search

AzureAD / microsoft-authentication-library-for-js

Microsoft Authentication Library (MSAL) for JS
http://aka.ms/aadv2
MIT License
3.63k stars 2.64k forks source link

CORS issue with acquireTokenPopup #7090

Closed vddgil closed 4 months ago

vddgil commented 4 months ago

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.14.0

Wrapper Library

Not Applicable

Wrapper Library Version

0.0.0

Public or Confidential Client?

Public

Description

We have 3 Azure app registrations to handle Microsoft login (one for development, one for staging, and one for production) For 3-4 weeks, we have 100% cors issues in development, 100% in staging, and sometimes in production. We will discuss the development issue here, hopefully, it will fix the staging and prod at the same time).

So, we get the CORS error when calling acquireTokenPopup from https://login.microsoftonline.com/common/oauth2/v2.0/token endpoint. We configured a while ago the spa Redirect URIs in Azure portal (like I said it was working before).

I sent the HAR file.

Thanks a lot for your help !

Error Message

Access to fetch at 'https://login.microsoftonline.com/common/oauth2/v2.0/token' from origin 'https://localhost:3001' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

MSAL Logs

Navigated to https://localhost:3001/login microsoft.ts:31 [Fri, 10 May 2024 08:21:19 GMT] : [] : @azure/msal-browser@3.14.0 : Verbose - BrowserCrypto: modern crypto interface available microsoft.ts:39 [Fri, 10 May 2024 08:21:19 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - initialize called microsoft.ts:27 [Fri, 10 May 2024 08:21:19 GMT] : [] : @azure/msal-browser@3.14.0 : Info - Emitting event: msal:initializeStart microsoft.ts:31 [Fri, 10 May 2024 08:21:19 GMT] : [] : @azure/msal-browser@3.14.0 : Verbose - Claims-based caching is disabled. Clearing the previous cache with claims microsoft.ts:39 [Fri, 10 May 2024 08:21:19 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - Executing function clearTokensAndKeysWithClaims microsoft.ts:39 [Fri, 10 May 2024 08:21:19 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - BrowserCacheManager.getTokenKeys called microsoft.ts:31 [Fri, 10 May 2024 08:21:19 GMT] : [] : @azure/msal-browser@3.14.0 : Verbose - BrowserCacheManager.getTokenKeys - No token keys found microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : @azure/msal-browser@3.14.0 : Verbose - acquireTokenPopup called microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - BrowserCacheManager.getTemporaryCache: No cache item found in local storage microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Verbose - getAllAccounts called microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - BrowserCacheManager.getAccountKeys called microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Verbose - BrowserCacheManager.getAccountKeys - No account keys found microsoft.ts:27 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Info - Emitting event: msal:loginStart microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - canUseNative called microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - isNativeAvailable called microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - isNativeAvailable: allowNativeBroker is not enabled, returning false microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - canUseNative: isNativeAvailable returned false, returning false microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - asyncPopup set to false, opening popup before acquiring token microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - Default popup window width used. Window width not configured or invalid. microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - Default popup window height used. Window height not configured or invalid. microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - Default popup window top position used. Window top not configured or invalid. microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - Default popup window left position used. Window left not configured or invalid. microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - acquireTokenPopupAsync called microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - initializeServerTelemetryManager called microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function standardInteractionClientInitializeAuthorizationRequest microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - getRedirectUri called microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function initializeBaseRequest microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - Authentication Scheme wasn't explicitly set in request, defaulting to "Bearer" request microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from initializeBaseRequest microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - BrowserCacheManager.getActiveAccount: No active account filters cache schema found, looking for legacy schema microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - BrowserCacheManager.getActiveAccount: No active account found microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - BrowserCacheManager.getTemporaryCache: No cache item found in local storage microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - BrowserCacheManager.getTemporaryCache: No cache item found in local storage microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from standardInteractionClientInitializeAuthorizationRequest microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function standardInteractionClientInitializeAuthorizationCodeRequest microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function generatePkceCodes microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function generateCodeVerifier microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function getRandomValues microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from getRandomValues microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from generateCodeVerifier microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function generateCodeChallengeFromVerifier microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function sha256Digest microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from sha256Digest microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from generateCodeChallengeFromVerifier microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from generatePkceCodes microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from standardInteractionClientInitializeAuthorizationCodeRequest microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function standardInteractionClientCreateAuthCodeClient microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function standardInteractionClientGetClientConfiguration microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function standardInteractionClientGetDiscoveredAuthority microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function authorityFactoryCreateDiscoveredInstance microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function authorityResolveEndpointsAsync microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function authorityUpdateCloudDiscoveryMetadata microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - Attempting to get cloud discovery metadata from authority configuration microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values. microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - Found cloud discovery metadata from hardcoded values. microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from authorityUpdateCloudDiscoveryMetadata microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function authorityUpdateEndpointMetadata microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - Attempting to get endpoint metadata from authority configuration microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values. microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from authorityUpdateEndpointMetadata microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - BrowserCacheManager.setAuthorityMetadata called microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from authorityResolveEndpointsAsync microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from authorityFactoryCreateDiscoveredInstance microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from standardInteractionClientGetDiscoveredAuthority microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from standardInteractionClientGetClientConfiguration microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from standardInteractionClientCreateAuthCodeClient microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - isNativeAvailable called microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - isNativeAvailable: allowNativeBroker is not enabled, returning false microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : @azure/msal-common@14.10.0 : Trace - Executing function authClientCreateQueryString microsoft.ts:39 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : @azure/msal-common@14.10.0 : Trace - Returning result from authClientCreateQueryString microsoft.ts:27 [Fri, 10 May 2024 08:21:36 GMT] : [] : @azure/msal-browser@3.14.0 : Info - Emitting event: msal:popupOpened microsoft.ts:31 [Fri, 10 May 2024 08:21:36 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - PopupHandler.monitorPopupForHash - polling started microsoft.ts:31 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Verbose - PopupHandler.monitorPopupForHash - popup window is on same origin as caller microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - BrowserCacheManager.getTemporaryCache: Temporary cache item returned microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function deserializeResponse microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Returning result from deserializeResponse microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function handleCodeResponseFromServer microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - InteractionHandler.handleCodeResponseFromServer called microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Executing function authClientAcquireToken microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : @azure/msal-common@14.10.0 : Trace - Executing function authClientExecuteTokenRequest microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : @azure/msal-common@14.10.0 : Trace - Executing function authClientCreateTokenRequestBody microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - BrowserCacheManager.getServerTelemetry: cache hit microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : @azure/msal-common@14.10.0 : Trace - Returning result from authClientCreateTokenRequestBody microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : @azure/msal-common@14.10.0 : Trace - Executing function authorizationCodeClientExecutePostToTokenEndpoint microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - BrowserCacheManager.getThrottlingCache: called, no cache hit login:1 Access to fetch at 'https://login.microsoftonline.com/common/oauth2/v2.0/token' from origin 'https://localhost:3001' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. microsoft.ts:56 

   POST https://login.microsoftonline.com/common/oauth2/v2.0/token net::ERR_FAILED 400 (Bad Request)

fetch @ request-tracker-fetch.js:28 (anonymous) @ bugsnag.js:2980 fetch @ bugsnag.js:2978 sendPostRequestAsync @ FetchClient.mjs:57 sendPostRequest @ NetworkManager.mjs:29 executePostToTokenEndpoint @ BaseClient.mjs:78 (anonymous) @ FunctionWrappers.mjs:77 executeTokenRequest @ AuthorizationCodeClient.mjs:138 await in executeTokenRequest (async) (anonymous) @ FunctionWrappers.mjs:77 acquireToken @ AuthorizationCodeClient.mjs:66 (anonymous) @ FunctionWrappers.mjs:77 handleCodeResponseFromServer @ InteractionHandler.mjs:75 (anonymous) @ FunctionWrappers.mjs:77 handleCodeResponse @ InteractionHandler.mjs:40 acquireTokenPopupAsync @ PopupClient.mjs:148 await in acquireTokenPopupAsync (async) acquireToken @ PopupClient.mjs:44 acquireTokenPopup @ StandardController.mjs:360 acquireTokenPopup @ PublicClientApplication.mjs:66 acquireTokenPopup @ microsoft.ts:56 loginWithMicrosoft @ AuthEngine.ts:306 executeAction @ mobx.esm.js:1221 loginWithMicrosoft @ mobx.esm.js:1209 LoginFormViewModel.loginWithMicrosoft @ LoginFormViewModel.ts:84 executeAction @ mobx.esm.js:1221 LoginFormViewModel@147.loginWithMicrosoft @ mobx.esm.js:1209 callCallback @ react-dom.development.js:3724 trace @ bugsnag.js:2616 invokeGuardedCallbackDev @ react-dom.development.js:3768 invokeGuardedCallback @ react-dom.development.js:3825 invokeGuardedCallbackAndCatchFirstError @ react-dom.development.js:3839 executeDispatch @ react-dom.development.js:7982 processDispatchQueueItemsInOrder @ react-dom.development.js:8008 processDispatchQueue @ react-dom.development.js:8019 dispatchEventsForPlugins @ react-dom.development.js:8028 (anonymous) @ react-dom.development.js:8188 batchedUpdates$1 @ react-dom.development.js:22577 batchedUpdates @ react-dom.development.js:3572 dispatchEventForPluginEventSystem @ react-dom.development.js:8187 dispatchEventWithEnableCapturePhaseSelectiveHydrationWithoutDiscreteEventReplay @ react-dom.development.js:5694 dispatchEvent @ react-dom.development.js:5688 dispatchDiscreteEvent @ react-dom.development.js:5665 trace @ bugsnag.js:2616 Show 39 more frames Show less microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : @azure/msal-common@14.10.0 : Trace - Error occurred in authorizationCodeClientExecutePostToTokenEndpoint microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : @azure/msal-common@14.10.0 : Trace - {"errorCode":"post_request_failed","errorMessage":"Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'","subError":"","name":"BrowserAuthError"} microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : @azure/msal-common@14.10.0 : Trace - Error occurred in authClientExecuteTokenRequest microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : @azure/msal-common@14.10.0 : Trace - {"errorCode":"post_request_failed","errorMessage":"Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'","subError":"","name":"BrowserAuthError"} microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Error occurred in authClientAcquireToken microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - {"errorCode":"post_request_failed","errorMessage":"Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'","subError":"","name":"BrowserAuthError"} microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - Error occurred in handleCodeResponseFromServer microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [018f6197-e993-704d-8928-2bb66d1881a7] : msal.js.browser@3.14.0 : Trace - {"errorCode":"post_request_failed","errorMessage":"Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'","subError":"","name":"BrowserAuthError"} microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - BrowserCacheManager.getServerTelemetry: cache hit microsoft.ts:39 [Fri, 10 May 2024 08:21:38 GMT] : [] : @azure/msal-browser@3.14.0 : Trace - BrowserCacheManager.setServerTelemetry called microsoft.ts:27 [Fri, 10 May 2024 08:21:38 GMT] : [] : @azure/msal-browser@3.14.0 : Info - Emitting event: msal:loginFailure

Network Trace (Preferrably Fiddler)

MSAL Configuration

{
  "auth": {
     "clientId": "3ceb491e-0e53-404a-b8e8-0ee816e98c98",
     "redirectUri": "https://localhost:3001/callback/microsoft"
  }
}

Relevant Code Snippets

export async function acquireTokenPopup(config: Config): Promise<AuthenticationResult> {
  return msalInstance.acquireTokenPopup({ scopes: ['User.Read', 'profile', 'email', 'openid'] })
}

Reproduction Steps

We have the same issue on our staging env, I'll send you the info by email with the har file

Expected Behavior

It should not have CORS error and accept to get the token.

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

Chrome

Regression

No response

Source

External (Customer)

tnorling commented 4 months ago

Do you have any localhost redirectUris registered under any other type, such as Web? If a redirectUri is registered as multiple types the auth server will arbitrarily pick one and you will get CORS errors if it didn't use the SPA type.

vddgil commented 4 months ago

Hello @tnorling , Thanks for your answer. No, I don't have my URLs in another type ... Here is a screenshot of the config page.

screencapture-portal-azure-2024-05-17-08_10_04

konstantin-msft commented 4 months ago

Hey @vddgil. Thanks for sharing the trace file and logs.

I have discovered that https://login.microsoftonline.com/common/oauth2/v2.0/token POST request contains the unexpected content-type content-type: text/plain;charset=UTF-8 by looking at the network trace (line 168). MSAL.js always sets the content type to application/x-www-form-urlencoded;charset=utf-8 in BaseClient and expects this header to remain intact. Otherwise, the auth server throws 400 (bad request).

Is there a chance your app contains a network interceptor, or you are injecting a custom network client that drops/changes headers?

vddgil commented 4 months ago

Hello @konstantin-msft, Thanks a lot for your investigation, it led me in the right direction. It was a network performance library messing up the headers :( I updated the library and everything is working fine now.