You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm integrating the Intune SDK into our company's app and have run into a bug in MSAL.
On an unmanaged device or on an Intune MDM-managed device with MS Authenticator installed, Intune user enrollment is successful. However, on an unmanaged device that has MS Authenticator installed, completing the enrollment flow results in a -50000 error upon returning to the app.
Digging into the MSAL source code, I found that [decryptedResponse[@"success"] boolValue] in line 141 of MSIDDefaultBrokerResponseHandler is being evaluated as nil. The "success" value is a string, @"1", not a number. This causes the failure.
As a short-term solution, I have rewritten this to explicitly treat decryptedResponse[@"success"] as a string:
// decryptedResponse[@"success"] is @"1"
// [decryptedResponse[@"success"] boolValue] was returning `nil`, resulting in a failure
// This instead explicitly converts the value to an NSNumber to get the boolean value
BOOL success = NO;
if (decryptedResponse[@"success"]) {
// Make it an NSString, just in case it's something else
NSString *successString = [NSString stringWithFormat:@"%@", decryptedResponse[@"success"]];
if (![NSString msidIsStringNilOrBlank:successString]) {
NSNumberFormatter *formatter = [[NSNumberFormatter alloc] init];
NSNumber *successNumber = [formatter numberFromString:successString];
if (successNumber) {
success = [successNumber boolValue];
}
}
}
// Successful case
if ([NSString msidIsStringNilOrBlank:decryptedResponse[@"broker_error_domain"]]
&& success)
{
The text was updated successfully, but these errors were encountered:
I didn't find any instance where "success" is set to a non-NSString value. In the function msidDictionaryFromWWWFormURLEncodedString, each entry is added to the dictionary with the value always converted to a string:
Additionally, I adjusted some tests to convert the value of "success" to int or double, and boolValue didn't fail in converting to boolean. Please let me know if you have an example you can share with me regarding the value.
Thanks. The only example I have is that I shared originally. The value of "success" was @"1" when checked in the debugger, but the boolValue of that resulted in nil, not YES. Because the value of "success" is a string that is "1" (and not "y", "Y", "t", "T"), boolValue is not going to result in true. I'm surprised it is resulting in nil instead of false, though.
MSAL 1.7.0
Intune SDK 19.7.9
Xcode 15.4
I'm integrating the Intune SDK into our company's app and have run into a bug in MSAL.
On an unmanaged device or on an Intune MDM-managed device with MS Authenticator installed, Intune user enrollment is successful. However, on an unmanaged device that has MS Authenticator installed, completing the enrollment flow results in a -50000 error upon returning to the app.
Digging into the MSAL source code, I found that
[decryptedResponse[@"success"] boolValue]
in line 141 ofMSIDDefaultBrokerResponseHandler
is being evaluated asnil
. The "success" value is a string,@"1"
, not a number. This causes the failure.As a short-term solution, I have rewritten this to explicitly treat
decryptedResponse[@"success"]
as a string:The text was updated successfully, but these errors were encountered: