在Windows 10上使用Azure AD授权端点失败 [英] Using Azure AD Authorize endpoint fails on Windows 10

问题描述

在Windows 10和Google chrome中使用Authorize端点时遇到问题.

I am facing an issue when using the Authorize endpoint in Windows 10 with Google chrome.

 

请求以下内容时:

GET/common/oauth2/v2.0/authorize?response_type=id_token+token&response_mode=fragment&client_id=...&redirect_uri=...&scope=openid+profile+User.Read&state=. .& nonce = ...& prompt = none& domain_hint = organizations& login_hint = ...

GET /common/oauth2/v2.0/authorize?response_type=id_token+token&response_mode=fragment&client_id=...&redirect_uri=...&scope=openid+profile+User.Read&state=...&nonce=...&prompt=none&domain_hint=organizations&login_hint=...

 

在Windows 10和Google Chrome(例如Firefox或Windows 7)以外的任何其他环境中，授权流程都会成功完成，并且重定向到请求中提供的URL(给定id令牌)会发生.

In any other environment than Windows 10 and Google Chrome (Firefox or Windows 7 for example) the authorization flow completes successfully and the redirection happens to the URL provided in the request, given the id token.

 

但是在Windows 10 + Google Chrome组合上，响应是一些包含以下javascript文件的HTML:

But on Windows 10 + Google Chrome combination, the response is instead some HTML containing the following javascript file:

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/cdnbundles/oldbssointerrupt_core.min_ifovy4ltwgbno2mkumjmxg2.js

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/cdnbundles/oldbssointerrupt_core.min_ifovy4ltwgbno2mkumjmxg2.js

该脚本将执行，并使用相同的参数向授权端点发起新请求，不同之处在于添加了一个新参数:sso_reload = true

The script is executed and launches a new request to the authorize endpoint, with same parameters except that a new parameter is added: `sso_reload=true`

这个新请求只是挂在浏览器中并处于挂起状态，并且从不回馈任何响应.因此，授权流程无法完成.

This new request just hangs in the browser with Pending state and never gives back any response. So the authorization flow cannot finish.

 

我当前的用户代理是`Mozilla/5.0(Windows NT 10.0; Win64; x64)AppleWebKit/537.36(KHTML，如Gecko)Chrome/69.0.3497.100 Safari/537.36`

My current User Agent is `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36`

如果我与另一个用户代理重新启动相同的请求，则该请求将正常完成，而不会出现任何奇怪的行为.

If I relaunch the same request with another User Agent, it completes normally without any strange behavior.

 

所以我有两个问题:

1.对于Windows 10和Chrome，这种特定行为是否有任何原因?
2. sso_reload参数(未记录)的用途是什么?

1. Is there any reason about this specific behavior for Windows 10 and Chrome?
2. What is the purppose of the (undocumented) sso_reload parameter?

 

这听起来像是一个非常具体的问题，但我希望您提出任何意见或线索.谢谢！

This sounds like a very specific issue, but I would appreciate any comment or lead. Thank you!

推荐答案

Sylvain，

Hi Sylvain,

那绝对是一个奇怪的问题！

That is definitely a strange issue! 

1.我无法在自己的实验室中重现此问题，但正在与产品团队的人员一起调查该问题.

1. I was unable to reproduce this in my own lab but am looking into the issue with someone from the product team. 

2.我相信reload参数强制重新加载当前状态并缓存视图.

2. I believe that the reload parameter force reloads the current state and caches the views.

当我对这两个问题都确认后，我会尽快回复你.

I will get back to you when I have confirmation on both of these issues.

这篇关于在Windows 10上使用Azure AD授权端点失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！