适用于 Android 的 MSAL 无法执行 B2C 登录 [英] MSAL for Android fails performing B2C login

问题描述

我正在使用 0.2.2 版本的 Microsoft Authentication Library (MSAL) Preview for Android 库在我的原生 Android 应用程序中执行 Azure AD B2C 登录.该库打开浏览器以开始登录过程.之后我成功登录，它会将我导航回应用程序.在 AuthenticationCallback 中，我收到以下错误:

I'm using 0.2.2 version of Microsoft Authentication Library (MSAL) Preview for Android library to perform Azure AD B2C login in my native Android app. The library opens the browser to start login process. Afterwards I log in successfully and it navigates me back to the app. Inside AuthenticationCallback, I get the following error:

 Caused by: java.lang.NullPointerException: Attempt to invoke virtual method 'long java.lang.Long.longValue()' on a null object reference
      at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.getExpiresOn(MicrosoftStsAccountCredentialAdapter.java:231)
      at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.createAccessToken(MicrosoftStsAccountCredentialAdapter.java:78)
      at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.createAccessToken(MicrosoftStsAccountCredentialAdapter.java:45)
      at com.microsoft.identity.common.internal.cache.MsalOAuth2TokenCache.save(MsalOAuth2TokenCache.java:112)
      ...

当我调试和跟踪库代码时，库似乎从 TokenResponse 获取 expires_in 字段为 null.有什么想法是怎么发生的吗?

When I debug and trace the library code, it seems like the library gets the expires_in field from TokenResponse as null. Is there any idea how it can be happening?

这也是我的库的原始配置文件:

And also here is my raw config file for the library:

{
  "client_id" : "XXX",
  "authorization_user_agent" : "DEFAULT",
  "redirect_uri" : "msalXXX://auth",
  "authorities" : [
    {
      "type": "B2C",
      "authority_url": "https://TTT.b2clogin.com/tfp/TTT.onmicrosoft.com/B2C_1_susi/"
    }
  ]
}

其中 XXX 是客户端 ID，TTT 是租户名称.

where XXX is client id, and TTT is tenant name.

我还为库启用了日志记录.这是它从浏览器返回后的样子:

I also enabled logging for the library. Here it's after it gets back from browser:

D:  [2019-04-09 11:22:44 - {"thread_id":"2","correlation_id":"b843f0f5-d446-480c-9c63-cfcc9ad74e51"}] Completing acquire token... Android 28
D:  [2019-04-09 11:22:44 - {"thread_id":"2","correlation_id":"b843f0f5-d446-480c-9c63-cfcc9ad74e51"}] Auth code is successfully returned from webview redirect. Android 28
D:  [2019-04-09 11:22:44 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Network status: connected Android 28
D:  [2019-04-09 11:22:44 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Creating TokenRequest... Android 28
D:  [2019-04-09 11:22:44 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Requesting token... Android 28
D:  [2019-04-09 11:22:44 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Performing token request... Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Getting TokenResult from HttpResponse... Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Init: TokenResult Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Saving tokens... Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Creating Account Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Creating account from TokenResponse... Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Init: MicrosoftAccount Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Using Subject as uniqueId Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] The preferred username is not returned from the IdToken. Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] realm is not returned from server. Use utid as realm. Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Init: MicrosoftStsAccount Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] alternative_account_id: null Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] alternative_account_id was null. Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Avatar URL: null Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Avatar URL was null. Android 28
D:  [2019-04-09 11:22:45 - {"thread_id":"360","correlation_id":"270f3416-1332-42e4-8672-c8ae748c0006"}] Interactive request failed with Exception Android 28
    java.lang.NullPointerException: Attempt to invoke virtual method 'long java.lang.Long.longValue()' on a null object reference
        at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.getExpiresOn(MicrosoftStsAccountCredentialAdapter.java:231)
        at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.createAccessToken(MicrosoftStsAccountCredentialAdapter.java:78)
        at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.createAccessToken(MicrosoftStsAccountCredentialAdapter.java:45)
  ...

推荐答案

当身份验证成功并且 Azure AD B2C 回调应用程序时，浏览器选项卡应自动关闭.您可能错误地配置了应用程序，或者它们是您正在使用的特定浏览器中的错误(我们之前在较小的浏览器上看到过这种情况，因此数据可能会有所帮助).

The browser tab should close automatically when the auth succeeds and Azure AD B2C calls back to the app. It's possible that you might mis-configured the app or their is a bug in the specific browser you're using (we've seen this before on smaller browsers, so the data could help).

关于 Azure AD B2C，我强烈反对使用 WebView，因为 Google 和其他身份提供者明确禁用了 WebView 支持.

With respect to Azure AD B2C, I'd highly discourage using WebViews as Google and other identity providers explicitly disable WebView support.

如果需要，我建议您启用日志记录并与我分享并在库中提交问题(https://github.com/AzureAD/microsoft-authentication-library-for-android/wiki).

I'd recommend you to enable logging and share them with me and file an issue on the library if needed(https://github.com/AzureAD/microsoft-authentication-library-for-android/wiki).

这篇关于适用于 Android 的 MSAL 无法执行 B2C 登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！