Azure AD not setting session cookie #2919
Comments
|
Already reported, see #2910 for the upcoming fix and more context. |
|
I'm not sure the fix you refer to is going to work. It made no difference for me. However, if I remove the image altogether then the session cookie gets set as expected and all works. async profile(profile, tokens) {
// const profilePicture = await fetch("https://graph.microsoft.com/v1.0/me/photos/64x64/$value", {
// headers: {
// Authorization: `Bearer ${tokens.access_token}`
// }
// });
// const pictureBuffer = await profilePicture.arrayBuffer();
// const pictureBase64 = Buffer.from(pictureBuffer).toString("base64");
return {
id: profile.sub,
name: profile.name,
email: profile.email,
// image: `data:image/jpeg;base64, ${pictureBase64}`
};
}, |
|
it sounds like that in some cases, even a 64x64 image is too big for the session cookie... 😕 I find Azure Ad's decision to return an image like this instead of an actual url very strange... |
|
could you check if 48x48 works? |
|
Tried 48x48 - still no luck Tried 24x24 - all good |
|
@ndom91 do you think we should go down to one of these sizes? maybe we should just expose an image size property...? 🤔 |
|
Hmm I think exposing an image size option makes the most sense. Users will be showing it at different sizes obviously, but I think our example app header shows a pretty common usage pattern for this and that is around 48x48. So that might be a safe default. Maybe one size up if 48 isn't working for whatever reason haha. That way they can choose the next size up or down if whichever default size doesn't work for them too. What do y'all think? Edit: side note, it's so strange that some sizes seem to arbitrarily not work for some accounts, isn't it?! You'd figure that you upload an image in whichever size and Azure resizes / makes available that image at all sizes then. I have no idea why randomly some sizes wouldn't work for some accounts / profile pics, but would work for others. |
|
This may or may not be related but when changing the scope to For context, I'm needing the refreshToken so I can request a new accessToken (something I do with Okta with no issues). Any ideas? Thanks for your help so far - I'm very impressed with the speed you've been getting back! |
|
@ndom91 I wonder whether we should also have the option not to even bother getting the image at all? It's not something I require and if the size of the image causes an issue then I can live without it ... |
|
just drop the scope for the picture, and it won't be requested. keep in mind that the ID token and refresh token can have a significant size as well, so you might want to check out an adapter. unfortunately it is a browser limitation that you cannot store more than 4096 bytes in a cookie. if you try to set one that is bigger than that, it simply won't be set. |
|
we fixed this in #2910. ended up with a 48x48 default, and added a |
|
That’s great. Thank you so much! |
|
@balazsorban44 when is this fix expected to be available? Will that be part of 4.0.0-beta.5? Thanks again, |
|
it will be. don't have an ETA. check the PR and use a custom provider if you need it now. |
Description 🐜
Using Azure AD provider and able to retrieve token but no session cookie is ever set.
I am taken to the login and able to enter details and authenitcate and then I get redirected back to
http://localhost:3000/#When I check the application tab I see no session cookie set.
Is this a bug in your own project?
Yes
How to reproduce ☕️
AzureADProvider({ clientId: process.env.AZURE_AD_CLIENT_ID, clientSecret: process.env.AZURE_AD_CLIENT_SECRET, tenantId: process.env.AZURE_AD_TENANT_ID, authorization: { params: { scope: 'openid email profile offline_access', response_mode: 'query', response_type: 'code', }, }, }),Screenshots / Logs 📽
No response
Environment 🖥
System:
OS: macOS 11.6
CPU: (8) x64 Apple M1
Memory: 276.35 MB / 8.00 GB
Shell: 5.8 - /bin/zsh
Binaries:
Node: 15.5.1 - ~/.nvm/versions/node/v15.5.1/bin/node
Yarn: 1.22.10 - /usr/local/bin/yarn
npm: 7.3.0 - ~/.nvm/versions/node/v15.5.1/bin/npm
Browsers:
Chrome: 94.0.4606.71
Firefox: 92.0.1
Safari: 15.0
npmPackages:
next-auth: ^4.0.0-beta.4 => 4.0.0-beta.4
Contributing 🙌🏽
Yes, I am willing to help solve this bug in a PR
The text was updated successfully, but these errors were encountered: