MSA authorization flow stuck on iOS after returning back from MS Authenticator

Andrei Iarosh 11 Reputation points
2022-11-01T16:37:48.257+00:00

We integrated MSA authentication flow on iOS that based on WKWebViewController. Sometimes auth flow in browser stuck after approval and switching back from MS Authenticator

How to reproduce:

  1. Open authorization url at https://login.microsoftonline.com/<UUID>/login
  2. Enter a login and a password. A push notification from MS Authenticator is coming
  3. Switch to MS Authenticator app, our app goes into background mode
  4. Confirm authorization request in MS Authenticator
  5. Return back to our app

Actual result:

Sometimes we still see in browser "Approve sign-in request". There is neither redirect to the the success page neither a message with approval timeout error. Authorization flow stuck

Expected result:

We expect further processing to the success page

After debugging of WebView with Safari developer tools, some facts were investigated:

  1. The webpage is polling https://login.microsoft.com/common/SAS/EndAuth from SessionApprovalViewModel.js method _callEndAuth()
  2. When the response fails, polling is stopped. The response may fail when the app is switching to background mode, all active connections are terminating in iOS
  3. If consider more details in PollingHelper.js in _pollAsync() method we see the polling of resource by setInterval. If any error was catched and it's not an instance of PollingHelper.RetryableError, the stopPolling() is calling.

Looks weird, polling should be continued even after errors. Currently it causes a critical bug on iOS when switching to background with the active request, which fails after returning back in browser.

The similar problem is described in comments by @Eric Peterson in https://learn.microsoft.com/en-us/answers/questions/946491/microsoft-login-not-able-to-receive-response-from.html but no answer still

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,813 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,079 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Andrei Iarosh 11 Reputation points
    2023-03-22T14:09:38.35+00:00

    A problem was fixed by Microsoft Team. Now the issue doesn't reproduce

    1 person found this answer helpful.
    0 comments No comments

  2. Gertjan Smits 1 Reputation point
    2023-01-10T10:36:17.23+00:00

    Did you ever find a solution for this? I'm facing the same issue with our apps.


  3. Andrei Iarosh 11 Reputation points
    2023-01-10T12:01:46.717+00:00

    Hello, Microsoft Team. Could you please fix the bug on your side?

    You're polling EndAuth endpoint, but if any error in response was received - you're stopping the polling. It's a bug. In iOS all connection terminate when a browser goes to background, so auth flow is stuck when returning back. It easy reproduces in Safari browser

    msa1.png msa2.png msa3.png

    Thank you for consideration!

    0 comments No comments