microsoft
Bot OAuth uses magic code when the browser is desktop FireFox or IPhone safari
Is it an issue related to Adaptive Cards?
No
Is this an accessibility issue?
No
What version of Web Chat are you using?
Latest production
Which distribution are you using Web Chat from?
NPM
Which hosting environment does this issue primarily affect?
Web apps
Which browsers and platforms do the issue happened?
Browser: Firefox (latest)
Which area does this issue affect?
Attachment: OAuth card
What is the public URL for the website?
No response
Please describe the bug
Webchat is configured to use a token which includes a trusted origin.
The Bot has an OAuth card, when clicked a new tab opens which guides the user through the OAuth login process, Once authenticated the user is presented with a Magic Code which needs to be copied and pasted in the Bot. The Magic code only appears when using the FireFox browser Or on an Iphone. NO magic code is required when using Edge Or Chrome as the token includes the trusted origin.
I think this has something to do with prevent cross site tracking?
Do you see any errors in console log?
No response
How to reproduce the issue?
Setup a bot in azure with an OAuth Connection (in the Configuration section of the Azure bot resource) In the bot code add an OAuth Card to trigger the OAuth configuration Build a simply html page hosting the webchat java script ensure to connect to direct line using a token including a trusted origin
On Firefox Run the page in Firefox and click the Auth button in the bot After Authentication the Magic code box appears
On an Iphone Run the page on an Iphone and click the Auth button in the bot After Authentication the Magic code box appears
What do you expect?
Once the auth is complete NO magic code is shown. This works as expected when running in Chrome or Edge
What actually happened?
The Oauth Magic code appeared
Do you have any screenshots or recordings to repro the issue?
No response
Adaptive Card JSON
No response
Additional context
No response
