Open PhilipsonJoseph opened 3 months ago
bgavrilMS
commented
3 months ago @PhilipsonJoseph - can you please try to use https://login.partner.microsoftonline.cn/TENANT_ID as authority?
@Robbie-Microsoft - the error message doesn't seem to provide enough details.
PhilipsonJoseph
commented
2 months ago @bgavrilMS We will try your suggestion. But we also observe the same error is happening when the agents are running behind proxy
PhilipsonJoseph
commented
2 months ago @bgavrilMS Sorry for the confusion Issue is not with the China Cloud when a cx uses a proxy we could observe this error, We are setting up INetworkModule incase if a customer uses proxy
Robbie-Microsoft
commented
2 months ago @PhilipsonJoseph Sorry to hear you're having problem when proxy is used. I agree that the best course of action is to write a custom INetworkModule. You can see our sample here for custom INetworkModule here.
PhilipsonJoseph
commented
2 months ago @Robbie-Microsoft @bgavrilMS We already using the custom INetworkModule. but the error occurs after updating from1.. to 2..
Robbie-Microsoft
commented
2 months ago Can you post your custom INetworkModule here?
PhilipsonJoseph
commented
2 months ago @Robbie-Microsoft this is how we implemented custom network module. FYI it used to work fine with older version on MSAL
Robbie-Microsoft
commented
2 months ago Where is fetch defined? Is that NodeJs's native fetch? Or is it from a 3rd party library?
PhilipsonJoseph
commented
2 months ago @Robbie-Microsoft We are using node-fetch https://www.npmjs.com/package/node-fetch
chathurasachithra
commented
2 months ago auth: {
clientId: ******,
authority: https://login.chinacloudapi.cn/
},
system: {
loggerOptions: {
loggerCallback(loglevel, message, containsPii) {
loglevel == LogLevel.Error ? tl.error(message) : tl.debug(message);
},
piiLoggingEnabled: false,
logLevel: LogLevel.Info,
},
proxyUrl: <your proxy>,
networkClient: proxyNetworkClient
}Try this
Core Library
MSAL Node (@azure/msal-node)
Core Library Version
2.9.2
Wrapper Library
Not Applicable
Wrapper Library Version
None
Public or Confidential Client?
Confidential
Description
few of China cloud customers have reported issues where in they are getting error in our azure pipeline task "_Error: Could not fetch access token for Azure. Status code: endpoints_resolution_error, status message: Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_configerror: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://login.partner.microsoftonline.cn/1338e9e4-3189-42f4-9a96-b67c3549f5c5/v2.0/.well-known/openid-configuration"
We are consuming MSAL_node(2.9.2) package through our azure pipeline tasks. Earlier we using MSAL_Node(1.14.5) with Node 16 and we seeing this error after upgrading to MSAL_Node(2.9.2) with Node 20
Error Message
_Error: Could not fetch access token for Azure. Status code: endpoints_resolution_error, status message: Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_configerror: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://login.partner.microsoftonline.cn/1338e9e4-3189-42f4-9a96-b67c3549f5c5/v2.0/.well-known/openid-configuration
MSAL Logs
No response
Network Trace (Preferrably Fiddler)
MSAL Configuration
Relevant Code Snippets
Reproduction Steps
Expected Behavior
Task is able to fetch the token without no issues
Identity Provider
Entra ID (formerly Azure AD) / MSA
Browsers Affected (Select all that apply)
Chrome, Firefox, Edge, None (Server)
Regression
@azure/msal_node@1.14.5 with node 16
Source
Internal (Microsoft)