Missing error and error_description when acquiring the token interactively

[deBFM]

I am using the InteractiveRequestParameters to acquiring the token Interactively, which is working properly when there are no problems.

But when there are problems, like the authorization code isn´t provided to the redirect url, then the only message from the browser is:

Authentication failed. You can return to the application. Feel free to close this browser tab.

Error details: error {0} error_description: {1}

I captured the request, and the error and error_description are present - so the MSAL gets this information, but did´t return it in their response to the browser.

This is the captured request (I truncated it a bit)

POST http://localhost:12345/ HTTP/1.1
Content-Type: application/x-www-form-urlencoded

error=invalid_request&error_description=AADB2C90146%3A+The+scope+%27openid+profile+offline_access...

My Questions:

• Is this a bug or do I miss something.
• How can I get the error and error_description programmatically? I already activated DEBUG Level logging but I only get: "Exception in thread "main" java.util.concurrent.CompletionException: com.microsoft.aad.msal4j.MsalClientException: No Authorization code was returned from the server" instead of the real reason, which is statet in 'error_description'

Thank you in advance :)

[Avery-Dunn]

Hello @deBFM : That error message with Authentication failed. You can return to... is just a default error message that our library originally only provided if there was no error message in the HTML response, but it looks like a couple years ago it was changed to also be the default if systemBrowserOptions is null.

I'm still looking into why it was changed to check systemBrowserOptions, but it does seem like it's either a bug/deficiency in that logging or there's something else that should be providing a better error message but isn't. Either way it definitely seems like something that needs a fix, and will be in our next release. I don't have an ETA now, but I'll update this thread once we have more info.

[probert94]

I am currently working with MSAL4J to replace basic authentication in an application and noticed that the error and the description are missing. The default message looks like it it expects the error and the error_description to be passed into MessageFormat.format. It seems like the information is there but it is not passed into the error message (see AuthorizationResponseHandler#L75). I am now creating a custom error page and in future I would like to be able to display the error there. Ideally, I would like to pass a Function which gets the result and returns the html string, so I can use custom translations for the error messages.

[bgavrilMS]

The expected behavior is for MSAL to throw a service exception here, and for the error and error_description to be encapsulated in that exception. The error message displayed in the browser should also be included in the exception message.

Let's treat this as a bug, as it blocks an important scenario.

[crimsonvspurple]

can this be fixed? i made an error and it took a lot of effort to just to realize where this issue is coming from because the error message doesn't say anything. i had to debug inside msal to figure this out