Vault OIDC identity provider web UI redirect doesn't work on Android (Chrome) after authenticating with Google OIDC #16778
Comments
|
@siepkes - Thanks for reporting this. I've successfully tested the same flow (OIDC auth within app using OIDC provider) in the past using a desktop browser. I'll try to reproduce and let you know what I find. |
|
I noticed too that on the desktop everything works fine. I suspect it is some weird interaction with the embedded Chrome browser which is used when doing OIDC on Android. I also tried setting Firefox as default browser (so the embedded browser used for OIDC would be Firefox) but I then encountered an "cannot read properties of null" like error upon returning to Vault from Google. The library I used on Android was https://github.com/FormidableLabs/react-native-app-auth. |
|
I thought to debug this a bit further so I hooked up Android Chrome to my desktop Chrome and the following exceptions is thrown (multiple times, basically every couple of seconds): Oddly enough, sometimes the redirect back to the app works. But most of the time it doesn't. I managed to capture a HAR one time when the redirect back to the app actually succeeded: This a capture of when Vault fails to redirect back to the app and the user sees the spinner (basically forever): |
|
Thanks for this additional information, @siepkes! It looks like an issue in how our UI code handles the redirect. I've added the ui label and will let the team know. |
This fixes the issue described in hashicorp#16778. Navigation is blocked in Android chrome while redirecting back after OIDC authentication. The issue is explained by the lead maintainer of AppAuth(https://stackoverflow.com/a/41882732). The latest Chrome version redirects to the app only if triggered by the user and not automatically redirect. Hence, a link is added in the UI to redirect back to the app.
* Fixed Oauth redirect not working on Android Chrome This fixes the issue described in #16778. Navigation is blocked in Android chrome while redirecting back after OIDC authentication. The issue is explained by the lead maintainer of AppAuth(https://stackoverflow.com/a/41882732). The latest Chrome version redirects to the app only if triggered by the user and not automatically redirect. Hence, a link is added in the UI to redirect back to the app. * Update ui/app/templates/vault/cluster/oidc-provider.hbs Co-authored-by: Chelsea Shaw <[email protected]> * added requested changes * Modified requested changes and added changelog * Added requested change * Modified requested changes --------- Co-authored-by: Chelsea Shaw <[email protected]>
Describe the bug
When having an Android app authenticate with the Vault OIDC identity provider and having Vault in turn authenticate the user with Google OIDC the redirect back to the app from Vault doesn't work. So after logging in with Google you get correctly redirected to Vault but then Vault doesn't redirect back to the app. Chrome (104) on Android will show the Vault logo loading animation forever.
When the user uses an Android app to authenticate via the Vault OIDC identity provider and directly authenticates to Vault with for example the
userpassauthentication method the user does get correctly redirected back to the app.When the user tries to login to the Vault web UI with Google OIDC this also works correctly.
So the problem only occurs when one tries to authenticate in an Android app and uses the Vault OIDC provider which then in turn uses Google OIDC (and perhaps other OIDC providers) authentication.
Environment:
The text was updated successfully, but these errors were encountered: