在Windows 10上使用Azure AD授权端点失败 [英] Using Azure AD Authorize endpoint fails on Windows 10
问题描述
在Windows 10和Google chrome中使用Authorize端点时遇到问题.
I am facing an issue when using the Authorize endpoint in Windows 10 with Google chrome.
请求以下内容时:
GET/common/oauth2/v2.0/authorize?response_type=id_token+token&response_mode=fragment&client_id=...&redirect_uri=...&scope=openid+profile+User.Read&state=. .& nonce = ...& prompt = none& domain_hint = organizations& login_hint = ...
GET /common/oauth2/v2.0/authorize?response_type=id_token+token&response_mode=fragment&client_id=...&redirect_uri=...&scope=openid+profile+User.Read&state=...&nonce=...&prompt=none&domain_hint=organizations&login_hint=...
在Windows 10和Google Chrome(例如Firefox或Windows 7)以外的任何其他环境中,授权流程都会成功完成,并且重定向到请求中提供的URL(给定id令牌)会发生.
In any other environment than Windows 10 and Google Chrome (Firefox or Windows 7 for example) the authorization flow completes successfully and the redirection happens to the URL provided in the request, given the id token.
但是在Windows 10 + Google Chrome组合上,响应是一些包含以下javascript文件的HTML:
But on Windows 10 + Google Chrome combination, the response is instead some HTML containing the following javascript file:
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/cdnbundles/oldbssointerrupt_core.min_ifovy4ltwgbno2mkumjmxg2.js
https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/cdnbundles/oldbssointerrupt_core.min_ifovy4ltwgbno2mkumjmxg2.js
该脚本将执行,并使用相同的参数向授权端点发起新请求,不同之处在于添加了一个新参数:sso_reload = true
The script is executed and launches a new request to the authorize endpoint, with same parameters except that a new parameter is added: `sso_reload=true`
这个新请求只是挂在浏览器中并处于挂起状态,并且从不回馈任何响应.因此,授权流程无法完成.
This new request just hangs in the browser with Pending state and never gives back any response. So the authorization flow cannot finish.
我当前的用户代理是`Mozilla/5.0(Windows NT 10.0; Win64; x64)AppleWebKit/537.36(KHTML,如Gecko)Chrome/69.0.3497.100 Safari/537.36`
My current User Agent is `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36`
如果我与另一个用户代理重新启动相同的请求,则该请求将正常完成,而不会出现任何奇怪的行为.
If I relaunch the same request with another User Agent, it completes normally without any strange behavior.
所以我有两个问题:
1.对于Windows 10和Chrome,这种特定行为是否有任何原因?
2. sso_reload参数(未记录)的用途是什么?
1. Is there any reason about this specific behavior for Windows 10 and Chrome?
2. What is the purppose of the (undocumented) sso_reload parameter?
这听起来像是一个非常具体的问题,但我希望您提出任何意见或线索.谢谢!
This sounds like a very specific issue, but I would appreciate any comment or lead. Thank you!
推荐答案
Sylvain,
Hi Sylvain,
那绝对是一个奇怪的问题!
That is definitely a strange issue!
1.我无法在自己的实验室中重现此问题,但正在与产品团队的人员一起调查该问题.
1. I was unable to reproduce this in my own lab but am looking into the issue with someone from the product team.
2.我相信reload参数强制重新加载当前状态并缓存视图.
2. I believe that the reload parameter force reloads the current state and caches the views.
当我对这两个问题都确认后,我会尽快回复你.
I will get back to you when I have confirmation on both of these issues.
这篇关于在Windows 10上使用Azure AD授权端点失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!