适用于Android的MSAL无法执行B2C登录 [英] MSAL for Android fails performing B2C login

问题描述

我正在使用 Microsoft身份验证库(MSAL)预览版Android 库的 0.2.2 版本在本机Android应用程序中执行Azure AD B2C登录.该库将打开浏览器以开始登录过程.之后，我成功登录，它使我导航回该应用程序.在 AuthenticationCallback 内部，出现以下错误:

I'm using 0.2.2 version of Microsoft Authentication Library (MSAL) Preview for Android library to perform Azure AD B2C login in my native Android app. The library opens the browser to start login process. Afterwards I log in successfully and it navigates me back to the app. Inside AuthenticationCallback, I get the following error:

 Caused by: java.lang.NullPointerException: Attempt to invoke virtual method 'long java.lang.Long.longValue()' on a null object reference
      at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.getExpiresOn(MicrosoftStsAccountCredentialAdapter.java:231)
      at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.createAccessToken(MicrosoftStsAccountCredentialAdapter.java:78)
      at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.createAccessToken(MicrosoftStsAccountCredentialAdapter.java:45)
      at com.microsoft.identity.common.internal.cache.MsalOAuth2TokenCache.save(MsalOAuth2TokenCache.java:112)
      ...

当我调试和跟踪库代码时，库似乎从 TokenResponse 的 expires_in 字段为 null .有什么想法怎么发生的吗?

When I debug and trace the library code, it seems like the library gets the expires_in field from TokenResponse as null. Is there any idea how it can be happening?

这也是该库的原始配置文件:

And also here is my raw config file for the library:

{
  "client_id" : "XXX",
  "authorization_user_agent" : "DEFAULT",
  "redirect_uri" : "msalXXX://auth",
  "authorities" : [
    {
      "type": "B2C",
      "authority_url": "https://TTT.b2clogin.com/tfp/TTT.onmicrosoft.com/B2C_1_susi/"
    }
  ]
}

其中XXX是客户ID，TTT是租户名称.

where XXX is client id, and TTT is tenant name.

我还启用了该库的日志记录.这是从浏览器返回后的结果:

I also enabled logging for the library. Here it's after it gets back from browser:

D:  [2019-04-09 11:22:44 - {"thread_id":"2","correlation_id":"b843f0f5-d446-480c-9c63-cfcc9ad74e51"}] Completing acquire token... Android 28
D:  [2019-04-09 11:22:44 - {"thread_id":"2","correlation_id":"b843f0f5-d446-480c-9c63-cfcc9ad74e51"}] Auth code is successfully returned from webview redirect. Android 28
D:  [2019-04-09 11:22:44 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Network status: connected Android 28
D:  [2019-04-09 11:22:44 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Creating TokenRequest... Android 28
D:  [2019-04-09 11:22:44 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Requesting token... Android 28
D:  [2019-04-09 11:22:44 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Performing token request... Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Getting TokenResult from HttpResponse... Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Init: TokenResult Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Saving tokens... Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Creating Account Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Creating account from TokenResponse... Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Init: MicrosoftAccount Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Using Subject as uniqueId Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] The preferred username is not returned from the IdToken. Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] realm is not returned from server. Use utid as realm. Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Init: MicrosoftStsAccount Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] alternative_account_id: null Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] alternative_account_id was null. Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Avatar URL: null Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Avatar URL was null. Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Interactive request failed with Exception Android 28
    java.lang.NullPointerException: Attempt to invoke virtual method 'long java.lang.Long.longValue()' on a null object reference
        at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.getExpiresOn(MicrosoftStsAccountCredentialAdapter.java:231)
        at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.createAccessToken(MicrosoftStsAccountCredentialAdapter.java:78)
        at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.createAccessToken(MicrosoftStsAccountCredentialAdapter.java:45)
  ...

推荐答案

当身份验证成功并且Azure AD B2C回调到应用程序时，浏览器选项卡应自动关闭.您可能会错误地配置了应用程序，或者它们是您正在使用的特定浏览器中的错误(我们之前在较小的浏览器中已经看到过此错误，因此数据可能会有所帮助).

The browser tab should close automatically when the auth succeeds and Azure AD B2C calls back to the app. It's possible that you might mis-configured the app or their is a bug in the specific browser you're using (we've seen this before on smaller browsers, so the data could help).

关于Azure AD B2C，我强烈不建议使用WebViews，因为Google和其他身份提供者明确禁用了WebView支持.

With respect to Azure AD B2C, I'd highly discourage using WebViews as Google and other identity providers explicitly disable WebView support.

我建议您启用日志记录并与我共享它们，并在需要时在库中提交问题(

I'd recommend you to enable logging and share them with me and file an issue on the library if needed(https://github.com/AzureAD/microsoft-authentication-library-for-android/wiki).

这篇关于适用于Android的MSAL无法执行B2C登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！