Sep 27 2018
08:19 PM
- last edited on
Jan 14 2022
05:22 PM
by
TechCommunityAP
Sep 27 2018
08:19 PM
- last edited on
Jan 14 2022
05:22 PM
by
TechCommunityAP
I am facing an issue when using the Authorize endpoint in Windows 10 with Google chrome.
When requesting the following:
GET /common/oauth2/v2.0/authorize?response_type=id_token+token&response_mode=fragment&client_id=...&redirect_uri=...&scope=openid+profile+User.Read&state=...&nonce=...&prompt=none&domain_hint=organizations&login_hint=...
In any other environment than Windows 10 and Google Chrome (Firefox or Windows 7 for example) the authorization flow completes successfully and the redirection happens to the URL provided in the request, given the id token.
But on Windows 10 + Google Chrome combination, the response is instead some HTML containing the following javascript file:
The script is executed and launches a new request to the authorize endpoint, with same parameters except that a new parameter is added: `sso_reload=true`
This new request just hangs in the browser with Pending state and never gives back any response. So the authorization flow cannot finish.
My current User Agent is `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36`
If I relaunch the same request with another User Agent, it completes normally without any strange behavior.
So I have 2 questions:
1. Is there any reason about this specific behavior for Windows 10 and Chrome?
2. What is the purppose of the (undocumented) sso_reload parameter?
This sounds like a very specific issue, but I would appreciate any comment or lead. Thank you!
Oct 03 2018 09:54 PM
Oct 04 2018 09:40 PM
Thank you for your reply.
I have tested on 3 different computers, each of them running on Windows 10 64bit with Chrome 69, and all of them show the same strange behavior described above. I could also test several machines running Windows 7 or Firefox, and none of them had this bug.
Oct 07 2018 06:11 AM
Thanks for verifying this for us @Sylvain Balansa. It seems like a bug to me. Please reach out to the Azure AD support (from with-in the Azure Portal) . With the following.
1. A fiddler trace. Use a test account , or change password after capturing the trace.
2. Your app's coordinates, you can get them from https://developer.microsoft.com/en-us/graph/graph-explorer (REST URI - https://graph.microsoft.com/beta/applications/<The appid as guid>)
3. The platform, OS with version (use winver), Browser and its version.
Do mention that the issue is reproducible.
This will help queue up a request to the engineering faster for quicker resolution.
Oct 09 2018 02:23 AM