Hi all, is expired cookies management changed lately? Authentication doesn't work anymore in following use case. Question is all about FF for windows, while usually I'm o… (read more)
Hi all, is expired cookies management changed lately? Authentication doesn't work anymore in following use case. Question is all about FF for windows, while usually I'm on FF Android, Edge and Chrome for Windows and all these browsers are working correctly.
My working web app (static blazor wasm standalone) is interactively authenticating in Azure AD B2C using Microsoft.Authentication.WebAssembly.Msal library (like MSAL.js), API is an Azure Function protected through AAD B2C.
Login request successfully invokes Signin/Signup B2C flow with popup to myb2ctenant.b2clogin.com but breaks navigating to auth protected pages or backend apis.
From DevTools I see that every request to following b2c endpoints sets an expired cookie (expired 10 years before, year is now 2012):
When user clicks login: GET /myb2ctenant.onmicrosoft.com/b2c_1_sinsup/v2.0/.well-known/openid-configuration
Returning from login confirmation: GET /myb2ctenant.onmicrosoft.com/B2C_1_SInSUp/api/CombinedSigninAndSignup/confirmed?rememberMe=false&csrf_token=xxx
for example: Set-Cookie: x-ms-cpim-trans=; domain=myb2ctenant.b2clogin.com; expires=Fri, 14-Sep-2012 12:46:46 GMT; path=/; SameSite=None; secure; HttpOnly
FF registers this warning in console:
Cookie “x-ms-cpim-trans” has been rejected because it is already expired
Following when MSAL execute a request to /myb2ctenant.onmicrosoft.com/b2c_1_sinsup/oauth2/v2.0/authorize?xxxx
Response always contains:
Location: https://blazorapp.xx.web.core.windows.net/authentication/login-callback#error= interaction_required&error_description=AADB2C90077%3a+User+does+not+have+an+existing+session+and+request+prompt+parameter+has+a+value+of+%27None%27.%0d%0a
All other browsers are working... Thanks in advance for any help