search

AzureAD / microsoft-authentication-library-for-js

Microsoft Authentication Library (MSAL) for JS
http://aka.ms/aadv2
MIT License
3.58k stars 2.63k forks source link

"endpoints_resolution_error: Endpoints cannot be resolved" when calling an Azure Function in local development environment only #6684

Closed oshihirii closed 8 months ago

oshihirii commented 9 months ago

Core Library

MSAL Node (@azure/msal-node)

Core Library Version

^2.5.1

Wrapper Library

Not Applicable

Wrapper Library Version

None

Public or Confidential Client?

Confidential

Description

Azure Functions, Node.js, v4 programming model.

Calling a local function endpoint in Postman returns this error:

"endpoints_resolution_error: Endpoints cannot be resolved"

Calling the live function endpoint in Postman works as expected with no errors.

I documented this issue in a comment on a closed issue here:

https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/4879#issuecomment-1801475778

I decided to create a new issue here because I don't think anyone will be looking at a closed issue.

I thought I found a solution yesterday, just requesting a token from my local computer to my tenant via Postman, even though I didn't use it afterwards, seems to have enabled my function code to request a token successfully.

However, 24 hours later, without any changes to the code, I am getting the same error and trying the solution that worked yesterday, ie getting an unrelated token in an unrelated call, is not resolving the issue today.

The function SUCCESSFULLY returns a result IF I comment out the code that requests a token.

As soon as I introduce the code that requests a token, I get the error.

package.json:

{
  "name": "",
  "version": "1.0.0",
  "description": "",
  "main": "src/functions/*.js",
  "scripts": {
    "start": "func start",
    "test": "echo \"No tests yet...\""
  },
  "dependencies": {
    "@azure/functions": "^4.0.0-alpha.1",
    "@azure/msal-node": "^2.5.1",
    "axios": "^1.6.0",
    "pino": "^8.16.1"
  },
  "devDependencies": {
    "azure-functions-core-tools": "^4.x"
  }
}

Error Message

endpoints_resolution_error: Endpoints cannot be resolved

Msal Logs

No response

MSAL Configuration

const msal_config = {
                auth: {
                    clientId: azure_ad_app_registration_client_id,
                    authority: `https://login.microsoftonline.com/${azure_ad_app_registration_tenant_id}`,
                    clientSecret: azure_ad_app_registration_client_secret,
                }
            };

Relevant Code Snippets

const msal = require('@azure/msal-node');  
const axios = require('axios');

const msal_config = {
    auth: {
        clientId: process.env["azure_ad_app_registration_client_id"],
        authority: `https://login.microsoftonline.com/${process.env["azure_ad_app_registration_tenant_id"]}`,
        clientSecret: process.env["azure_ad_app_registration_client_secret"],
    }
};

const cca = new msal.ConfidentialClientApplication(msal_config);

const clientCredentialRequest = {
    scopes: ["https://graph.microsoft.com/.default"],
};
const response = await cca.acquireTokenByClientCredential(clientCredentialRequest);

const token = response.accessToken;

return { jsonBody: {"some_key": "some value"} }

Reproduction Steps

Call the live function endpoint in Postman. Don't get the error. Call the local function endpoint in Postman. Get the error.

Expected Behavior

That I don't get an error.

Identity Provider

Azure AD / MSA

Browsers Affected (Select all that apply)

None (Server)

Regression

No response

Source

External (Customer)

oshihirii commented 9 months ago

On a whim, I tried connecting to a VPN, and the issue went away.

func start starts A LOT quicker, and I can call the local function endpoint with no errors.

I use Starlink, can anyone explain why using Starlink would prevent me from being able to get a token in a local development environment using msal-node?

tnorling commented 8 months ago

Closing as this is not related to MSAL itself nor can we comment on Starlink compatibility.