.NET 8 preview7 Blazor WASM AAD authentication ends with There was an error trying to log you in: '"undefined" is not valid JSON'

[markushaslinger]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

I am getting the same issue as described in #44981 again: after coming back from login at Azure AD the user sees 'There was an error trying to log you in: '"undefined" is not valid JSON'' at the 'authentication/login-failed' route.

However, after manually navigating around the token is available so it kind-of worked anyway.

Same as with the previous issue, adding the following solves the issue, so I suspect a similar cause:

<ItemGroup>
    <TrimmerRootAssembly Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" />
</ItemGroup>

Also: error does not appear during development, only after publish also pointing to the linker

Expected Behavior

No error should be displayed after the redirect if the operation was successful.

Steps To Reproduce

Standard Blazor WASM application using Microsoft.Authentication.WebAssembly.Msal (8.0.0-preview.7.23375.9), set up to use 'redirect' and not the 'pop up' auth option.

Exceptions (if any)

No response

.NET Version

8.0.100-preview.7.23376.3

Anything else?

No response

[ghost]

Thanks for contacting us.

We're moving this issue to the .NET 9 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

[hectorm-bmg]

I'm getting a similar behavior ("undefined" is not valid JSON') but in this case I'm using Azure ADB2C with an IdentityServer4 external provider.
I tried using

<ItemGroup> <TrimmerRootAssembly Include="Microsoft.Authentication.WebAssembly.Msal" /> </ItemGroup>

but the issue is still there. Any suggestions would be appreciated.

[mkArtakMSFT]

@halter73 isn't this something you've addressed already (your PR to the some AAD library I think) ?

[hakenr]

In the 8.0.0 release:

• This issue appears to be a regression from net7 Blazor WASM AAD authentication ends with There was an error trying to log you in: '"undefined" is not valid JSON' #44981 (cc @javiercn).
• It results in a "LogInFailed" UI without any visible notifications.
• No errors are logged in the browser console or in the RemoteAuthenticatorView.LogInFailed context (notably, downgrading MSAL to 7.0.13 yields an error: "undefined" is not valid JSON).
• Disabling trimming for Microsoft.Authentication.WebAssembly.Msal when publishing the app resolves the issue immediately.

I believe this should not be classified as "technical debt" for future ".NET 9 Planning", but rather recognized as a regression that could potentially cause significant issues for users.

[kyleherzog]

I experienced the same issue when upgrading to .NET 8.0 with Azure B2C. I had to add the following to get it to work.

  <ItemGroup>
    <TrimmerRootAssembly Include="Microsoft.Authentication.WebAssembly.Msal" />
    <TrimmerRootAssembly Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" />
  </ItemGroup>

Specifying just Microsoft.Authentication.WebAssembly.Msal alone did not work for me.

[hakenr]

@kyleherzog Sorry for the confusion. Actually I do have both the MSAL and WebAssembly.Authentication rooted and it is probably the Microsoft.AspNetCore.Components.WebAssembly.Authentication which is the important one for this symptom.

[czlatea]

I can confirm. The issue is solved in our case by mentioning only one root assembly:

<ItemGroup>
    <TrimmerRootAssembly Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" />
</ItemGroup>

[YingXiaoMing]

i have same problem,but i don't know how to fix it. nomatter i add

but it doesn't work

[jumulr]

Using Net8.0, TrimmerRootAssembly does not fix the issue.
Please help.

[ghost]

Thanks for contacting us.

We're moving this issue to the .NET 9 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

[martinblampied]

Something that caught me out was I also needed to clear cache after adding

<ItemGroup>
    <TrimmerRootAssembly Include="Microsoft.Authentication.WebAssembly.Msal" />
    <TrimmerRootAssembly Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" />
  </ItemGroup>

Edit: This actually didn't fix it.

[czlatea]

@martinblampied could you please check if you need both assemblies listed ? For me, it worked nicely listing only Microsoft.AspNetCore.Components.WebAssembly.Authentication

[martinblampied]

@czlatea Doesn't work for me; tried both and just Authentication in both Client and Server projects using .net 8

[SeanLeitzinger]

Same issue on .NET 8 and I have tried adding both to the trimmer exception. Pushing this to .NET 9 is unacceptable. This has been going on long enough. It's been years now.

[Olsenss]

Had the same issue. Going from .NET 7 -> .NET 8, I had to add the following in the Client csproj:

<ItemGroup>
	<TrimmerRootAssembly Include="Microsoft.Authentication.WebAssembly.Msal" />
	<TrimmerRootAssembly Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" />
</ItemGroup>

This resolved the issue.

Another thing I noticed was that it was only in Microsoft Edge the problem occured, in Google Chrome there was never an issue.

[dotnet-policy-service]

Hi @markushaslinger. We have added the "Needs: Author Feedback" label to this issue, which indicates that we have an open question for you before we can take further action. This issue will be closed automatically in 7 days if we do not hear back from you by then - please feel free to re-open it if you come back to this issue after that time.

[markushaslinger]

@halter73 I forked your repo and set it up like my project, relevant changes:

• Redirect Mode is set: markushaslinger/BlazorHostedWasmAAD_repro@786e08e
• It's not hosted by a .NET process but I just throw it up on a Nginx which hosts it
• Instead of options.ProviderOptions.DefaultAccessTokenScopes.Add("https://{TENANT}.onmicrosoft.com/{SERVER API APP CLIENT ID}/API.Access"); I use options.ProviderOptions.DefaultAccessTokenScopes.Add("{SERVER API APP CLIENT ID}/.default"); (I honestly can't remember why any more)

After these changes (+ entering my own tenant and client of course) and running dotnet publish -c Release (afaik the Release tag is now the default anyway, but I'm so used to writing it) I threw the wwwroot content on the server, tried the login, and:

Don't think my setup is totally unusal, but please tell me if I'm doing something I'm not supposed to do (the redirect is a requirement though, can't change that). I hope that helps you to reproduce the issue!

[mattfrear]

I see that there are a lot of people have run into this issue, so I'm sure I'm missing something. Can anyone figure out what I may doing wrong?

Hi @halter73. Many of us in this thread only experienced the issue when we deployed to Azure, localhost worked fine.

FWIW (to help reproduce) - I had this issue after following the steps here https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/standalone-with-microsoft-entra-id

Solution runs fine on my localhost but shows the JS error once deployed to Azure.

The same workaround works for me.

<ItemGroup>
    <TrimmerRootAssembly Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication"/>
</ItemGroup>

[milkyjoe90]

Is this expected to be folded in to the 8.0.4 release?

[Eddie-Hartman]

For anyone following along, I had a similar issue here #54515 that I was hoping would be fixed with 8.0.4. I updated and that does not seem to be the case.

Can we stop closing tickets until something is confirmed as fixed AND released? I even asked in my other issue how I'd confirm that this works locally so I don't have to do a full build and deploy, but no dice.

[mcschwa]

pls fix

[DylanLyon]

Hoping this gets fixed soon. Loading app state from an encoded URL (like in #54514 ) has been broken for months in our app and is a pretty basic/critical feature to be broken for so long.

[ldabrowskiairspan]

Key functionality (authentication) of a framework (in this case Blazor) being shipped completely broken out of the box in an LTS release when you've known about it since preview builds is completely unacceptable, closing an issue when it is NOT fixed, and expecting users to jump through hoops to find a CLOSED GitHub issue with a workaround is even worse. Doing things like that, alongside other shortcomings of auth in Blazor (like using a deprecated version of oidc-client-js) basically ensures Blazor will never see serious adoption.

[milkyjoe90]

It looks like the fix might be included in the upcoming 8.0.5, which based on the release cadence so far, I'd guestimate that it'll be out on May 7th

#54655

You're right though, they really need to do something about the underlying oidc-client, there hasn't been a release of it since 2021 and the repo was archived in March 2022, the replacement oidc-client-ts is actively maintained, regularly updated and well supported - they really do need to do something.

[Eddie-Hartman]

@milkyjoe90 afaik patches come out the second Tuesday of each month (but are not guaranteed), so that would be May 14th. Takes a bit for things to propagate (like packages getting posted to NuGet and what not), so I'd just check the 15th.

[milkyjoe90]

@milkyjoe90 afaik patches come out the second Tuesday of each month (but are not guaranteed), so that would be May 14th. Takes a bit for things to propagate (like packages getting posted to NuGet and what not), so I'd just check the 15th.

Ahhh Patch Tuesday, of course! Can’t believe I missed that! Lines up perfectly with all the other MS patches that get released!

[michaelhannes]

Steps:

1. login page redirects to B2C login when user clicks "Login" button.
2. B2C login page, everything as expected
3. on "return" to our login page, we check "if (B2Cuser.Identity.IsAuthenticated)" and then Navigate to "/user)

when running locally it runs fast and no refresh issues or anything.

when deployed to Azure - after B2C login redirect, we are returned to index.razor ("/") and the user is authenticated but does not Navigate to "/user"

however, if we manually refresh the page it successfully checks (B2Cuser.Identity.IsAuthenticated) and Navigates to "/user"

I am in process of adding...
<ItemGroup> <TrimmerRootAssembly Include="Microsoft.Authentication.WebAssembly.Msal" /> <TrimmerRootAssembly Include="Microsoft.AspNetCore.Components.WebAssembly.Authentication" /> </ItemGroup>

UPDATE 13 May 2024

I also updated all the relevant nuget packages ( we use Blazor ) to 8.0.4

AND it works fine now on our deployed Azure WebApp.

[stian-bay]

Did not work for me on 8.0.4 but it works now after updating to 8.0.5 packages 🎉

Also tested if the returnUrl is fixed but this does not redirect to the return Url (RedirectToLogin.razor)

#@inject NavigationManager Navigation

@code {
    protected override void OnInitialized()
    {
        Navigation.NavigateTo($"authentication/login?returnUrl={Uri.EscapeDataString(Navigation.Uri)}");
    }
}

So I still have to have this workaround in RedirectToLogin.razor for preserving the returnUrl and redirecting on login

@using Microsoft.Extensions.Options
@using Microsoft.AspNetCore.Components.WebAssembly.Authentication

@inject NavigationManager Navigation

@inject IOptionsSnapshot<RemoteAuthenticationOptions<ApiAuthorizationProviderOptions>> Options

@code {
    protected override void OnInitialized()
    {
        Navigation.NavigateToLogin(Options.Get(Microsoft.Extensions.Options.Options.DefaultName).AuthenticationPaths.LogInPath);
    }
}

[mattfrear]

Cool, fixed for me using Microsoft.Authentication.WebAssembly.Msal 8.0.7, I've removed the TrimmerRootAssembly workaround.

[imsam67]

I created a new Blazor WASM app that uses Azure AD B2C using dotnet new blazorwasm -au IndividualB2C --aad-b2c-instance "{AAD B2C INSTANCE}" --client-id "{CLIENT ID}" --domain "{TENANT DOMAIN}" -o {PROJECT NAME} -ssp "{SIGN UP OR SIGN IN POLICY}" command as suggested in this article: https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/standalone-with-azure-active-directory-b2c?view=aspnetcore-8.0

Everything works fine locally. I'm hosting the app on Azure using Static Web App service and clicking the Login link does nothing, except for throwing this error:

If basic login doesn't work, this is a show stopper for us to use Blazor WASM! I'd appreciate any suggestions. Thanks!

[mattfrear]

@imsam67 have you upgraded Microsoft.Authentication.WebAssembly.Msal NuGet package to the latest version?

[imsam67]

I'm using version 8.0.8, same as the WebAssembly package version.