Bug] Unable to work without consenting tracking

See original GitHub issue

Which version of MSAL.NET are you using? MSAL.NET 4.35.0

What authentication flow has the issue?

Desktop / Mobile
- Interactive

The app is in production, I haven’t upgraded MSAL, but started seeing this issue.

I’m facing a problem with my app’s Apple store submission.

This is what they are claiming:

We discovered one or more bugs in your app. Specifically, after we tapped in “Don’t Allow”, no action occurred, and we were unable to access to the app.

I’ve tried to skip this prompt using “Prompt.NoPrompt” and it worked in previous submissions (the latest working one was in May) but not anymore.

So we have three issues here:

Why Microsoft started tracking this kind of data?
Clicking on “Don’t allow” is preventing the user from logging succesfully.
iOSHidePrivacyPrompt and NoPrompt are not working

Is there any workaround to be able to login (pressing scape seems to work) or just not showing the prompt?

Repro

        SystemWebViewOptions systemWebViewOptions = new SystemWebViewOptions()
        {
          iOSHidePrivacyPrompt = true,
        };
        authResult = await publicClientApp.AcquireTokenInteractive(new[] { "wl.basic", "wl.signin", "wl.offline_access", "wl.emails" }).WithPrompt(Prompt.NoPrompt).WithSystemWebViewOptions(systemWebViewOptions).ExecuteAsync();

Additional context / logs / screenshots loginMSAL

Issue Analytics

State:
Created 2 years ago
Comments:14 (9 by maintainers)

Top GitHub Comments

1reaction

SameerK-MSFTcommented, Aug 3, 2021

Here are the findings with more options: AzureAdMultipleOrgs Corp account - no prompt no problem Personal account - not allowed prompt not applicable

AzureAdAndPersonalMicrosoftAccount Corp account - no prompt no problem Personal account - no prompt no problem

It appears that the issue happens only when there is mismatch in the account type and the authority.

0reactions

Mikozanscommented, Aug 5, 2021

If I change it to AzureAdAndPersonalMicrosoftAccount there’s another issue.

I use different scopes depending if it’s a corp account ({AadBackendId/user_impersonation", “user.read”}) or not ({ “wl.basic”, “wl.signin”, “wl.offline_access”, “wl.emails” }).

So using AzureAdAndPersonalMicrosoftAccount + { “wl.basic”, “wl.signin”, “wl.offline_access”, “wl.emails” } throws

Error: AADSTS70011: The provided value for the input parameter ‘scope’ is not valid. The scope ‘offline_access openid profile wl.basic wl.emails wl.offline_access wl.signin’ is not configured for this tenant.

Top Results From Across the Web

What Can My Employer Track | Illegal Employee Monitoring

If you think your employer is tracking you without your consent, you should contact an employment lawyer as soon as possible.

Monitoring your employees through GPS: What is legal ...

However, an employer is not permitted to install a GPS tracking device in an employee-owned vehicle without the employee's consent.

Top 25 concerns of employees about work monitoring & ...

Employees have many questions about work monitoring. ... your employer is not allowed to monitor your home computer without your consent.

How much employee monitoring is too much?

Laws regarding workplace surveillance mostly revolve around consent issues. Legal experts recommend that organizations notify their employees of the monitoring ...

My employer is illegally tracking and spying on ...

If you have no access to any work systems, have nothing of a work nature on it, and do not use it in...