Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
How to use msal in VSCode for web extension?
See original GitHub issueCore Library
MSAL Node (@azure/msal-node)
Core Library Version
1.14.4
Wrapper Library
Not Applicable
Wrapper Library Version
None
Public or Confidential Client?
Public
Description
I’m now trying to migrate a VSCode extension to a VSCode for web extension which needs to get AAD token. And the login feature in VSCode extension runs well.
Cause the VSCode for web extension is run on web browser, so I first choose msal-browser, it doesn’t work.
Then I choose msal-node package, but when I call getAuthCodeUrl, it shows I have untrusted_authority. That’s weird because in VSCode extension we use the same API and it worked! Or it has a network problem in commiuncate with VSCode for web extension?
ERR [Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Info - getAuthCodeUrl called
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:609
[Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Info - getAuthCodeUrl called
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:87
ERR [Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Verbose - initializeRequestScopes called
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:609
[Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Verbose - initializeRequestScopes called
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:87
ERR [Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : [a903a039-b998-487e-a9fa-e0dcf64df253] : @azure/msal-node@1.14.4 : Verbose - buildOauthClientConfiguration called
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:609
[Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : [a903a039-b998-487e-a9fa-e0dcf64df253] : @azure/msal-node@1.14.4 : Verbose - buildOauthClientConfiguration called
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:87
ERR [Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : [a903a039-b998-487e-a9fa-e0dcf64df253] : @azure/msal-node@1.14.4 : Verbose - building oauth client configuration with the authority: https://login.windows-ppe.net/common/
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:609
[Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : [a903a039-b998-487e-a9fa-e0dcf64df253] : @azure/msal-node@1.14.4 : Verbose - building oauth client configuration with the authority: https://login.windows-ppe.net/common/
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:87
ERR [Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : [a903a039-b998-487e-a9fa-e0dcf64df253] : @azure/msal-node@1.14.4 : Verbose - createAuthority called
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:609
[Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : [a903a039-b998-487e-a9fa-e0dcf64df253] : @azure/msal-node@1.14.4 : Verbose - createAuthority called
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:87
ERR [Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Verbose - Attempting to get cloud discovery metadata in the config
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:609
[Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Verbose - Attempting to get cloud discovery metadata in the config
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:87
ERR [Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Verbose - Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the cache.
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:609
[Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Verbose - Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the cache.
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:87
ERR [Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Verbose - Did not find cloud discovery metadata in the cache... Attempting to get cloud discovery metadata from the network.
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:609
[Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Verbose - Did not find cloud discovery metadata in the cache... Attempting to get cloud discovery metadata from the network.
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:87
ERR [Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Verbose - Did not find cloud discovery metadata from the network... Attempting to get cloud discovery metadata from hardcoded values.
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:609
[Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Verbose - Did not find cloud discovery metadata from the network... Attempting to get cloud discovery metadata from hardcoded values.
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:87
ERR [Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Verbose - Did not find cloud discovery metadata from hardcoded values... Metadata could not be obtained from config, cache, network or hardcoded value. Throwing Untrusted Authority Error.
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:609
[Extension Host] [Fri, 02 Dec 2022 08:24:40 GMT] : @azure/msal-node@1.14.4 : Verbose - Did not find cloud discovery metadata from hardcoded values... Metadata could not be obtained from config, cache, network or hardcoded value. Throwing Untrusted Authority Error.
vscode-appc:/Users/longcheng/AppData/Local/Programs/Microsoft%20VS%20Code/resources/app/out/vs/workbench/workbench.desktop.main.js:87
[Extension Host] {"errorCode":"endpoints_resolution_error","errorMessage":"Error: could not resolve endpoints. Please check network and try again. Detail: ClientConfigurationError: untrusted_authority: The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.","subError":"","name":"ClientAuthError"}
FYI, the error log is on above.
Do you have any experience on how to use MSAL in VSCode for web extension? Which package should I use?
MSAL Configuration
const MSAL_CONFIG: Configuration = {
auth: {
clientId: '448e8446-7f2d-4c49-927e-e8a6cc9dcac2',
authority: 'https://login.windows-ppe.net/common/'
},
system: {
loggerOptions: {
loggerCallback(loglevel: LogLevel, message: string, containsPii: boolean) {
console.error(message);
},
piiLoggingEnabled: false,
logLevel: LogLevel.Verbose
}
}
};
Relevant Code Snippets
const authCodeUrlParameters = {
scopes: ['https://analysis.windows-int.net/powerbi/api/user_impersonation'],
redirectUri: `http://localhost:3000`
};
this.publicClientApp
.getAuthCodeUrl(authCodeUrlParameters)
.then((response) => {
console.log(response);
})
.catch((error) => console.log(JSON.stringify(error)));
Identity Provider
None
Source
Internal (Microsoft)
Issue Analytics
- State:
- Created 10 months ago
- Comments:12 (6 by maintainers)
Top Results From Across the Web
msal - Authentication in VSCODE extension development
I am developing VSCODE extension where I have scenario to authenticate the user to an AAD application. I tried using 'msal' library but...
Read more >Register and configure a SPA application for Dataverse using ...
Describes the process of registering and configuring the simplest Single-Page Application (SPA) to access data in Microsoft Dataverse using ...
Read more >Web Extensions - Visual Studio Code
Use the @vscode/test-web node module to open a browser containing VS Code for the Web including your extension, served from a local server....
Read more >Microsoft Authentication Library for JavaScript (MSAL.js)
The Microsoft Authentication Library for JavaScript enables both client-side and server-side JavaScript applications to authenticate users using Azure AD for ...
Read more >Get Started on VS Code - Uno Platform
Use dotnet --version from the terminal to get the version installed. The Uno Platform Visual Studio Code Extension; For Windows, install the GTK+...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@realDuang the auth code is always visible in the browser URL bar, it’s taken into account by the protocol design. There are mechanisms such as PKCE that help make this secure, since the code_verifier and code_challenge need to match for the auth code to be accepted and traded for a token. Even if an attacker extracts the auth code, if PKCE is used it should be relatively safe.
@hectormmg Great solution! It works when I change the network client as customized fetch client! Thanks for your advice!