[Bug] Azure changes redirect_uri from http to https causing TcpInterceptor to fail in parsing the response
See original GitHub issueWhich Version of MSAL are you using ? 4.1
Platform netcore
What authentication flow has the issue?
- Desktop / Mobile
- Interactive
- Integrated Windows Auth
- Username Password
- Device code flow (browserless)
- Web App
- Authorization code
- OBO
- Web API
- OBO
Other? - please describe;
Is this a new or existing app? New app
Repro
var clientId = "<CLIENT-ID>";
var authority = "https://login.windows.net/<TENANT-ID>";
var scopes = new[] { "https://vault.azure.net/.default" };
IPublicClientApplication app = PublicClientApplicationBuilder.Create(clientId)
.WithAuthority(new Uri(authority), true)
.WithRedirectUri("http://localhost:4001")
.Build();
var result = app.AcquireTokenInteractive(scopes).ExecuteAsync().GetAwaiter().GetResult();
Expected behavior A token should be received
Actual behavior An exception is triggered Microsoft.Identity.Client.MsalClientException: ‘Could not extract the query from the authorization response - check Pii enabled logs for details’
Possible Solution After debugging this a bit, it turns out that while MSAL is sending the correct request to Azure (redirect_uri=http://localhost:4001), Azure then redirects to httpS://localhost:4001, which causes the TcpInterceptor to fail because it receives an ssl handshake request instead of a http request.
This might be a bug on the Azure side (why is it changing http to https?), but since this is the library which is exposing the bug I’m reporting it here.
Issue Analytics
- State:
- Created 4 years ago
- Comments:12 (7 by maintainers)
Top GitHub Comments
Thanks for following up!
@bgavrilMS : do you think we should document this behavior?