How to capture moble login errors with Azure ADAL

If you are creating a mobile application that uses the Azure Active Directory Access Library (ADAL) component, you will need to learn how and when errors are returned from the component.

Here are a few to get you started:

Error Messages

#1: User presses the cancel button on the first login page

If the user presses the Cancel button on this page:

image

You will receive the following error message:

User canceled authentication

 

#2: User presses the cancel button on the permissions page

If the user presses the Cancel button on this page:

SNAGHTML58b2d43

You will receive an error message that starts with:

aadsts65004: the resource owner or authorization server denied the request.

 

#3: User supplies incorrect URL

If you are creating an application that accesses Dynamics CRM Online, you must pass in the URL for the organization you wish to connect to. If the URL supplied to the ADAL service is incorrect, you will receive the following error message:

Error: nameresolutionfailure

 

#4: ADAL component cannot display the login page

The way the ADAL component works is by displaying a webview control in which is loads the web-based login pages to request user credentials using OAuth. If the ADAL component has an issue displaying that webview, you will receive the following error:

authentication_ui_failed: the browser based authentication dialog failed to complete

 

Handling Errors

Some of these errors need to be reported back to the user an an error and some do not.

#1 and #2 simply mean the user has canceled the operation and you can probably safely ignore the error and cancel the login operation.  But keep in mind that #2 could also generate a real error but I am not exactly sure of the circumstances where that would occur.

#3 is an error that needs to be displayed to the user, but I would change the actual message to something that makes more sense to the user.

In my case, I was asking for the organization name and the Dynamics CRM Data Center (crm, crm2, crm4, etc.) and if the user entered or selected the wrong information, then I wanted to tell them it was incorrect instead of showing the nameresolutionfailure message.

#4 in all likelihood means that your application is not passing the proper window handle to the control (RootViewController in the case of iOS) which is a condition you need to correct or your app will never work with ADAL correctly.

←Previous post Next post→