Closed Bug 1574209 Opened 5 years ago Closed 5 years ago

Application using Custom URI gets this error "Malformed callback URL." after installing 68.0.2. It seems to be related to this recent bug fix: 1567614

Categories

(External Software Affecting Firefox :: Other, defect)

Product:
External Software Affecting Firefox
Component:
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1573051

People

(Reporter: cstaff16, Unassigned)

References

(Regression)

Details

(Keywords: regression)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

The change made for the bugfix (1567614) seems to have caused an issue with our application. We use IdentityServer for our login. We use a .net desktop application to login via the browser and with the latest Firefox update, the IdentityModel.Client assembly returns this error:
"Malformed callback URL."

It worked prior to 68.0.2 and currently works fine with Chrome, Edge, and IE11.
Here is a stacktrace from Visual Studio:
at IdentityModel.Client.AuthorizeResponse.ParseRaw()
at IdentityModel.Client.AuthorizeResponse..ctor(String raw)
at IdentityModel.OidcClient.OidcClient.<ProcessResponseAsync>d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at IdentityModel.OidcClient.OidcClient.<LoginAsync>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Daikin.DaikinTools.Authentication.AuthenticationService.<Login>d__66.MoveNext()

Actual results:

Our users get this error logging in to our application:
"Malformed callback URL."

Expected results:

The login via the browser should properly get redirected back to our application via the Custom URI.

Can you tell me a bit about the structure of your custom URI? Does it include a fragment (# component) by any chance?

Flags: needinfo?(cstaff16)
Component: Untriaged → Other
Product: Firefox → External Software Affecting Firefox
Version: 68 Branch → unspecified

Also, if you could log the URI that your application is receiving when it is launched by Firefox, and compare it to the URI that you clicked on, do you see any differences between the two?

We login using this url: https://sso.daikinapplied.com/account/login?returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fresponse_type%3Dcode%2520id_token%26nonce%3D33e446eb385e0b1abe26a6bf1cf7bd01%26state%3D4df8a95e3fe8862ebebf0445ebd6498a%26code_challenge%3DoTr9EY49Ufx0B3f3geBcaCAMvVz58ZuqeP69zgBCfUE%26code_challenge_method%3DS256%26client_id%3Ddaikintoolsprd%26scope%3Dopenid%2520email%2520profile%2520offline_access%2520shortloginid%2520role%2520legacyrole%2520repofficeid%2520daikintoolssvcapiprd%2520daikindcwprd%2520daikinparprd%2520daikinaddrvalprd%2520daikinpipelineprd%2520daikinstockprd%2520cadsdeapiprd%2520opsrecvapiprd%26redirect_uri%3Ddaikinsso%253A

Here is a sample response captured a few days ago from a login via Firefox 68.0.1
daikinsso:#code=ae8589127580d79714d2e5bd2e96d8fb71835a35eb90ba3e7190d3ccab4aae82&id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjU2QzAxM0VCODVEN0MwODA1QzA2NkVERDg2RUU1MjM5MUVCNDZCQTAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiJWc0FUNjRYWHdJQmNCbTdkaHU1U09SNjBhNkEifQ.eyJuYmYiOjE1NjU2NDc3MjAsImV4cCI6MTU2NTY0ODAyMCwiaXNzIjoiaHR0cHM6Ly9zc28uZGFpa2luYXBwbGllZC5jb20iLCJhdWQiOiJkYWlraW50b29sc3ByZCIsIm5vbmNlIjoiNDAyZjcxZGQ1ZDZhZWViOGU1N2RhMGI5YjZmMTQzOGUiLCJpYXQiOjE1NjU2NDc3MjAsImNfaGFzaCI6IjZPTml3OVdMd3h5NXpRMGZEVjRfTnciLCJzaWQiOiIzZDUyZjNlZTA5MTRkNzNmODZiNTk2ODQxZTI5YzY1YyIsInN1YiI6Ijk2NTBmYmQ5LTM0NTYtNGRhNi1hNzUyLTk4MDM2OGI5OGM5NSIsImF1dGhfdGltZSI6MTU2NTY0Mzg0MywiaWRwIjoibG9jYWwiLCJhbXIiOlsicHdkIl19.lnVVBugPa96vFMKncleiiBBWQjsOdUR9WuwbEbrZgYqOr1X_0QGw4Il17uMYKVSw8IcDoN5qn6FWP1mgYm8lmqGMw9cuOeB3eL7n8DnIwFWDReLf2Mryu15UdzN3dksubM6nuaZN6jKlobAF1435_zMgTvb6bn6zxb5LZG5msiGvTbEkN6as5gKqTpj74mHpN0FH2NAyhHtEwpNbPCEATd_rjaHAjgt3NKjAnJgY2N1Fbmv7InH-tfywvM_ui5XOoiFoDssOVAiP9gF1rZfJJM9jRlOBZ3e3ji7_VslWNtrjepAua9qQzg49xm2Zwd6nAdE7tZBjH7w1-Zn_fo6phA&scope=openid%20email%20profile%20shortloginid%20role%20legacyrole%20repofficeid%20daikintoolssvcapiprd%20daikindcwprd%20daikinparprd%20daikinaddrvalprd%20daikinpipelineprd%20daikinstockprd%20cadsdeapiprd%20opsrecvapiprd%20offline_access&state=fdb7f72c6e041ea4a04498cb20c6d762&session_state=Q7CMzX4Q5Rjprf51fv4zEBlGYlg91VwQPi1amihY_AQ.eb6c24d957513b7bf160ace416342b17

Flags: needinfo?(cstaff16)

I think this will be resolved by bug 1573051, but I won't dupe it over until we can verify that.

Depends on: 1573051

If 1573051 does fix the issue, when is expected to be released?

Regressed by: 1567614

(In reply to cstaff16 from comment #5)

If 1573051 does fix the issue, when is expected to be released?

It will be in tomorrow's Nightly and we'll backport it into 68ESR and 69.

Can you try today's Nightly build and let us know if your problem is fixed?

Flags: needinfo?(cstaff16)

The nightly build appears to have fixed our issue, I was able to login successfully to our application.
Thanks.

Flags: needinfo?(cstaff16)

Great, thanks for your prompt reply! I am going to dupe this over to bug 1573051.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
No longer depends on: 1573051
Resolution: --- → DUPLICATE
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.