[Bug] When using google IDP with B2C, login prompt fails

[westleyMS]

Which Version of MSAL are you using ?
MSAL 4.7.1

Platform
Net 4.5

What authentication flow has the issue?

• Desktop / Mobile
  • Interactive

Is this a new or existing app?
New

Repro

    static async Task<AuthenticationResult> getToken()
    {
        string[] scopes = new string[] { "user.read" };
        
        var app = PublicClientApplicationBuilder.Create(clientId).WithTenantId("tenantName.onmicrosoft.com").WithRedirectUri("revoke://dummy").Build();
        var accounts = await app.GetAccountsAsync();
        AuthenticationResult result;
        try
        {
            result = await app.AcquireTokenSilent(scopes, accounts.FirstOrDefault())
                        .ExecuteAsync();
        }
        catch (MsalUiRequiredException)
        {
            result = await app.AcquireTokenInteractive(scopes)
                        .ExecuteAsync();
        }

        return result;
    }

Expected behavior
A token to be returned

Actual behavior
during logon, microsoft logon site redirects to google idp login, and shows the email, then when hitting 'next' we get an error about google not trusting the browser. Not sure why it doesn't trust it, it is the webbrowser control. Here is the error-
"This browser or app may not be secure.

Try using a different browser. If you’re already using a supported browser, you can refresh your screen and try again to sign in."

Possible Solution
We just need to find what kind of check the IDP is doing on the browser control that stops the login.

Additional context/ Logs / Screenshots
This all works fine if the user is from my AAD. Only Google IDP users fail.

[jmprieur]

@westleyMS : can you please share with me (internally is fine) how to configure the tenant to enable the Google IdP? I'm supposing here (from the code) that this is not a B2C scenario?

About the error, I think that Google probably wants you to use a system browser, instead of the embedded browser.
See https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-web-browsers#system-browser-experience-on-net-core
You'll also need to register http://localhost as a reply URI for your app

[westleyMS]

It is B2C, here is what I followed to set it up-

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-goog-app
https://aadguide.azurewebsites.net/aadb2c/aadb2cgoogleidp/

[jmprieur]

Then if this is B2C, @westleyMS, you need to use a B2C authority ( .WithB2CAuthority).
Please have a look to https://github.com/Azure-Samples/active-directory-b2c-dotnet-desktop for instance. There are some subtleties for B2C.

See also https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/AAD-B2C-specifics

[jennyf19]

@westleyMS are you still having issues with this?

[jmprieur]

Closing as this was answered

[westleyMS]

Thanks for your help @jmprieur it was an issue with google requiring using a system browser and not the web browser control.