search

AzureAD / passport-azure-ad

The code for Passport Azure AD has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/maintenance/passport-azure-ad
Other
422 stars 176 forks source link

AzureAD: Bearer Strategy | authentication failed due to: In Strategy.prototype.jwtVerify: We did not receive a token we know how to validate #539

Closed Andrew1431 closed 3 years ago

Andrew1431 commented 3 years ago

At 2:00 PM today, all of our Azure AD users were locked out of our application.

Every request is getting 401 Unauthorized.

This is happening in Local dev, as well as our Production / Staging / Every environment, none of which have been touched or changed in the last few days (Except for local dev of course!).

api_1    | {"name":"AzureAD: Bearer Strategy","hostname":"aa244bad7081","pid":121,"level":30,"msg":"We are replacing 'common' with the provided tenantIdOrName","time":"2021-03-15T19:15:24.467Z","v":0}
api_1    | {"name":"AzureAD: Metadata Parser","hostname":"aa244bad7081","pid":121,"level":30,"msg":"Parsing JSON retreived from the endpoint","time":"2021-03-15T19:15:24.619Z","v":0}
api_1    | {"name":"AzureAD: Metadata Parser","hostname":"aa244bad7081","pid":121,"level":30,"msg":"Request to update the Open ID Connect Metadata","time":"2021-03-15T19:15:24.620Z","v":0}
api_1    | {"name":"AzureAD: Bearer Strategy","hostname":"aa244bad7081","pid":121,"level":30,"msg":"In Strategy.prototype.authenticate: received metadata","time":"2021-03-15T19:15:24.745Z","v":0}
api_1    | {"name":"AzureAD: Bearer Strategy","hostname":"aa244bad7081","pid":121,"level":30,"msg":"In Strategy.prototype.authenticate: we will validate the options","time":"2021-03-15T19:15:24.745Z","v":0}
api_1    | {"name":"AzureAD: Bearer Strategy","hostname":"aa244bad7081","pid":121,"level":30,"msg":"In Strategy.prototype.authenticate: access_token is received from request header","time":"2021-03-15T19:15:24.745Z","v":0}
api_1    | {"name":"AzureAD: Bearer Strategy","hostname":"aa244bad7081","pid":121,"level":30,"msg":"In Strategy.prototype.jwtVerify: token is decoded","time":"2021-03-15T19:15:24.747Z","v":0}
api_1    | {"name":"AzureAD: Metadata Parser","hostname":"aa244bad7081","pid":121,"level":30,"msg":"working on key","time":"2021-03-15T19:15:24.747Z","v":0}
api_1    | {"name":"AzureAD: Metadata Parser","hostname":"aa244bad7081","pid":121,"level":30,"msg":"working on key","time":"2021-03-15T19:15:24.747Z","v":0}
api_1    | {"name":"AzureAD: Bearer Strategy","hostname":"aa244bad7081","pid":121,"level":30,"msg":"authentication failed due to: In Strategy.prototype.jwtVerify: We did not receive a token we know how to validate","time":"2021-03-15T19:15:24.748Z","v":0}
BearerStrategy(
  {
    identityMetadata: 'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration',
    clientID: AZURE_CLIENT_ID,
    validateIssuer: true,
    // isB2C: ?,
    // policyName: ?,
    // allowMultiAudiencesInToken: ?,
    // audience: ?,
    loggingLevel: 'info',
    // clockSkew: ?,
    // scope: ?,
  },
  ...

    "passport-azure-ad": "^4.3.0",
Andrew1431 commented 3 years ago

It looks like this might just be an issue with Azure actually... getting errors in our Azure Portal as well, and got a notification from Microsoft saying their auth servers are down . . .

Andrew1431 commented 3 years ago

https://status.azure.com/en-ca/status Portal Login Issues update at 3:27 PM :P

sameerag commented 3 years ago

@Andrew1431 Hope this issue is resolved now. Closing this as there is no activity needed from the library.

We are also working on a new version of the passport library and moving all the issues that are relevant to our Msal JS mono-repo here, please raise an issue here for any future use cases. We are still in the design phase but please watch the roadmap for more information.