Skip to content

Update AuthProvider.js #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Update AuthProvider.js #6

wants to merge 1 commit into from

Conversation

@odee-m
Copy link

@odee-m odee-m commented Jun 18, 2021

If user has multi factor authentication enabled, we need to ignore the redirect which does not have the Authorisation Code

Purpose

Consumers of the AuthProvider class get error "ClientAuthError: request_cannot_be_made: Token request cannot be made without authorization code or refresh token." if the user has multi factor authentication enabled

Does this introduce a breaking change?

[ ] Yes [X] No

Pull Request Type

What kind of change does this Pull Request introduce?

[X] Bugfix [ ] Feature [ ] Code style update (formatting, local variables) [ ] Refactoring (no functional changes, no api changes) [ ] Documentation content changes [ ] Other... Please describe:

How to Test

  • Get the code
git clone [repo-address] cd [repo-name] git checkout [branch-name] npm install
  • Test the code

What to Check

Verify that the following are valid

  • ...

Other Information
@odee-m
Update AuthProvider.js
7f64c10 
If user has multi factor authentication enabled, we need to ignore the redirect which does not have the Authorisation Code
@derisen derisen self-requested a review June 19, 2021 15:42
@derisen
Copy link
Contributor

derisen commented Jun 19, 2021
edited
Loading

@odee-m can you please share reproduction steps for this issue? How did you enable multi-factor authentication? Are you using a conditional access policy?

MSAL Node should be able to handle mfa prompts by itself, and I did not run into this when I enabled mfa for my test users, so repro steps would be really helpful.
@odee-m
Copy link
Author

odee-m commented Jun 22, 2021

@derisen I am using a work account which uses Azure AD for identity management. I do not know which policies are used or how it is set up. It's set up as a mandatory for all users. Sorry I cannot provide more info on this.

For reproduction, just getting the source from
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-nodejs-desktop

Then following the steps produces this error with my account.

Once I enter username and password, I get redirected to URL similar to below (this calls my Microsoft Authenticator app for me to approve the login)

https://device.login.microsoftonline.com/?request=rQIIAeNiNd.....

It's at this point that the code fails as it is only expecting one redirect which will have the authentication code.

Once I have approved the login, I get redirected again to URL similar to below, which has the Authentication Code

msal://redirect/?code=0.AUEA....

If you are unable to reproduce this bug with Multi Factor enabled on your account, I am happy to withdraw the merge request or for you to reject it.

Thanks
@derisen
Copy link
Contributor

derisen commented Jun 23, 2021

@odee-m thanks a lot for explanation. Let me give it a try to reproduce this and get back to you.
@derisen
Copy link
Contributor

derisen commented Jul 2, 2021

@odee-m I wasn't able to reproduce this after much try. So I'd like to close this PR for now, and wait to see if there'll be another user running into this, in which case we can re-open and merge. Thanks a lot for your time!
@derisen derisen closed this Jul 2, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@odee-m @derisen