Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

msal-node 1.8.0 with a proxy server doesn't work #6230

Closed
baelene opened this issue Jul 11, 2023 · 10 comments
Closed

msal-node 1.8.0 with a proxy server doesn't work #6230

baelene opened this issue Jul 11, 2023 · 10 comments
Assignees
@Robbie-Microsoft
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed confidential-client Issues regarding ConfidentialClientApplications msal-node Related to msal-node package Needs: Author Feedback Awaiting response from issue author no-issue-activity Issue author has not responded in 5 days question Customer is asking for a clarification, use case or information.

Comments

@baelene
Copy link

baelene commented Jul 11, 2023

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

1.18.0

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

Not Applicable

Public or Confidential Client?

Confidential

Description

Hello,

I cannot use msal-node 1.8.0 with a proxy server. I've also tried version 14,16,17

My package.json contains:

In my package.json

 "@azure/msal-node": "1.18.0",
 "http-proxy-agent": "^5.0.0",
 "https-proxy-agent": "^5.0.0"

And In the proxy, it looks like microsoftonline close the connection with a 302

URL: http://login.microsoftonline.com/$mytenantId/v2.0/.well-known/openid-configuration
Status: Redirect
Response Code: 302 Found
Method: GET
Content Type: -

Content-Length: 0
Location: https://login.microsoftonline.com:443/$mytenantId/v2.0/.well-known/openid-configuration
client-request-id: 81204f1b-f103-4066-8c03-c98294d230db
Date: Thu, 06 Jul 2023 11:13:49 GMT
Connection: close

If I curl the same URL with the proxy, I receive a 200 with the correct payload.

Thank you for your help.

Error Message

[Thu, 06 Jul 2023 11:13:49 GMT] : @azure/[email protected] : Verbose - Found cloud discovery metadata in the config.
ClientAuthError: endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retr authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://login.microsoftonline.com/$mytenantId/v2.0/.well-known/openid-configuration
at ClientAuthError.AuthError [as constructor] (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:499:24)
at new ClientAuthError (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:819:28)
at Function.ClientAuthError.createEndpointDiscoveryIncompleteError (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:
at Function. (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:8391:47)
at step (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:79:23)
at Object.throw (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:60:53)
at rejected (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:51:65)
at processTicksAndRejections (internal/process/task_queues.js:95:5) {
errorCode: 'endpoints_resolution_error',
errorMessage: 'Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your aell-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://login.microsoftonline.com/$mytenantId-configuration',
subError: ''

Msal Logs

[Thu, 06 Jul 2023 11:13:49 GMT] : @azure/[email protected] : Info - getAuthCodeUrl called
[Thu, 06 Jul 2023 11:13:49 GMT] : @azure/[email protected] : Verbose - initializeRequestScopes called
[Thu, 06 Jul 2023 11:13:49 GMT] : [7ffb7816-8a7e-4a3e-8d53-93a8ad2ecbc5] : @azure/[email protected] : Verbose - buildOauthClientConfiguration called
[Thu, 06 Jul 2023 11:13:49 GMT] : [7ffb7816-8a7e-4a3e-8d53-93a8ad2ecbc5] : @azure/[email protected] : Verbose - building oauth client configuration with the authority: https://lod8c210-54c7-4039-a88b-4417f80773fe
[Thu, 06 Jul 2023 11:13:49 GMT] : [7ffb7816-8a7e-4a3e-8d53-93a8ad2ecbc5] : @azure/[email protected] : Verbose - createAuthority called
[Thu, 06 Jul 2023 11:13:49 GMT] : @azure/[email protected] : Verbose - Attempting to get cloud discovery metadata in the config
[Thu, 06 Jul 2023 11:13:49 GMT] : @azure/[email protected] : Verbose - The host is included in knownAuthorities. Creating new cloud discovery metadata from the host.
[Thu, 06 Jul 2023 11:13:49 GMT] : @azure/[email protected] : Verbose - Found cloud discovery metadata in the config.
ClientAuthError: endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retr authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://login.microsoftonline.com/$mytenantId/v2.0/.well-known/openid-configuration
at ClientAuthError.AuthError [as constructor] (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:499:24)
at new ClientAuthError (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:819:28)
at Function.ClientAuthError.createEndpointDiscoveryIncompleteError (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:
at Function. (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:8391:47)
at step (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:79:23)
at Object.throw (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:60:53)
at rejected (/Users/eric/dev/ecosys/ecosys-src/ecosys-core-frontend/node_modules/@azure/msal-common/dist/index.cjs.js:51:65)
at processTicksAndRejections (internal/process/task_queues.js:95:5) {
errorCode: 'endpoints_resolution_error',
errorMessage: 'Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your aell-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://login.microsoftonline.com/$mytenantId-configuration',
subError: ''

MSAL Configuration

{
auth: {
clientId: module.config.azure.clientId,
authority: https://login.microsoftonline.com/${module.config.azure.tenantId},
clientSecret: module.config.azure.clientSecret,
knownAuthorities: [https://login.microsoftonline.com/${module.config.azure.tenantId}]
},
system: {
loggerOptions: {
loggerCallback(loglevel, message, containsPii) {
console.log(message);
},
piiLoggingEnabled: false,
logLevel: msal.LogLevel.Verbose,
},
proxyUrl: module.config.azure.proxyUrl
}
}

Relevant Code Snippets

const azureAdConfig = {
            auth: {
                clientId: module.config.azure.clientId,
                authority: `https://login.microsoftonline.com/${module.config.azure.tenantId}`,
                clientSecret: module.config.azure.clientSecret,
                knownAuthorities: [`https://login.microsoftonline.com/${module.config.azure.tenantId}`]
            },
            system: {
                loggerOptions: {
                    loggerCallback(loglevel, message, containsPii) {
                        console.log(message);
                    },
                    piiLoggingEnabled: false,
                    logLevel: msal.LogLevel.Verbose,
                },
                proxyUrl: module.config.azure.proxyUrl
            }
        };
        const cca = new msal.ConfidentialClientApplication(azureAdConfig);

        module.expressApplication.get('/:context/azureadauth', async (req, res) => {
            const authCodeUrlParameters = {
                scopes: ['User.Read'],
                redirectUri: `${module.config.azure.callbackURLPrefix}/${req.params.context}/azureadcallback`,
            };
            const authUrl = await cca.getAuthCodeUrl(authCodeUrlParameters);
            res.redirect(authUrl);
        });

Reproduction Steps

Open browser with azureadauth url and I never received the redirect url.

Expected Behavior

To receive the redirect url

Identity Provider

Azure AD / MSA

Browsers Affected (Select all that apply)

None (Server)

Regression

No response

Source

Internal (Microsoft)
@baelene baelene added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Jul 11, 2023
@ghost ghost assigned lalimasharda Jul 11, 2023
@ghost ghost added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Jul 11, 2023
@github-actions github-actions bot added confidential-client Issues regarding ConfidentialClientApplications msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package labels Jul 11, 2023
@bgavrilMS bgavrilMS added msal-node Related to msal-node package and removed msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package labels Jul 13, 2023
@lalimasharda lalimasharda removed their assignment Jul 17, 2023
@microsoft-github-policy-service
Copy link
Contributor

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @Robbie-Microsoft please follow up.

5 similar comments
@microsoft-github-policy-service
Copy link
Contributor

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @Robbie-Microsoft please follow up.

@microsoft-github-policy-service
Copy link
Contributor

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @Robbie-Microsoft please follow up.

@microsoft-github-policy-service
Copy link
Contributor

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @Robbie-Microsoft please follow up.

@microsoft-github-policy-service
Copy link
Contributor

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @Robbie-Microsoft please follow up.

@microsoft-github-policy-service
Copy link
Contributor

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @Robbie-Microsoft please follow up.

@bgavrilMS
Copy link
Member

@Robbie-Microsoft - can you please provide guidance here?

@baelene - can you try with the newly released 2.0.0 version?

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Author Feedback Awaiting response from issue author and removed Needs: Attention 👋 Awaiting response from the MSAL.js team labels Aug 15, 2023
@Robbie-Microsoft
Copy link
Collaborator

I agree with @bgavrilMS, we just a saw a similar issue resolved after upgrading to msal-node v2.0.1. @baelene, can you upgrade to this version and post the verbose logs here if you are still experiencing the same issue?

Additionally, I also seem to remember that msal-node had issues when being used in tandem with the http-proxy-agent(s) packages.

Lastly, @baelene, have you tried implementing your own Http Client? Instructions on how to do so can be found in this sample. There are instructions on how to perform network tracing as well.

@microsoft-github-policy-service
Copy link
Contributor

@baelene This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.

1 similar comment
@microsoft-github-policy-service
Copy link
Contributor

@baelene This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.

@microsoft-github-policy-service microsoft-github-policy-service bot added the no-issue-activity Issue author has not responded in 5 days label Aug 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Robbie-Microsoft Robbie-Microsoft

Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed confidential-client Issues regarding ConfidentialClientApplications msal-node Related to msal-node package Needs: Author Feedback Awaiting response from issue author no-issue-activity Issue author has not responded in 5 days question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@baelene @bgavrilMS @lalimasharda @Robbie-Microsoft