ReAuth

To reproduce

Have IPv6 Enabled and configured as default either via system defaults
or set -Djava.net.preferIPv6Addresses=true as additional launch option
Try to log in using This Device
After completing the Microsoft login process get redirected to something like http://127.0.0.1:52371/
See Unable to connect

The problem seems to bee that the java process is opening a socket for localhost (InetAddress.getLoopbackAddress()), and that gets resolved to [::1] (IPv6 localhost).
But the redirect either gets resolved differently, or is simply hard-coded to 127.0.0.1.

This can be seen by using ss on Linux:

$ ss -tlp
State     Recv-Q    Send-Q       Local Address:Port              Peer Address:Port    Process                                         
LISTEN    0         50                   [::1]:52371                     [::]:*        users:(("java",pid=280710,fd=465))

I have tested this on Linux and macOS, versions:

Linux $HOSTNAME 5.18.15-arch1-1 #1 SMP PREEMPT_DYNAMIC Fri, 29 Jul 2022 22:52:39 +0000 x86_64 GNU/Linux
Darwin $HOSTNAME 21.6.0 Darwin Kernel Version 21.6.0: Sat Jun 18 17:07:25 PDT 2022; root:xnu-8020.140.41~1/RELEASE_X86_64 x86_64

With Firefox and safari, respectively

As far as I understand this happens here:

ReAuth/src/common/java/technicianlp/reauth/authentication/http/server/AuthenticationCodeServer.java

Line 32 in 3ee5617

    
           InetSocketAddress localAddress = new InetSocketAddress(InetAddress.getLoopbackAddress(), port);

I would say to solve this we should:

Check which IP versions are available
Listen on all available versions
or
check what is the default (and what is available)
explicitly set the redirect URL to 127.0.0.1 or [::1]

The redirect that is used after login has to be configured with
Microsoft beforehand. The Problem being Microsoft not currently
supporting [::1] as a redirect target.

Okay, surprising.

It should be possible to redirect to http://localhost:52371 instead
whenever IPv6 is used, would that resolve your problem?

I assume that might make it worse in a fails intermittendly kind of way
The local DNS resolver might round-robin answer with ipv4 and ipv6, leading it to only fail sometimes

The Problem being Microsoft not currently supporting [::1] as a redirect target.

I would just bind explicitly to the ipv4 localhost, maybe with

InetSocketAddress localAddress = new InetSocketAddress(InetAddress.getByName("127.0.0.1"), port);

Then redirecting to http://127.0.0.1:52371 should work even if ipv6 is preferred

It may be good to log the case that no ipv4 is available, and direct to this issue.

You should be able to use the "Any Device" Option on the right for logging in until this gets fixed.

Thank you, I will try that.

Thanks for bringing this to my attention.
The redirect that is used after login has to be configured with Microsoft beforehand. The Problem being Microsoft not currently supporting [::1] as a redirect target.
It should be possible to redirect to http://localhost:52371 instead whenever IPv6 is used, would that resolve your problem?

You should be able to use the "Any Device" Option on the right for logging in until this gets fixed.

Should be fixed for Version 4.0.6.

Share to

To reproduce