WebView errors treated as cancel

[imakhalova]

10-18 12:52:27.241 28419-28419/com.microsoft.skydrive W/BasicWebViewClient: 2016-10-18 19:52:27-e4a8b1f1-40a0-4651-b02a-6d892fe16241-Cancel error:invalid_resource ver:1.10.0 AADSTS50001: Resource 'https://officeapps.live.com' is disabled.
Trace ID: aed66cce-a470-4595-aedb-14e63c1d3e88
Correlation ID: e4a8b1f1-40a0-4651-b02a-6d892fe16241
Timestamp: 2016-10-18 19:52:26Z

This causes com.microsoft.aad.adal.AuthenticationCancelError: User cancelled the flow RequestId:216639036 CorrelationId: e4a8b1f1-40a0-4651-b02a-6d892fe16241
at com.microsoft.aad.adal.AcquireTokenRequest.onActivityResult(AcquireTokenRequest.java:563)
at com.microsoft.aad.adal.AuthenticationContext.onActivityResult(AuthenticationContext.java:731)

While expected would be AuthenticationException with some error code

[weijjia]

Yup, you're right, we shouldn't treat this as a cancel error. We'll put this in backlog, and fix it with prioritization.

[lightwaxx]

What is the progress on this please?

[vineetsetia]

Hey Wei,

Any update on this ?

Thanks,
Vineet

[Holf]

Also keen to know what the latest is on this...

[weijjia]

Sorry we haven't got time to work on it. We'll update once this is prioritized.

[paragw09ckp]

@weijjia - any updates on this?

I am getting similar error on calling acquireTokenAsync(resourceUri, clientId, redirectUri).

Following is the error:

Error: User cancelled the flow RequestId:934620772 CorrelationId: 57a1ffe8-7612-49c4-b22d-2704eff74010
    at fail (file:///android_asset/www/plugins/cordova-plugin-ms-adal/www/CordovaBridge.js:37:25)
    at Object.cordova.callbackFromNative (file:///android_asset/www/cordova.js:295:52)
    at <anonymous>:1:9(anonymous function) @ main.js:121821_rejected @ utility.js:286Deferred.reject @ utility.js:368(anonymous function) @ AuthenticationContext.js:91_rejected @ utility.js:286Deferred.reject @ utility.js:368fail @ CordovaBridge.js:41cordova.callbackFromNative @ cordova.js:295(anonymous function) @ VM298:1

[weijjia]

I'll leave the prioritization to @nazukj

[paragw09ckp]

Does anybody have a workaround for this? I am sure I am not the first one trying to do this.

All I am trying to do is have the user enter UserName (email ID in my case) and Password which I want to pass onto Azure AD using ADAL to get them authenticated and return a result (a token or whatever that I can use in further interaction).

Or, is ADAL not for this? If not what other library can I use to work with my AzureAD?

[weijjia]

@paragw09ckp ADAL is definitely for this purpose. Can you get us the verbose ADAL logs? There should be something going wrong after you enters creds in the webview, verbose logs will help us know more.

[paragw09ckp]

@weijjia, @nazukj - thanks for the quick reply, appreciated. For verbose logs, not sure how to get more detailed logs. Will try to do it now.

BTW, I tried the sample app given on this link and it seems to work fine. But here also, it opens up the Microsoft Azure AD login page which I what I am trying to avoid. Any idea on:

1. Why the ADAL library is working here? Is it because it's the old version?

2. Is there no way to not have the Microsoft login page popping up?

[weijjia]

ADAL should work in different versions, the only way we can answer why it's not working is that we get diagnostic logs. https://github.com/AzureAD/azure-activedirectory-library-for-android#logs

[petterh]

I may have some insights on this. The BasicWebViewClient contains this method:

private boolean hasCancelError(String redirectUrl) {
    Map<String, String> parameters = StringExtensions.getUrlParameters(redirectUrl);
    String error = parameters.get("error");
    String errorDescription = parameters.get("error_description");

    if (!StringExtensions.isNullOrBlank(error)) {
        Logger.w(TAG, "Cancel error:" + error, errorDescription, null);
        return true;
    }

    return false;
}

It is called whenever the web view attempts to navigate to a URL starting with the redirect URL. The actual string looks like this, with minor changes to protect the guilty:

urn:ietf:wg:oauth:2.0:oob
?error=invalid_resource
&error_description=AADSTS50001%3a+The+application+named+(elided)+was+not+found+in+the+tenant+named+(elided).++This+can+happen+if+the+application+has+not+been+installed+by+the+administrator+of+the+tenant+or+consented+to+by+any+user+in+the+tenant.++You+might+have+sent+your+authentication+request+to+the+wrong+tenant.(elided)
&state=(elided)

This clearly describes a legitimate error situation. That method, however, considers the mere presence of an "error" parameter in the URL to signal a cancellation, so the sholdOverrideLoadingUrl method ends up calling AuthenticationActivity.CustomWebClient.cancelWebViewRequest, and there you are.

Passing the error and error_description parameters to AuthenticationActivity.cancelRequest via CustomWebClient.cancelWebViewRequest would allow cancelRequest to return a more appropriate response to the caller. Or some other solution might be more appropriate.

[doruchidean-lifeishard]

Same goes for:
W/BasicWebViewClient: Custom log failed to log message: [2019-03-08 09:16:52 - 4e9042df-85b8-40f4-8184-003cd4922417] Cancel error: invalid_resource ver:1.16.1 Android 24

and
W/BasicWebViewClient: Custom log failed to log message: [2019-03-08 09:20:07 - ddcdcd5b-4ea3-4ee4-96cc-9cd76e63912e] Cancel error: access_denied ver:1.16.1 Android 24

[petterh]

I submitted a PR to fix this a year and a half ago. Not a great deal has happened since, which is disappointing.