Error: AADSTS50058: A silent sign-in request was sent but no user is signed in - Angular ADAL authentication issue in mobile safari browser

angular safari adal cross-site
12,689

Solution 1

On top of what "Raghavendra- MSFT Identity" mentioned in his answer (possible resolution #2), we managed to get it working by catching the error of acquireToken call and then acquiring token using acquireTokenRedirect call. It adds up one more redirection but does the job. Please note that either with ADAL or MSAL v1, this is the only option I found from whatever research I could do. MSAL v2 i.e. @azure/msal-browser package specifically which is based on OAuth 2.0 Authorization Code Flow with PKCE eliminates any need of third-party cookies and can be an appropriate option; however, it is currently under Beta so it would take some more time before it can be used for production code.

Solution 2

I have faced this issue when accessing my angular application through the Chrome browser on incognito mode. By default, it disables third-party cookies with a toggle at the home page. I just disabled it and did not face the error again.

Disabling the option

Solution 3

Reason: The error occurs because a silent sign in is sent to the login.microsoftonline.com endpoint, however the AAD SSO cookie is not being detected. This cookie determines if the user is logged in or not. The silent sign in is only meant to be used if the user is already known to be logged in or has a refresh token to exchange for a new access token.

Possible Resolution #1 Proactively Check for Expiration You can attempt to prevent this error from ever occurring by checking if you have a valid id token. If you're ID token is not valid, you will ask the user to login again.

Possible Resolution #2 Catching the Error and Asking the User to Login Again To resolve this error you will need to catch this error in a callback that you can pass into the acquiretoken ADAL JS function. If the AADSTS50058 error occurs, you'll ask the user to login again.

Possible Resolution #3 Browser Extension Cookie Blockers and Third Party Cookies Disabled Some users may experience this issue due to a browser extension that is blocking cookies for tracking purposes. This will cause this AADSTS50058 error to occur, you will need to whitelist the login.microsoftonline.com endpoint in your browser extension in order to avoid receiving this error again.

This error can also occur if the third party cookies have been disabled in your browser. Re-enable third party cookies in your browser to prevent this error from occurring.

Please refer this link

Share:
12,689
Admin
Author by

Admin

Updated on June 05, 2022

Comments

  • Admin
    Admin almost 2 years

    We have a site developed using Angular 7 and it uses Adal-Angular4 library for Azure Active Directoty authentication. When the site is browsed in safari on iPhone, it runs into below error.

    Error: AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).

    When Prevent Cross-Site Scripting option of Safari browser is off then authentication gets through fine. We also observed that in Chrome browser on one of the Samsung Galaxy S8+ phones this issue occurs. Any idea what exactly is the reason for this issue and what are the ways to remediate it.

  • Admin
    Admin almost 4 years
    Thanks @Raghavendra- MSFT Identity, we managed to get it working by following #2 resolution what you suggested above.
  • Eric Eskildsen
    Eric Eskildsen almost 4 years
    Apparently this was introduced in Chrome 83 in May 2020. I didn't even notice until it broke my incognito mode testing today.
  • munizig
    munizig almost 4 years
    Oh! It has started happening to my team a short time ago. Make sense it's something brand new,
  • baHI
    baHI about 2 years
    Actually we got this issue in one browser and when starting the app in incognito browser, then we can log in without issues.
  • baHI
    baHI about 2 years
    Incognito itself (except if cookies are forbidden) is not the issue, actually it works for me in incognito but have the error on regular browser...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Setting cross-domain cookies in Safari
Angular doesn't work for safari browser
Flutter Web--Location permission does not work on Safari(Mac & iOS)
Space bar not working for a TextField in iPhone(Safari as well as Chrome) in Flutter Webapp
Flutter Web: Safari Google Sign In first attempt blocked
How can I debug a Flutter Web App on Safari using the inspector?
Flutter: passing data to WebView
Can't set height on Angular Material table.. height overflows container
Adjusting height of mat-form-field Angular Material
How do I set up VS Code debugging for a workspace using Angular and Flutter (both Dart)?