search

AzureAD / microsoft-authentication-library-for-js

Microsoft Authentication Library (MSAL) for JS
http://aka.ms/aadv2
MIT License
3.61k stars 2.64k forks source link

Cannot resolve endpoints when used in combinaison with mailgun-js #5114

Closed Mrtblg closed 2 years ago

Mrtblg commented 2 years ago

Core Library

MSAL Node (@azure/msal-node)

Core Library Version

1.12.1

Wrapper Library

Not Applicable

Wrapper Library Version

None

Public or Confidential Client?

Confidential

Description

When importing "mailgun-js": "^0.22.0" (latest) the msal library will fail oAuth with an error message

The bug is very easy to reproduce, juste create a running application with the following package.json

"dependencies": {
    "@azure/msal-node": "^1.12.1",
    "express": "^4.17.2",
    "mailgun-js": "^0.22.0"
  }

Then in your running and working application just add const mailGun = require("mailgun-js"); try to oAuth and you will get an error. Comment the line const mailGun = require("mailgun-js"); and oAuth works again.

Somehow importing mailgun-js messes up msal-node

Error Message

{"errorCode":"endpoints_resolution_error","errorMessage":"Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://undefined/common/v2.0/.well-known/openid-configuration","subError":"","name":"ClientAuthError"}

Msal Logs

[Thu, 18 Aug 2022 17:35:48 GMT] : @azure/msal-node@1.12.1 : Info - getAuthCodeUrl called [Thu, 18 Aug 2022 17:35:48 GMT] : @azure/msal-node@1.12.1 : Verbose - initializeRequestScopes called [Thu, 18 Aug 2022 17:35:48 GMT] : [c990a71c-7df6-429b-a8a5-7822e83c3893] : @azure/msal-node@1.12.1 : Verbose - buildOauthClientConfiguration called [Thu, 18 Aug 2022 17:35:48 GMT] : [c990a71c-7df6-429b-a8a5-7822e83c3893] : @azure/msal-node@1.12.1 : Verbose - building oauth client configuration with the authority: https://login.microsoftonline.com/common/ [Thu, 18 Aug 2022 17:35:48 GMT] : [c990a71c-7df6-429b-a8a5-7822e83c3893] : @azure/msal-node@1.12.1 : Verbose - createAuthority called {"errorCode":"endpoints_resolution_error","errorMessage":"Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://undefined/common/v2.0/.well-known/openid-configuration","subError":"","name":"ClientAuthError"}

MSAL Configuration

{
  auth: {
    clientId: "...",
    clientSecret: "...",
  },
  system: {
    loggerOptions: {
      loggerCallback(loglevel, message, containsPii) {
        console.log(message);
      },
      piiLoggingEnabled: false,
      logLevel: msal.LogLevel.Verbose,
    },
  },
}

Relevant Code Snippets

The exemple code of the ms-identity-node-main

Reproduction Steps

Intall "mailgun-js": "^0.22.0" import/require it try to oAuth

Expected Behavior

It should be working along with mailgun-js

Identity Provider

Azure AD / MSA

Browsers Affected (Select all that apply)

None (Server)

Regression

No response

Source

External (Customer)

Mrtblg commented 2 years ago

Hello @bgavrilMS @jmprieur @jennyf19 I absolutely need to get this working for the beginning of september to provide SSO to a big client using AzureAD. Can you give me a level of prioritiazation on your end ?

Thank you for your update

bgavrilMS commented 2 years ago

Hi @Mrtblg - this is just a network error, an http call cannot be made. Looking closely to the error, it looks like you might have not configured the authority. See "undefined" there.

image

Mrtblg commented 2 years ago

Hi @bgavrilMS I know it might look like it at first glance.

But in reality the problem is caused some how by the const mailGun = require("mailgun-js");. As I said, as soon as I comment this line (without any other change in the configuration or authority), suddenly the http call is made correctly and everything is working as expected. As soon as I uncomment back the line, the problem is back.

Somehow, there is something in your library that is impacted by the const mailGun = require("mailgun-js"); line and messes things up.

Have you tried to add the package "mailgun-js": "^0.22.0" to the exemple code of the ms-identity-node-main provided by microsoft and add the const mailGun = require("mailgun-js"); line ? I definitely think it is a real bug.

bgavrilMS commented 2 years ago

@derisen - do you have any idea what's happening?

bgavrilMS commented 2 years ago

@Mrtblg - afaik, you can introduce your own network layer, see https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/a43ec23afdc77fcf45d116a939c1e002bcdf5e6f/lib/msal-node/src/config/Configuration.ts#L125 / INetworkClient - maybe this can be used as a workaround.

CC @Robbie-Microsoft

jasonnutter commented 2 years ago

Looks like this could be caused by something in mailgun-js: https://github.com/mailgun/mailgun-js-boland/issues/265#issuecomment-744054957

jasonnutter commented 2 years ago

More detail: https://github.com/MONEI/Shopify-api-node/issues/406#issuecomment-678069541

It looks like nodemailer does not have this issue, so please try switching to it (also note that mailgun-js is deprecated and unlikely to be updated).

Mrtblg commented 2 years ago

@jasonnutter thank you for the investigation. mailgun-js is deprecated indeed and does mess-up https requests.

I migrated to mailgun.js which is the new official library and it all seams to work as expected 👍

Thank you for your help !