TL;DR: The CallbackPage does not properly load or run its OnReady page event when redirected to from the Microsoft authentication flow and passed a session_state argument. Is there a fix for this?
After going through the authentication flow, the reactive component's CallbackPage is opened with the appropriate input arguments, including the session_state.However, nothing seems to load. The OnApplicationReady system event does not run, OnReady page event does not run, and any javascript files required by the page are not loaded. Inspecting the page reveals no relevant UI tags other than the <body>'s immediate children, and the console shows no errors.
This can be manually addressed by loading the page without the session_state parameter (or even just removing the "#" sign at the end of the argument), or by opening the InvalidPermissions page (or the CallbackPage without any input parameters) from the component module in another tab, then refreshing the initial CallbackPage tab. Obviously, we can't have our users do either of those every time they login.
The latter "fix" tells me that something is preventing typical OutSystems module processes from running until a valid instance of the module is opened, and the former seems to indicate that this is caused by the session_state argument's "#" sign.
Is there a reason for this behavior, and a way to resolve it?
Hello Daniel,
Is it throwing any error like "Azure Ad data missing"? Have you passed the correct value to the "Redirect to screen". Kindly check the attached picture's property tab. Still you can't solve the problem. Kindly share your OML file.
Hope it Helps,
Regards,Nandhakumar S.
Hi Nandhakumar.
Unfortunately, I cannot share the oml due to client confidentiality. However, to answer your questions:
No, no errors are thrown. None are logged in the browser console or the environment's Service Center.
The GetOAuth2AuthenticationURL action is definitely called correctly: completion of the authentication flow redirects users to the correct domain, espace, and page. The page simply doesn't load unless the session_state parameter that the auth flow passes to the redirect URI is removed or modified to not include a "#" symbol.
Another way to kickstart the redirectURI page is to open another tab with another page from the same espace, then refresh the redirectURI page.