Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
(Cancel button) Error - Guard - error while logging in, unable to activate
See original GitHub issueCore Library
MSAL.js v2 (@azure/msal-browser)
Core Library Version
2.21.0
Wrapper Library
MSAL Angular (@azure/msal-angular)
Wrapper Library Version
2.1.0
Description
I am integrating B2C the same way as it’s described in https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial/tree/main/3-Authorization-II/2-call-api-b2c in my project
My app has “/panel/settings” Component, which is protected by MsalGuard:
const panelRoutes = [
{ path: '', component: PanelHomeComponent },
{ path: 'settings', component: PanelSettingsComponent },
];
const routes: Routes = [
{ path: 'panel', component: PanelComponent, canActivate: [MsalGuard], children: panelRoutes },
];
I implemented EditProfile button (redirect) there. It works ok when I update the profile (it redirects me to “/panel/settings” without any issues). But there is a problem when I click a Cancel button (default EditProfile user flow).
Logs:
Steps and redirects:
- I click the Cancel button on the default EditProfile B2C page
- Auto-redirect to https://localhost:4200/
- Auto-redirect to https://localhost:4200/panel/settings
- Auto-redirect to https://localhost:4200/ (wrong)
When I try to click Login button again on the landing page after all auto-redirects:
Angular: 13.0.2 .NET Core: 6
MSAL Configuration is the same as in https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial/tree/main/3-Authorization-II/2-call-api-b2c (different clientId, etc params ofc)
MSAL Configuration
No response
Relevant Code Snippets
No response
Identity Provider
Azure B2C Basic Policy
Source
Internal (Microsoft)
Issue Analytics
- State:
- Created 2 years ago
- Comments:9
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
It indicates that loginPopup or loginRedirect/handleRedirectPromise threw an error which resulted in the user not being logged in
Correct. The current behavior of the MSAL Guard naiivly assumes that when a redirect returns an error it means that the user should not have access to the guarded route. This is not an accurate assumption when trying to sign a 2nd user in or when working with B2C where you might be invoking interaction to go to the profile edit or password reset policy rather than to sign a user in. You should modify the existing MSAL Guard catchError handler to check whether or not a user was already signed in when this error was thrown. If there is a user signed in you can activate the Guard - if not you can use the existing behavior to render the login failed route.
Short answer: both. Long answer:
handleRedirectObservableshould be run on all pages that will be hit after the redirect to the IDP. By default handleRedirectObservable called on the redirectUri page will redirect you to the calling page and then handleRedirectObservable called on the calling page will handle the response.