Microsoft-authentication-library-for-js: [MSAL for Angular] Sending GET request to undefined url on Auth

Created on 4 Sep 2019  路  10Comments  路  Source: AzureAD/microsoft-authentication-library-for-js

I'm submitting a...


[ ] Regression (a behavior that used to work and stopped working in a new release)
[x] Bug report  
[ ] Performance issue
[ ] Feature request
[ ] Documentation issue or request
[ ] Other... Please describe:

Browser:

  • [x] Chrome version XX
  • [ ] Firefox version XX
  • [ ] IE version XX
  • [ ] Edge version XX
  • [ ] Safari version XX

Library version


Library version: 0.1.2

Current behavior

I have to clear my local storage and logout of Microsoft to access my angular application after not visiting it for an extended period of time. It was previously working, now I get the following error in chrome console:

GET https:/login.microsoftonline.com//oauth2/v2.0/undefined 404 (NOT FOUND).

For some reason it is sending a GET request with a /undefined attached to the end of it.

Expected behavior


I expect to not have to clear my local storage / logout of of Microsoft to use my app.

Minimal reproduction of the problem with instructions


Wait for access token to expire in browser's local storage. I.e.., when I try to visit the angular app in morning after not using the app overnight. I have to clear my local storage and logout of Microsoft to access the angular application.

More details

I am using the MSAL Angular library with the interceptor. I have it setup to use my app id and have just added the [MsalGuard] to my routes. In my app.module I have

MsalModule.forRoot({ clientID: environment.clientId, authority: 'https://login.microsoftonline.com/<App-ID>/', redirectUri: environment.redirectUri, cacheLocation : 'localStorage', protectedResourceMap : [ [environment.apiUrl, [environment.apiScope]] ] }),

Nothing got changed in this part of the app.module.ts, and with these settings before it was not producing this error. Does anyone have an idea on where I could start to debug this? It's seems incredibly hard to debug or to track down what the cause of this is.

bug external
Source
picture nfgallimore
👍4

Most helpful comment

We have determined this is a bug in login.microsoftonline.com, not the library itself. The service team is triaging now.

picture jasonnutter on 16 Mar 2020
🎉2

All 10 comments

@jasonnutter I will try to update with more details, but the details seem to be lacking for this issue.

nfgallimore picture nfgallimore on 6 Sep 2019

I'm having this exact problem. It happens during silent token renewal after the user hasn't been active on the site awhile. I get a single call to undefined for each msal token renewal frame, followed by a token renewal timeout error.

{_error: "Token renewal operation failed due to timeout", _errorDesc: "Token Renewal Failed", _scopes: ""}

mlindberg picture mlindberg on 24 Sep 2019

Are you subscribing to the event acquireTokenFailure and then silently trying to reacquire? That's what I had to do to fix it. I did it in the app component:

import { Component, OnInit } from '@angular/core';
import { MsalService, BroadcastService } from '@azure/msal-angular';

@Component({
  selector: 'app-root',
  templateUrl: './app.component.html',
  styleUrls: ['./app.component.scss']
})
export class AppComponent implements OnInit {

  constructor(
    private msalService: MsalService,
    private broadcastService: BroadcastService) {
  }

  ngOnInit() {
    const sub = this.broadcastService.subscribe('msal:acquireTokenFailure', () => {
      sub.unsubscribe();
      this.msalService.loginRedirect();
    });
  }
}
nfgallimore picture nfgallimore on 1 Oct 2019

@jasonnutter I can confirm that we are also getting this same error with @azure/msal-angular 0.1.4-beta.2. Our repro steps are exactly the same, whenever somebody accesses the app for the first time in the day, a GET to https://login.microsoftonline.com/[tenant_id]/oauth2/v2.0/undefined is made. The only recovery from that issue is to clear the local/session storage. I haven's tested whether this is resolved in the new msal-angular beta, but for now we're stuck with @azure/msal-angular 0.1.4-beta.2 until the other issue I reported is resolved.

@nfgallimore I did try your workaround, however one needs to filter out certain broadcasts for this to work. For example, when using acquireTokenPopup and then the user closes the popup, the msal:acquireTokenFailure event is fired with an errorCode of user_cancelled. In that case we do not want to redirect. I still need to dig into exactly what type of error needs to be caught to handle only the "undefined" URL error case.

Ivan-L picture Ivan-L on 3 Mar 2020
👍1

We have determined this is a bug in login.microsoftonline.com, not the library itself. The service team is triaging now.

jasonnutter picture jasonnutter on 16 Mar 2020
🎉2

it looks like a blocker, any ETA when it might be solved

kemins picture kemins on 16 Mar 2020

@kemins Not at this time, unfortunately. I'll follow up when I know more.

jasonnutter picture jasonnutter on 16 Mar 2020

In our case, we found that blocking 3rd party was the cause of the issue. After enabling 3rd party cookies, everything behaved as expected.

Not sure why that results in the bad authorize url.

developerWolf picture developerWolf on 25 Mar 2020

@developerWolf Good to know. Third-party cookies are required regardless, as the library relies on them when acquiring tokens.

jasonnutter picture jasonnutter on 26 Mar 2020
👍1

I believe this has been fixed, please let us know if not.

Closing.

jasonnutter picture jasonnutter on 30 Apr 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jfbloom22 picture jfbloom22  路  3Comments
Anees-Raja picture Anees-Raja  路  3Comments
ArneMancofi picture ArneMancofi  路  3Comments
adriannasui picture adriannasui  路  3Comments
ninio picture ninio  路  3Comments