Back in October I published a post titled: How to capture moble login errors with Azure ADAL. Here is an additional piece to add to that article.

Background

I am working on a Xamarin Forms app that uses Azure Active Directory for authentication. If you’re not familiar with this process, it uses the OAuth protocol to verify the identity of the user. This process is actually handled outside of the application with a authentication token returned to the application in the case of a successful login, or an error, in the case of a failure.

Last week I ran into something that was neither of those:

The information displayed above is actually a web page, and as mentioned above, actually outside of the application, so in effect, the application does not, nor will not, know of the error because it is not actually being reported back as an authentication failure.

Possible Causes

First and foremost, the error statement is not 100% correct.  My user did indeed have the proper access to the tenant, so I knew that was not the problem.

In all likelihood, this was an issue that was cause by either incorrectly cached credentials, or a change in the configuration of the application within Azure Active Directory.

Correcting the Issue

While I have code that will clear any cached credentials, I was not actually logged into the application where the logout button could be pressed and the code executed. That left me with the only  other possibility: Removing the application from the device.

I did so, then redeployed, and everything was fine.

Lessons Learned?

While I am not positive which of the two scenarios it might have been, we might need to add a mechanism on the login screen to clear cached credentials so that the issue doesn’t reoccur.  But it may not actually be an issue that will be seen in the real world so we will probably just take a wait and see attitude.