Microsoft Azure AD takes longer time on initial load with same setup
See original GitHub issueFor some reason, if I change scope
, issuer
and clientId
in AuthConfig, then loading takes (I timed) ~5sec as in Initializing message is blinking for 5 seconds. Happens only while user is not signed in. After sign in is done, refreshing page loads it in expected time frame.
Also with Microsoft Azure AD it shows, that it is attempting to redirect to external link
ClientID: a3db960c-852a-4a0b-9b45-cb939562eee2 TenantID: 2d044a19-492e-4609-ab23-1a183a41dfe3 https://login.microsoftonline.com/2d044a19-492e-4609-ab23-1a183a41dfe3/oauth2/v2.0/authorize?response_type=code&client_id=a3db960c-852a-4a0b-9b45-cb939562eee2&state=Z0xidXNpbkMxcWx6VmJHQU5TYmNRR3I1R3BrbEZHVnFlNGwxRDZ0T25NekVv&redirect_uri=http%3A%2F%2Flocalhost%3A4200%2Fsilent-refresh.html&scope=openid api%3A%2F%2Fa3db960c-852a-4a0b-9b45-cb939562eee2%2Fapp&code_challenge=wainyA2LBDvc7Lvjpvus9DuZ0Kk5a05Zt1jhYDMAgHk&code_challenge_method=S256&nonce=Z0xidXNpbkMxcWx6VmJHQU5TYmNRR3I1R3BrbEZHVnFlNGwxRDZ0T25NekVv&prompt=none&iframe-request-id=95cd23ee-00a2-4e02-9e9f-881319050400
Issue Analytics
- State:
- Created a year ago
- Comments:6 (3 by maintainers)
Top GitHub Comments
Huge thank you.
I had to configure a few extra things based on all comments above to reproduce the issue in Chrome on Windows. Here’s a
git diff
from currentmain
to see what’s going on:I run this with
npm run start-with-ssl
.If you run with that you will see in Chrome on Windows after the 5ish second delay and then nothing. The console will yell at you:
If you use Firefox on Windows a different error furhter hints at the problem:
That strongly suggests to me that this code from the sample:
https://github.com/jeroenheijmans/sample-angular-oauth2-oidc-with-auth-guards/blob/e57fadbf1ce4eb3498db2a728350e0ec16409504/src/app/core/auth.service.ts#L108-L113
will not work with this particular Identity Provider.
You will need to switch to using refresh tokens, not use said part of the sample, or find a way to reconfigure Azure AD to support this scenario.
It’s weird to me, because their docs suggest
prompt=none
logins (silent logins) are supported but if you have to know beforehand whether it will succeed, that kind of defeats the purpose?I hope that helps. Recommend looking for further support from the Azure AD side of things, don’t think we’ll change much here on this sample unfortunately. Hope that makes sense?