Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[IOS] Issue with azure AD and office 365

See original GitHub issue

Issue

We have an app that read users calendar events. For this we get them to login with their Microsoft account and once they complete login we read the calendar events with the grapth API. This works fine for android in all cases. But with iOS here are the various cases:

With a regular Microsoft account and redirectUrl configured as urn:ietf:wg:oauth:2.0:oob it gives an error as:

Error: State mismatch, expecting c2HFATvdkTp_LnkdpelsztWB5aRZv-Y4cUUT_sQaO8o but got (null) in authorization response <OIDAuthorizationResponse: 0x60000250a490, authorizationCode: (null), state: "(null)", accessToken: "(null)", accessTokenExpirationDate: (null), tokenType: (null), idToken: "(null)", scope: "(null)", additionalParameters: {
}, request: <OIDAuthorizationRequest: 0x600002e256c0, request: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?prompt=select_account&nonce=Mlq6u7z6UKydGY2fZtHHItpjHaKnQHxJftyK4sIS5NM&response_type=code&code_challenge_method=S256&scope=openid%20offline_access%20profile%20User.Read%20Calendars.Read%20User.ReadBasic.All&code_challenge=xxxx&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client_id=xxxx&state=c2HFATvdkTp_LnkdpelsztWB5aRZv-Y4cUUT_sQaO8o

With a regular Microsoft account and redirectUrl configured as custom-scheme://auth it works
With a Godaddy issues Office 365 account and redirectUrl configured as urn:ietf:wg:oauth:2.0:oob it works great
With a Godaddy issues Office 365 account and redirectUrl configured as custom-scheme://auth it does not work and no error responses.

Below is the config:

const config = {
  clientId: 'xxxx',
  redirectUrl: Platform.OS === 'ios' ? 'urn:ietf:wg:oauth:2.0:oob' :'custom-scheme://auth',
  scopes: [
    'openid',
    'offline_access',
    'profile',
    'User.Read',
    'Calendars.Read',
    'User.ReadBasic.All'
  ],
  additionalParameters: { prompt: 'select_account' },
  serviceConfiguration: {
    authorizationEndpoint: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
    tokenEndpoint: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
  }
};

Any help would be appreciated which leads to a solution where it works with all types of accounts.

Environment

Your Identity Provider: Azure
Platform that you’re experiencing the issue on: iOS
Are you using Expo? No

Issue Analytics

State:
Created 3 years ago
Reactions:4
Comments:7 (3 by maintainers)

Top GitHub Comments

2reactions

mattwobertscommented, Dec 30, 2020

Hi @Appkidd - yes I did get it working - for me it was a missing / that caused me all the pain - I was so annoyed about it that I made this pull request for the docs to emphasise it - fingers crossed that might be your issue too.

https://github.com/FormidableLabs/react-native-app-auth/pull/593

0reactions

Jay-A-McBeecommented, Jan 24, 2022

👋 hey @prasanthsd it looks like your redirect url is also missing a trailing slash / - closing this out since there’s been no response in a while. Feel free to create a new issue if adding a slash doesn’t fix your issue.

Top Results From Across the Web

How to troubleshoot issues that you encounter when you sign ...

When Mac and iOS Office applications sign in, Azure Active Directory sends a parameter in the sign-in request to AD FS that requests...

iOS accounts needs permission to access Office 365 resources

To solve the iOS problem, you need your Office 365 tenant ID first. To get this, open your Azure AD admin center. Under...

Apple Mail app integration with Microsoft Exchange

Apple Internet Accounts is basically an Enterprise Application in Azure AD that is required for Apple devices (Mac, iPhone, iPad) to access Office365...

Azure AD authentication troubleshooting: Known problems ...

You may be experiencing sign in or access issues related to Office 365 or other applications that leverage the UW Azure Active Directory...

Integrating Azure AD with MaaS360 - IBM

Modern authentication enables Microsoft Authentication Library (MSAL)-based single sign-on (SSO) access for MaaS360 apps that use Office 365 services across iOS ...