Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The redirect URI in the configuration file doesn't match with the one generated with package name and signature hash #46

Open
Prabhakaran-Ganesan opened this issue Jan 7, 2021 · 7 comments
Open

The redirect URI in the configuration file doesn't match with the one generated with package name and signature hash #46

Prabhakaran-Ganesan opened this issue Jan 7, 2021 · 7 comments
Assignees
@rpdome

Comments

@Prabhakaran-Ganesan
Copy link

Basic information:

I am trying out the sample from this link (https://github.com/Azure-Samples/ms-identity-android-java/)
 to integrate with Microsoft identity platform
The sample app is working fine with the default configuration.

I also followed this tutorial (https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-shared-device-mode)
to enable shared-device mode using the Authenticator app.

This also working fine.
The problem occurred when I replace the client Id and other configurations in the config file using
 the App registration from our Azure Active Directory 

Please find more details in the repro steps below

Minimal steps to reproduce

  1. Download the sample from this link (https://github.com/Azure-Samples/ms-identity-android-java/)

  2. Set up the Authenticator App using this tutorial (https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-shared-device-mode)

  3. Register an app in the azure active directory and add an android platform in the authentication section

  4. Generate a config file by providing package name and signature hash

  5. Then open the sample app and open the auth_config_single_account.json file and replace content with the file generated from the App registration in Azure Active directory

  6. Open AndroidManifest.xml file and change the data path value in BrowserTabActivity (Line No. 35) with the generated signature hash

  7. Run the app

  8. On opening the app, it is showing the following exception.

com.microsoft.identity.client.exception.MsalClientException: The redirect URI in the configuration file doesn't match with the one generated with package name and signature hash. Please verify the uri in the config file and your app registration in Azure portal.

I have found a workaround for removing this error as follows. But this workaround doesn’t make the application to run in Shared-Device mode and the app is working in regular mode only even though the “mSingleAccountApp.isSharedDevice()“ returns ‘true’

Workaround steps

  1. Add a extra character like typo in the redirect uri in the config file as shown below and also include this redirect uri in the app registration in the azure active directory

ORIGINAL

"redirect_uri" : "msauth://com.azuresamples.msalandroidapp/ga0RGNYHvNM5d0SLGQfpQWAPGJ8%3D"

WORKAROUND

"redirect_uri" : "msauth://com.azuresamples.msalandroidappz/ga0RGNYHvNM5d0SLGQfpQWAPGJ8%3D"

  1. Also change the same in the AndroidManifest.xml (Line No. 34)

ORIGINAL

android:host="com.azuresamples.msalandroidapp"

WORKAROUND

android:host="com.azuresamples.msalandroidappz"

  1. After these changes, the app is working in regular mode but not working in Shared-Device mode

Please help me resolve this issue.

Device Details

Device : Redmi 4A
Android version: 7.1.2

@rpdome For traceability, mentioning the microsoft support ticket number 120120326004885

Mention any other details that might be useful

Thanks! We'll be in touch soon.
@Prabhakaran-Ganesan Prabhakaran-Ganesan changed the title The redirect URI in the configuration file deosn't match with the one generated with package name and signature hash The redirect URI in the configuration file doesn't match with the one generated with package name and signature hash Jan 7, 2021
@Naakhta
Copy link

Naakhta commented Feb 2, 2021

@rpdome - Hi Dome , Prabhakaran has followed your steps to Invalidate caches and Restart in android however the result is same and the application is still not working as per the shared device mode.
Please suggest here.

@rpdome
Copy link
Contributor

rpdome commented Feb 2, 2021
edited
Loading

@Prabhakaran-Ganesan Could you please try debugging with the code in the following function - and see what signature hashes you're getting?

https://github.com/AzureAD/microsoft-authentication-library-for-android/blob/6999c4d2a54951b70d03706a775ec7b18fc5098a/msal/src/main/java/com/microsoft/identity/client/PublicClientApplicationConfiguration.java#L490

@rpdome rpdome self-assigned this Feb 2, 2021
@Prabhakaran-Ganesan
Copy link
Author

Prabhakaran-Ganesan commented Feb 6, 2021
edited
Loading

@rpdome Using the above code, I have got a different signature instead of the one generated with my keystore.
Then I changed my project configs and azure portal with this new signature.

After this the problem got resolved.

For clarification, I have created another new sample project and new key store.
Here also the same issue occurred. Again I used the above code to solve the problem.

Below are the steps I followed.

  1. In Android Studio(4.1.2), A new project was created
  2. The MSAL dependencies and related code were added
  3. A new keystore file(testkey.jks) was added using the Android studio
  4. Then the following command was used to generate the signature hash

keytool -exportcert -alias myalias -keystore "E:\Keystore\testkey.jks" | "E:\openssl-0.9.8k_X64\bin\openssl.exe" sha1 -binary | "E:\openssl-0.9.8k_X64\bin\openssl.exe" base64

  1. After entering the password, I have got the signature hash. Then I inlcuded this in my azure app registration to get the configuration file.

  2. The signed release apk was generated using Android studio.

  3. The same error occured after installing the apk.

  4. I used the same code to verify the signature but I found a different one.

  5. Then I changed the signature hash in my project and azure app registration with the one found above

  6. The issue got solved.

Here What I observed is that the issue got solved by using the signature hash obtained using the code and also it is not matching with the signature generated with the following command line

keytool -exportcert -alias SIGNATURE_ALIAS -keystore PATH_TO_KEYSTORE | openssl sha1 -binary | openssl base64

(Same occurred for debug signature too)

Is this a bug or am I missing something?

@rpdome
Copy link
Contributor

rpdome commented Feb 8, 2021

@Prabhakaran-Ganesan I'm suspecting that

  1. The testkey.jks is not used at all - could be some configuration issue in Android Studio or in your gradle file.
  2. When I was trying with AzureSample's keystore and accidentally input a wrong path, the command would still generate a string. Are you getting prompted for password when you're executing the command? Could you please try just keytool -exportcert -alias myalias -keystore "E:\Keystore\testkey.jks" and see if you're getting something out?

@Prabhakaran-Ganesan
Copy link
Author

Greetings, @rpdome

I have verified the input path and also I got the prompt for password as well but still getting the same signature.
As suggested , I have got the following result upon executing the command

keytool -exportcert -alias myalias -keystore "E:\Keystore\testkey.jks"

image

@Prabhakaran-Ganesan
Copy link
Author

Dear @rpdome ,

We are awaiting for your response.

Thanks and Regards
Prabhakaran

@fabaumann91
Copy link

Confirmed @rpdome, This is a bug that was resolved by adding z to the end of my package name. Thank you @Prabhakaran-Ganesan for finding it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rpdome rpdome

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rpdome @fabaumann91 @Naakhta @Prabhakaran-Ganesan