Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
endpoints_resolution_error on ROPC flow in msal-node (B2C)
See original GitHub issueCore Library
MSAL Node (@azure/msal-node)
Core Library Version
1.14.0
Wrapper Library
Not Applicable
Wrapper Library Version
None
Public or Confidential Client?
Public
Description
I recently ran into the exact same issue encountered here: https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/4099
My understanding is that ROPC flows for AAD B2C tenants should now work on msal-common@>5.1.0, but I am currently encountering this same issue on msal-node@1.14.0.
I was able to get this flow working with no code changes by manually downgrading to msal-node@1.9.0, but this workaround will require me to also downgrade my copy of msal-react to one with a matching msal-common dependency, which is less than ideal.
Error Message
endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again.
Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints.
Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.
Attempted to retrieve endpoints from: https://xxx.b2clogin.com/xxx.onmicrosoft.com/b2c_1_xxx/v2.0/.well-known/openid-configuration
Msal Logs
No request made to MSAL
MSAL Configuration
{
auth: {
clientId: "xxx",
knownAuthorities: ["https://xxx.b2clogin.com"],
navigateToLoginRequestUrl: false,
postLogoutRedirectUri: process.env.NEXT_PUBLIC_REDIRECT_URI,
redirectUri: "/callback",
},
cache: {
cacheLocation: BrowserCacheLocation.LocalStorage,
storeAuthStateInCookie: false,
},
system: {
loggerOptions: {
loggerCallback: (level: any, message: any, containsPii: any) => {
if (containsPii) {
return;
}
switch (level) {
case LogLevel.Error:
console.error(message);
return;
case LogLevel.Warning:
console.warn(message);
return;
}
},
},
},
}
Relevant Code Snippets
import * as msal from "@azure/msal-node";
const authority =
"https://xxx.b2clogin.com/xxx.onmicrosoft.com/B2C_1_xxx";
const clientId = "xxx";
const username = "xxx";
const password = "xxx";
const environment = "xxx.b2clogin.com";
export function login() {
const pca = new msal.PublicClientApplication({
auth: {
authority,
clientId,
knownAuthorities: [environment],
},
});
pca
.acquireTokenByUsernamePassword({
password,
scopes: [
`https://xxx.onmicrosoft.com/${clientId}/user_impersonation`,
"openid",
"profile",
"offline_access",
],
username,
})
.then(() => {
const cache = pca.getTokenCache().getKVStore();
Object.keys(cache).map((k) => {
localStorage.setItem(k, JSON.stringify(cache[k]));
});
});
}
Reproduction Steps
Run code snippet above, replacing placeholders with B2C tenant, local user account info, etc. as required by ROPC setup
Expected Behavior
Token should be acquired successfully as it did in previous versions of msal-node
Identity Provider
Azure B2C Basic Policy
Browsers Affected (Select all that apply)
None (Server)
Regression
Source
External (Customer)
Issue Analytics
- State:
- Created a year ago
- Comments:13 (8 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Huh, not sure what I did but I’m actually getting the underlying error now! It was a simple user/pw mismatch issue, which I’ve been able to resolve since. I’ll open this ticket if this issue returns. Thanks for all your help!
@pondchamp there is currently an issue with the msal-node HttpClient that is obfuscating server errors that we are working on fixing. We’re hoping that when that fix rolls out it will become clear where the endpoint_resolution errors are coming from. Thanks for your patience, you can track the HttpClient fix here: #5175