Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Endpoints_resolution_error when using ROPC flow in msal-node (B2C)
See original GitHub issueCore Library
MSAL Node (@azure/msal-node)
Core Library Version
1.3.1
Wrapper Library
Not Applicable
Wrapper Library Version
None
Description
I’m trying to acquire a token from our Azure AD B2C authority via the ROPC flow (using acquireTokenByUsernamePassword) but always get an endpoints_resolution_error. I played around with the authority url quite a bit but couldn’t get it to work, although the .well-known url in the error description is returning the meta data properly.
Note: Retrieving the token using the same endpoint is working fine via manual get request as described here.
Error Message
ClientAuthError: endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://<tenant>.b2clogin.com/<tenant>/b2c_1_ropc_auth/v2.0/.well-known/openid-configuration
at ClientAuthError.AuthError [as constructor] (...@azure/msal-common/dist/index.cjs.js:477:24)
at new ClientAuthError (...@azure/msal-common/dist/index.cjs.js:754:28)
at Function.ClientAuthError.createEndpointDiscoveryIncompleteError (...@azure/msal-common/dist/index.cjs.js:791:16)
at Function.<anonymous> (...@azure/msal-common/dist/index.cjs.js:6921:47)
at step (...@azure/msal-common/dist/index.cjs.js:79:23)
at Object.throw (...@azure/msal-common/dist/index.cjs.js:60:53)
at rejected (...@azure/msal-common/dist/index.cjs.js:51:65)
at processTicksAndRejections (internal/process/task_queues.js:97:5) {
errorCode: 'endpoints_resolution_error',
errorMessage: 'Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://<tenant>.b2clogin.com/<tenant>.onmicrosoft.com/b2c_1_ropc_auth/v2.0/.well-known/openid-configuration',
subError: '',
correlationId: ‘<correlationId>’
(Obfuscated the tenant name)
Msal Logs
No response
MSAL Configuration
{
auth: {
clientId: "<appId>",
authority: "https://<tenant>.b2clogin.com/<tenant>.onmicrosoft.com/B2C_1_ROPC_Auth",
redirectUri: "http://localhost:3001",
knownAuthorities: ["<tenant>.b2clogin.com"],
validateAuthority: false,
postLogoutRedirectUri: "/"
},
cache: {
cachePlugin
},
}
Relevant Code Snippets
const pca = new msal.PublicClientApplication(msalConfig);
let scope = "openid https://<tenant>.onmicrosoft.com/<appid>/access_as_user offline_access";
let user = "<user>";
let pass = "<pass>";
const usernamePasswordRequest = {
scopes: [scope],
username: user,
password: pass,
};
let authResult;
try {
authResult = await pca.acquireTokenByUsernamePassword(usernamePasswordRequest);
} catch (error) {
console.log(error);
}
Reproduction Steps
- Create a
PlublicClientApplicationusing the specified config - Build a request
- call
acquireTokenByUsernamePassword
Expected Behavior
A authorization Token is received within the authentication result succesfully.
Identity Provider
Azure B2C Basic Policy
Browsers Affected (Select all that apply)
None (Server)
Regression
No response
Source
External (Customer)
Issue Analytics
- State:
- Created 2 years ago
- Comments:9 (4 by maintainers)
Top Results From Across the Web
Loging into microsoft account using ROPC flow without any ...
We are writing a script that on executed uses the ROPC flow to authenticate user login into Microsoft account without any UI, by...
Read more >Loging into microsoft account using ROPC flow without any ...
The error Endpoints_resolution_error usually occurs if the endpoint/URL you are calling is not valid. Make sure to copy the Endpoint for ...
Read more >@azure/msal-node - npm
Start using @azure/msal-node in your project by running `npm i ... using OAuth 2.0 resource owner password credentials (ROPC) flow to ...
Read more >Resource Owner Password Credentials grant flow in Azure AD
What is the OAuth ROPC flow, why it exists, and why you should not use it for most cases.
Read more >Don't use the OAuth password grant type - ScottBrady91
The ROPC flow only uses the token endpoint with a grant_type of password, swapping end-user credentials for tokens in a single HTTP request:...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@birneamstiel This error is thrown as a result of the GET request to
https://<tenant>.b2clogin.com/<tenant>.onmicrosoft.com/b2c_1_ropc_auth/v2.0/.well-known/openid-configurationfailing. Is it possible your fiddler configuration is filtering out the relevant requests?Alternatively, you can also provide me with a link to a small sample repo that reproduces this issue.
@birneamstiel This will be addressed in teh linked PR, and should be included in the next release.