why MSAL freeze on UWP app on AcquireTokenInteractive?

Question

using Microsoft.Identity.Client with official sample https://github.com/Azure-Samples/active-directory-dotnet-native-uwp-v2

often after entering the password and clicking on proceed I am blocked without receiving errors. sometimes it works correctly if i repeating the operation several times.

it happens on AcquireTokenInteractive with both my app and the sample app

seams more frequent on new users

Answer 1

In UWP applications, due to platform constraints, we cannot use a normal browser like WebView2 and have to rely on a platform component called WAB (Web Auth Browser).

WAB is pretty much the webview for UWP, "optimized" for auth, it is based on WebBrowser (WebView1) plus a significant number of restrictions such as "if the page contains an element that is not HTTPS, fail". So it's very very strict. Sadly, when this occurs, WAB just freezes...

So, what tends to happen from time to time is that the Identity Provider (AAD in this case), introduces some new UI feature which breaks one of the strict rules of UWP. It looks like we have a test gap here. The last time this happened quite a few people were affected - see this thread: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/3109

The right way to go about this is to open support case to AAD.

AAD applications that run on Windows should use a different auth mechanism called WAM (Web Account Manager), see https://aka.ms/msal-net-wam

New applications should probably use WinUI (and not UWP) and also focus on WAM.