OOB OAuth getting stuck between email and password

Crystal Cary 6 Reputation points

We're working on getting OOB authentication set up to authenticate using Azure AD. When we use urn:ietf:wg:oauth:2.0:oob (but not a normal URL), it allows us to enter the email, but then hangs with the wait dots going across the top. It never arrives at where you can enter the password.
I enable debug mode, and have the following IDs:
Request Id: 0c5a4000-24f7-4286-9aa0-8492e504ef00
Correlation Id: e9dc363f-2537-42e3-84e9-df8490374c30
Timestamp: 2020-02-12T16:49:38.759Z
The URL I start at is (Client ID redacted): https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=Mail.Send+User.Read&state=state

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,076 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Shashi Shailaj 7,581 Reputation points Microsoft Employee

    Hello @Crystal Cary ,

    I am not sure where your app is registered and if it is a B2C tenant scenario but in a B2C scenario, this would happen if tenantId parameter is not passed within the request. Since tenantId is not passed hence the B2C signin policy objects from the policy cache in the backend could not be fetched and the silent sign in request that is made by the application goes in a loop and errors out eventually. You would need to check the request generated within the application . This can be collected to understand more on what request was initiated if this is a web app. In case of a non-webapp , you may have to setup breakpoints within the app and capture HTTP request response. to analyze it . You can try to troubleshoot it using Fiddler/fiddlercap. I would suggest you to use fiddlercap to collect a Http trace on your machine where the request originates . The following is the step by step from the original fiddlercap page .

    Step-by-step guide

    • Download Telerik FiddlerCap
    • Close all instances of Internet Explorer. Using Firefox? Click here.
    • Run the FiddlerCapSetup.exe file.
    • FiddlerCap will start automatically when the installer completes.
    • Unless your debugging buddy has asked you to skip this step:
    • Inside FiddlerCap, click the Clear Cookies button and then the Clear Cache button.
    • Inside FiddlerCap, click the 1. Start Capture button.
    • A new Internet Explorer window will appear. Use Internet Explorer's address bar to go to whatever site you need and reproduce the problem.
    • To add a screenshot to your capture, press the Screenshot button inside FiddlerCap. To add a comment, click the Flag button.
    • Inside FiddlerCap, click the 2. Stop Capture button.
    • Click the 3. Save Capture button. Save the .SAZ file to your desktop.
    • Email the .SAZ file from your desktop to your debugging buddy.

    You can download full version of fiddler using https://www.telerik.com/fiddler . Within the fiddler trace you should be able to see the details of the request body and corresponding response. You can also replay the request adding TenantId parameter and that should give you more insights. In case you are still unable to get this fixed, please open a ticket with Microsoft . If you have any trouble opening a support ticket , please send us an email on azcommunity[at]microsoft[dot]com and we will help you further.

    Hope this helps In case the information provided in this post is helpful , please do accept it as answer so that this can be helpful to other community members searching for similar queries.

    Thank you.

    0 comments No comments