-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: USER_CANCELLED response on Android and IOS #178
Comments
By way of an update. I have set up and tested the Apple/IOS version of the Ionic app. I get the same set of screens described above. The only difference is: After clicking "Continue" on the Azure auth popup, we get an additional popup message saying: "Safari cannot open the page because the address is invalid.". After that, the same thing happens, we are taken back to the app, and the error message we get is: So the problem is on Apple/IOS as well as Android. I would greatly appreciate a response to this issue. Even if it's to say when you hope to be able to look at it. Many thanks! |
Hi there. I can see that this was assigned to Android, but the issue is also happening on IOS (as detailed in my previous comment). Could you please give an indication when you might be able to look at this? Many thanks. |
I can confirm I'm getting the same issue on Android. However, iOS appears to be working. |
Same here |
I have the same issue with Azure provider. Any insights? |
I have the same issue with the 3.0.1 version. Any solution or workaround for this issue as temp solution? OAuth rejected Error: USER_CANCELLED Thanks in advance |
So it turns out the USER_CANCELLED response was caused by a different configuration issue on each environment, which coincidentally caused the same response to be returned. I had mistakenly thought the issue was in the plugin itself, i.e. that it wasn't able to handle Azure AD's CmsiInterrupt flow, but it turns out that was incorrect. The Android issue was that a second Activity element ("net.openid.appauth.RedirectUriReceiverActivity") was required in AndroidManifest.xml file. We only had a single Activity element ("com.company.project.MainActivity"), and we were missing the android:host parameter too. The readme documentation has been updated to explain it here: https://github.com/moberwasserlechner/capacitor-oauth2#android-1. The IOS issue was that the CFBundleURLSchemes string was incorrectly set to com.yourcompany.yourproject rather than msauth.com.yourcompany.yourproject (i.e. it was missing the msauth. prefix). The readme documentation explains it here: https://github.com/moberwasserlechner/capacitor-oauth2#ios. One other thing to note was that we did not set the resourceUrl as our Azure SPA app registration referenced a second Azure API app registration because it needed to obtain additional/custom scopes. The readme documentation has been updated to explain it here: https://github.com/moberwasserlechner/capacitor-oauth2#custom-scopes. Thanks to the plugin developer @moberwasserlechner for his support in identifying the configuration issues and for updating the Azure documentation section (https://github.com/moberwasserlechner/capacitor-oauth2#azure-active-directory--azure-ad-b2c) to help users configure their apps correctly in the future. |
Capacitor version:
Run
npx cap doctor
:Library version:
OAuth Provider:
Your Plugin Configuration
Affected Platform(s):
Current Behavior
This is an Ionic 5 app.
On Windows/Web (Chrome browser), we are able to log in as expected.
On Android we get plugin response USER_CANCELLED.
What is different on Android compared to Web is that on the login.microsoftonline.com browser login page we are shown a second screen (after logging in) saying:
Where XXXXX is the name of our SPA/Android app registration in Azure. Beneath are two buttons: Cancel and Continue. Selecting Continue (or Cancel) does the same thing, returns to the app and displays an error to the app/webview console:
Error: USER_CANCELLED at Object.cap.fromNative (http://localhost/:432.32) at <anonymous>:1:18
.The plugin doesn't seem to log any information like I usually see on the web version (i.e. info prefixed with
I/Capacitor/OAuth2ClientPlugin:
)When I check the Azure AD logs, I see an authentication Failure followed by an immediate Success. The failure details includes:
My understanding is that the Failure/Success happens whilst on the Azure login pages. The Failure triggers the display of the Are you trying to sign in to XXXXX? message, which then, after selecting Continue causes the Success message. But I may be wrong on this.
The error code details for the above 50199 error can be found here. The details being:
My understanding is that msauth Android is being called by a webview, and because it doesn't trust the webview, it requests the extra verification from the user that the app they are logging into is the one they intend to log into. (related comment).
In addition to the above configuration, I have tried each permutation of
handleResultOnNewIntent
andhandleResultOnActivityResult
. All yield the same result, except for:Which displays to the console:
Error: ERR_GENERAL at Object.cap.fromNative (http://localhost:432:32) at <anonymous>:1:18
. Again, there is no other info logged to the console.I've tried every possible fix as specified in the plugin documentation as well as fixes discussed in the issues repo section. Nothing has worked.
Expected Behavior
After logging in on Android, I expect the tokens to be returned to the app/webview so that the app can call the API using Bearer auth.
I noticed in one of the issues that someone else got this plugin working with Ionic, so I'm hoping Ionic isn't a show stopper and that we can resolve this issue.
Thanks!
The text was updated successfully, but these errors were encountered: