SSO Login Flow: Password Manager Prompt Not Triggered Before Callback to Native App #2053
Comments
|
@harshaddmi Hi is this device Password manager or an external Password manager app like Authenticator? |
|
@negoe Password manager in question is the built-in functionality within the Chrome Browser on Android devices. The login flow utilizes the MSAL (Microsoft Authentication Library) SDK, which opens authentication flows in a Chrome Browser tab Microsoft Documentation on MSAL Android Single Sign-On: Google Chrome Developer Documentation on Custom Tabs for Android: These resources provide additional information about implementing Single Sign-On with MSAL on Android and utilizing Custom Tabs in Chrome Browser for authentication flows. |
Describe the bug
In the Single Sign-On (SSO) login flow, after entering the email and password and clicking the sign-in button, the callback to the native application does not trigger a prompt to save login credentials by the password manager before moving to the native app.
To Reproduce
Steps to reproduce the behavior:
1.Navigate to the login page.
2.Enter the email and password.
3.Click on the sign-in button.
4.Observe that the callback to the native application occurs, but no prompt to save login credentials is triggered.
Expected behavior
A prompt to save login credentials by the password manager should appear after successful sign-in during the SSO login flow, similar to the behavior observed in the SSO signup flow.
Actual Behavior
No prompt to save login credentials is triggered after successful sign-in during the SSO login flow.
Smartphone Details:
Additional context
During the SSO Signup flow, the password manager correctly prompts to save login credentials. This behavior is observed because the signup flow involves a form with a "Continue" button to move to the next page inside the browser. The password manager correctly detects and prompts to save the login credentials in this scenario.
This prompts the question of whether the lack of a similar prompt during the SSO login flow is expected behavior or if there is a potential issue preventing the password manager from detecting and prompting to save login credentials after the callback to the native application.
The goal is to understand the consistency of password manager prompts across both SSO login and signup flows and to ensure a seamless and user-friendly experience for saving and managing login credentials.
Please note: Do not include sensitive information like PII, OII, credentials, secrets, and tokens.
For privacy/security issues, please see instructions here
The text was updated successfully, but these errors were encountered: