Microsoft Azure account chooser is bypassed on login (no issue with Google sign in though)

[aiva-teddy]

Checklist

• The issue can be reproduced in the Auth0.Android sample app (or N/A).
• I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
• I have looked into the API documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

Hi there,

Current/undesired behavior

I'm having issues with sign in where if I sign in via Microsoft Azure, sign out, and then sign in again, the sign in completely bypasses the Microsoft Azure email entry / account chooser, forcing the same Azure account to be automatically signed in, without giving me the option to sign in via a different email address.

When I sign in via Microsoft Azure, I also ensure I do NOT tick the "Stay signed in?" check box.

Expected/desired behavior

Users signing in via Microsoft Azure should always enter an email address when signing back in.

Current implementation

Here's what I'm currently doing in the Android implementation -

• Add prompt: "login" parameter to the WebAuthProvider.login() call via calling .withParameters(mapOf("prompt" to "login"))
• On logout, call WebAuthProvider.logout()

The login and logout flows are being presented via Chrome Custom Tabs.

Reproduction

I don't have direct access to our Auth0 Management console so I am not sure if I can provide reliable means for reproducing in a sandbox app with a sandbox set up.

Additional context

The odd thing is this doesn't seem to be an issue with Google sign in - after log out, I'm always presented the Google account chooser on log in; never is it "bypassed" the same way as Microsoft Azure is doing. I don't know why Microsoft Azure is doing anything special here.

It's also odd this is NOT an issue for iOS. In our iOS implementation, the user is ALWAYS being presented with the email page when signing in via Microsoft Azure. In this regard, I wonder if the following issues are related

• Add Incognito Custom Tab (Ephemeral Session) support to Android Auth0 SDK #715
• User automatically proceeds through the Auth0 universal login after app uninstall #761

I may be ruling out any special settings in our Auth0 management console or Microsoft Azure, but do suggest if there's anything there that could be causing my issue.

Additionally, my issue is related to this issue another user brought up.

If you don't call the logout method, the next time you go to login the Azure AD page will not allow you to switch accounts and the user gets stuck with the original account that was logged in. The only way to fix this is to go to clear your Chrome browser data and then go login again.

The only difference with my set up is I am calling WebAuthProvider.logout(), and yet despite this, I am experiencing "user gets suck with the original account that was logged in" as described.

Auth0.Android version

3.13.0

Android version(s)

Tested on 13 and 14

[pmathew92]

Hi @aiva-teddy , Thanks for reporting this issue. Once the user is logged in , the browser will save their session details . This is the reason you are automatically logged in the second time you tru to initiate the login flow . But as you invoke the WebAuthProvider.logout() this should clear the saved sessions from the browser and prompt you for user credentials the second time. Few thing I want to ask you

1. When passing the prompt to login parameter ,are you shown the login page ?
2. Have you tried clearing the browser history / data manually and checked if the login page is shown again the second time ?
3. Which browser are you using for login ? Is it chrome , firefox or any other browser ?

[aiva-teddy]

Hello, thank you for your response.

When passing the prompt to login parameter ,are you shown the login page ?

No - When I try re-signing in via Microsoft Azure, I do not see the login page again even when I pass prompt: "login". However, when I try re-signing in via Google, I can see the login page.

Have you tried clearing the browser history / data manually and checked if the login page is shown again the second time ?

Yup, if I manually clear the cookies for login.microsoftonline.com, then the next time I try logging in again, then I see the login page for Microsoft Azure (as desired) (could it be that WebAuthProvider.logout() may not be clearing these cookies?)

However, not sure if this is relevant but when I try clearing the cookies for auth0.com or [MY SUBDOMAIN].auth0.com, then I still don't see the login page for Microsoft Azure.

Which browser are you using for login ? Is it chrome , firefox or any other browser ?

I am using Chrome.

[pmathew92]

Hi @aiva-teddy , Thanks for clarifying . We will take a look into this from our side. One more query, when you do google login and call the WebAuthProvider.logout() method and try logging in again without passing the prompt: "login" , does it show the page or silently logs you in ?

[aiva-teddy]

Hi Prince,

One more query, when you do google login and call the WebAuthProvider.logout() method and try logging in again without passing the prompt: "login" , does it show the page or silently logs you in ?

When I remove the prompt: "login" param, then run the app and call WebAuthProvider.logout() to log out, and then try logging in again, for Google login it doesn't show me the login page or account chooser; it automatically logs me in to the same account I was previously signed in with. So in this regard, this behavior is similar to Microsoft Azure even with prompt: "login" provided.