-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Regional Auth routing to invalid auth url #7229
Comments
Can you please post your verbose logs here? |
Here is the verbose log. If you see at the end, auth is routed to https://westus.login.microsoftonline.us/5b750121-f135-44ef-b08e-61da0ff7c4d6/oauth2/v2.0/token/ endpoint and this endpoint is not valid. MSAL log [level: 2]: [Wed, 07 Aug 2024 01:22:18 GMT] : [ZU7IMd6LTSbkIPGqJY9YD5.1.13] : @azure/[email protected] : Info - acquireTokenByClientCredential called |
@Robbie-Microsoft let me know if you need any other information |
@riteshbhoi - the authority seems correct. You tell MSAL that the region is "westus" and the authority is "login.microsoftonline.us/tenant" and MSAL computes the authority as being "westus.login.microsoftonline.us/tenant". Maybe you got your region wrong? Sovereign cloud regions are not the same as public cloud regions. |
@bgavrilMS Thing is when we are trying to access |
Let's continue over email @riteshbhoi - bogavril |
Outcome of offline discussion was to manually inject regions for nonglobal cloud authorities. Also nonglobal cloud authorities regions doesn't align with global azure regions such as west us2, west us 3 etc, so make sure you validate the availability of the authorities in these clouds before manual injection. |
Core Library
MSAL Node (@azure/msal-node)
Core Library Version
2.9.2
Wrapper Library
Not Applicable
Wrapper Library Version
None
Public or Confidential Client?
Confidential
Description
We implemented a ConfidentialClientApplication and used it to call acquireTokenByClientCredential(clientCredentialRequest) with clientCredentialRequest being identical to the example in the docs for the purpose of using regional auth.
We added the region (westus in our case) to the azureRegion field just like in the example, but the request wasn't routed to a regional endpoint.
Authentication call (for tenant id
5b750121-f135-44ef-b08e-61da0ff7c4d6
) is routed to below URL which doesn't exist.https://westus.login.microsoftonline.us/5b750121-f135-44ef-b08e-61da0ff7c4d6/oauth2/v2.0/token/
Same issue is happening for
https://login.partner.microsoftonline.cn/
authority as well.Error Message
No response
MSAL Logs
No response
Network Trace (Preferrably Fiddler)
MSAL Configuration
Relevant Code Snippets
Reproduction Steps
Expected Behavior
Auth call should be routed to a valid auth URL
Identity Provider
Entra ID (formerly Azure AD) / MSA
Browsers Affected (Select all that apply)
None (Server)
Regression
No response
Source
Internal (Microsoft)
The text was updated successfully, but these errors were encountered: