错误:AADSTS50058:发送了无提示登录请求,但没有用户登录-移动Safari浏览器中的Angular ADAL身份验证问题 [英] Error: AADSTS50058: A silent sign-in request was sent but no user is signed in - Angular ADAL authentication issue in mobile safari browser
问题描述
我们有一个使用Angular 7开发的网站,它使用Adal-Angular4库进行Azure Active Directoty身份验证.在iPhone上的Safari浏览器中浏览该网站时,它会遇到以下错误.
We have a site developed using Angular 7 and it uses Adal-Angular4 library for Azure Active Directoty authentication. When the site is browsed in safari on iPhone, it runs into below error.
Error: AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).
当Safari浏览器的 Prevent Cross-Site Scripting (阻止跨站点脚本)选项关闭时,身份验证就可以通过.我们还观察到,在其中一台Samsung Galaxy S8 +手机的Chrome浏览器中,会发生此问题.知道造成此问题的原因是什么,以及解决该问题的方法是什么.
When Prevent Cross-Site Scripting option of Safari browser is off then authentication gets through fine. We also observed that in Chrome browser on one of the Samsung Galaxy S8+ phones this issue occurs. Any idea what exactly is the reason for this issue and what are the ways to remediate it.
推荐答案
在他的答案(可能的解决方案#2)中提到的"Raghavendra- MSFT身份"之上,我们设法捕获了acquireToken的错误来使其工作调用,然后使用acquireTokenRedirect调用获取令牌.它增加了一个重定向,但可以完成工作.请注意,无论是使用ADAL还是MSAL v1,这都是我能做的任何研究中发现的唯一选择. MSAL v2,即@ azure/msal-browser软件包,该软件包特别基于带有PKCE的OAuth 2.0授权代码流,因此无需第三方Cookie,因此可以作为一种适当的选择;但是,它目前处于Beta版,因此要用于生产代码还需要更多时间.
On top of what "Raghavendra- MSFT Identity" mentioned in his answer (possible resolution #2), we managed to get it working by catching the error of acquireToken call and then acquiring token using acquireTokenRedirect call. It adds up one more redirection but does the job. Please note that either with ADAL or MSAL v1, this is the only option I found from whatever research I could do. MSAL v2 i.e. @azure/msal-browser package specifically which is based on OAuth 2.0 Authorization Code Flow with PKCE eliminates any need of third-party cookies and can be an appropriate option; however, it is currently under Beta so it would take some more time before it can be used for production code.
这篇关于错误:AADSTS50058:发送了无提示登录请求,但没有用户登录-移动Safari浏览器中的Angular ADAL身份验证问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
