MSAL or Auth0 Required for Setup?

[Chunter-me]

Is MSAL or Auth0 required to get started? The isntallMJ.js asks for it during the install but you have nothing detailing in the installation guide about needing it.

[cadam11]

Thanks for the feedback! Right now we do require either MSAL or Auth0 for user authentication– the authenticated user's email ties them back to an MJ-specific User record in SQL that handles authorization. Is there another authentication provider you'd like to use?

RE: installation guide content– as we're just approaching a v1.0 state we're actively working on getting documentation to a good starting point. Will definitely keep in mind that it would be helpful to include some guide on setting up authentication providers. For the most part, it's pretty standard stuff but we can probably simplify/focus it on this use case to avoid having t comb through the details. In the meantime, here are (detailed, but generic) instructions for setting up an App Registration on Azure (MSAL) and on Auth0.

[Chunter-me]

No other provider was hoping that a simply dev would be able to bypass full MSAL setup.

On that note, setup MSAL and still no go. Tried adding the Client and Tenant ID to the config and re-running the install. Tried manually updating the environment files of the Explorer. Keep getting the following in the console log:

logging.js:31 Error Logging In: BrowserAuthError: no_account_error: No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.

logging.js:31 TypeError: Cannot read properties of undefined (reading 'endsWith') at Authority.transformCIAMAuthority (Authority.mjs:791:52) at AuthorityFactory.mjs:26:41 at Generator.next (<anonymous>) at asyncGeneratorStep (asyncToGenerator.js:3:1) at _next (asyncToGenerator.js:22:1) at asyncToGenerator.js:27:1 at new ZoneAwarePromise (zone.js:1425:21) at asyncToGenerator.js:19:1 at _createDiscoveredInstance (AuthorityFactory.mjs:36:2) at createDiscoveredInstance (AuthorityFactory.mjs:24:40)

Tried handful of things with the App Registration (specially the way's I've got handful working for my own side projects) and still getting errors above. What are the specifics for MJ with a MSLA auth because it looks to be different then I've ever setup.

[cadam11]

I've seen those kinds of errors in cases where the environment configuration doesn't match. The Azure setup, the .env in MJAPI, and the environment.ts in MJExplorer all play a role. Planning to add some more descriptive/detailed error messages to make troubleshooting this kind of thing easier.

Here's the configuration for a working App Registration (service principal) with the null value keys removed for brevity.

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#servicePrincipals/$entity",
  "accountEnabled": true,
  "appDisplayName": "<YOUR APP NAME>",
  "appId": "<WEB_CLIENT_ID>",
  "appOwnerOrganizationId": "<TENANT_ID>",
  "appRoleAssignmentRequired": false,
  "appRoles": [],
  "createdDateTime": "2022-12-19T03:10:38Z",
  "displayName": "CDP",
  "id": "b747336e-fe8f-48fa-84e0-384574911b62",
  "keyCredentials": [],
  "notificationEmailAddresses": [],
  "oauth2PermissionScopes": [],
  "passwordCredentials": [],
  "replyUrls": [
    "http://localhost:4200",
    "<OTHER URLS>"
  ],
  "resourceSpecificApplicationPermissions": [],
  "servicePrincipalNames": [
    "<WEB_CLIENT_ID>"
  ],
  "servicePrincipalType": "Application",
  "signInAudience": "AzureADMyOrg",
  "tags": [
    "HideApp",
    "WindowsAzureActiveDirectoryIntegratedApp"
  ]
}

There shouldn't be much more to do besides configuring Redirect URIs for the Oauth2 flow, allowing ID tokens (not Access tokens) to be issued, and setting it to Single-tenant.

[cadam11]

Docs updated https://docs.memberjunction.org/docs/authentication