Cannot resolve endpoints when used in combinaison with mailgun-js

[Mrtblg]

Core Library

MSAL Node (@azure/msal-node)

Core Library Version

1.12.1

Wrapper Library

Not Applicable

Wrapper Library Version

None

Public or Confidential Client?

Confidential

Description

When importing "mailgun-js": "^0.22.0" (latest) the msal library will fail oAuth with an error message

The bug is very easy to reproduce, juste create a running application with the following package.json

"dependencies": {
    "@azure/msal-node": "^1.12.1",
    "express": "^4.17.2",
    "mailgun-js": "^0.22.0"
  }

Then in your running and working application just add const mailGun = require("mailgun-js"); try to oAuth and you will get an error.
Comment the line const mailGun = require("mailgun-js"); and oAuth works again.

Somehow importing mailgun-js messes up msal-node

Error Message

{"errorCode":"endpoints_resolution_error","errorMessage":"Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://undefined/common/v2.0/.well-known/openid-configuration","subError":"","name":"ClientAuthError"}

Msal Logs

[Thu, 18 Aug 2022 17:35:48 GMT] : @azure/[email protected] : Info - getAuthCodeUrl called
[Thu, 18 Aug 2022 17:35:48 GMT] : @azure/[email protected] : Verbose - initializeRequestScopes called
[Thu, 18 Aug 2022 17:35:48 GMT] : [c990a71c-7df6-429b-a8a5-7822e83c3893] : @azure/[email protected] : Verbose - buildOauthClientConfiguration called
[Thu, 18 Aug 2022 17:35:48 GMT] : [c990a71c-7df6-429b-a8a5-7822e83c3893] : @azure/[email protected] : Verbose - building oauth client configuration with the authority: https://login.microsoftonline.com/common/
[Thu, 18 Aug 2022 17:35:48 GMT] : [c990a71c-7df6-429b-a8a5-7822e83c3893] : @azure/[email protected] : Verbose - createAuthority called
{"errorCode":"endpoints_resolution_error","errorMessage":"Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://undefined/common/v2.0/.well-known/openid-configuration","subError":"","name":"ClientAuthError"}

MSAL Configuration

{
  auth: {
    clientId: "...",
    clientSecret: "...",
  },
  system: {
    loggerOptions: {
      loggerCallback(loglevel, message, containsPii) {
        console.log(message);
      },
      piiLoggingEnabled: false,
      logLevel: msal.LogLevel.Verbose,
    },
  },
}

Relevant Code Snippets

The exemple code of the ms-identity-node-main

Reproduction Steps

Intall "mailgun-js": "^0.22.0"
import/require it
try to oAuth

Expected Behavior

It should be working along with mailgun-js

Identity Provider

Azure AD / MSA

Browsers Affected (Select all that apply)

None (Server)

Regression

No response

Source

External (Customer)

[Mrtblg]

Hello @bgavrilMS @jmprieur @jennyf19 I absolutely need to get this working for the beginning of september to provide SSO to a big client using AzureAD.
Can you give me a level of prioritiazation on your end ?

Thank you for your update

[bgavrilMS]

Hi @Mrtblg - this is just a network error, an http call cannot be made. Looking closely to the error, it looks like you might have not configured the authority. See "undefined" there.

[Mrtblg]

Hi @bgavrilMS I know it might look like it at first glance.

But in reality the problem is caused some how by the const mailGun = require("mailgun-js");.
As I said, as soon as I comment this line (without any other change in the configuration or authority), suddenly the http call is made correctly and everything is working as expected.
As soon as I uncomment back the line, the problem is back.

Somehow, there is something in your library that is impacted by the const mailGun = require("mailgun-js"); line and messes things up.

Have you tried to add the package "mailgun-js": "^0.22.0" to the exemple code of the ms-identity-node-main provided by microsoft and add the const mailGun = require("mailgun-js"); line ?
I definitely think it is a real bug.

[bgavrilMS]

@derisen - do you have any idea what's happening?

[bgavrilMS]

@Mrtblg - afaik, you can introduce your own network layer, see

microsoft-authentication-library-for-js/lib/msal-node/src/config/Configuration.ts

Line 125 in a43ec23

networkClient: NetworkUtils.getNetworkClient(),

/ INetworkClient - maybe this can be used as a workaround.

CC @Robbie-Microsoft

[jasonnutter]

Looks like this could be caused by something in mailgun-js: mailgun/mailgun-js-boland#265 (comment)

[jasonnutter]

More detail: MONEI/Shopify-api-node#406 (comment)

It looks like nodemailer does not have this issue, so please try switching to it (also note that mailgun-js is deprecated and unlikely to be updated).

[Mrtblg]

@jasonnutter thank you for the investigation. mailgun-js is deprecated indeed and does mess-up https requests.

I migrated to mailgun.js which is the new official library and it all seams to work as expected 👍

Thank you for your help !