A non-MSALJS error on MS 365 sign in

[Ric-Lavers]

When signing in to the microsoft 365 account to enable side-loading, instead of opening a login page in browser its immediately logging the below in the output tab, the login process then hangs until timeout.

[Error] - [Wed, 08 Mar 2023 16:34:51 GMT] : @azure/msal-node@1.14.6 : Error - A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata. Error: Error Error Description: Error: certificate has expired

To Reproduce Steps to reproduce the behavior:

1. Go to "accounts" in side panel
2. Click on "Sign in to Microsoft 365"
3. Click "SIgn in"
4. See error

Expected behavior should open browser with sign in page

Additional context I've tried restarting vs code, un-installing then re-installing the extensions Toolkit and Azure Account (along with its dependent extensions )

[ghost]

Thank you for contacting us! Any issue or feedback from you is quite important to us. We will do our best to fully respond to your issue as soon as possible. Sometimes additional investigations may be needed, we will usually get back to you within 2 days by adding comments to this issue. Please stay tuned.

[johndavidsimmons]

This is happening to me too - no changes in my project or account...

[xiaolang124]

Sorry for your inconvenience, you can try to delete files in ~/.fx/account, restart Visual Studio Code instance. Another possible solution is to clear your browser cache and cookies and try again. If this does not solve the issue, please let me know. We will investigate this issue now.

I have created an issue in MSAL to take a look. https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/5779

[adidos87]

Also to me and other 2 colleagues. We don't have any folder ~/.fx/account

[BartCoder88]

I have the same problem, trying login in Teams Toolkit:

This is the error:

I tried removing the file ~/.fx/states/state.local.json and also clearing my browser cache and cookies, without success!

[johndavidsimmons]

Sorry for your inconvenience, you can try to delete files in ~/.fx/account, restart Visual Studio Code instance. Another possible solution is to clear your browser cache and cookies and try again. If this does not solve the issue, please let me know. We will investigate this issue now.

I have created an issue in MSAL to take a look. AzureAD/microsoft-authentication-library-for-js#5779

I have no account folder under ~/.fx/...

[johndavidsimmons]

Fresh browser, fresh install of vscode and teams toolkit, attempting to sign in through the teams toolkit extension at least now takes me to the MS login screen, but when I try to login to my testing tenant account I get this message (not my actual email address). This test account previously worked fine with teams toolkit and I need to use a test account because my organization doesn't allow sideloading.

[xiaolang124]

@johndavidsimmons When you click M365 sign in, there is a button to create a test account. You can try to create a test account (https://developer.microsoft.com/en-us/microsoft-365/dev-program). In this way, you can have full control of M365 permission control. Personal account does not have the ability to create a Teams App, so you may need to create a M365 test account.

[johndavidsimmons]

I've already created a testing tenant. When I attempt to sign in and use it i get the message about needing a work or school account

[xiaolang124]

I've already created a testing tenant. When I attempt to sign in and use it i get the message about needing a work or school account

After signing in this page(https://developer.microsoft.com/en-us/microsoft-365/dev-program), Can you see this part. The onmicrosoft account should be your test account.

If you cannot see this, you need to set up a new subscription. (prepare M365 environment: https://learn.microsoft.com/en-us/microsoftteams/platform/concepts/build-and-test/prepare-your-o365-tenant)

[Ric-Lavers]

Thanks for looking into it, I don't have a account folder either. This issue is happening across all my local Teams projects, so not likely a project config. Also it is happening immediately on click of the sign in button, preventing the opening of the browser, so unlikely to be related to browser cache.

I've tried deleting the Cache folder from HOME/Library/Application Support/Code but it hasn't helped either.

[BartCoder88]

That's exactly my same problem: it is happening immediately on click of the sign in button, preventing the opening of the browser, giving the following error:

@azure/msal-node@1.14.6 : Error - A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata. Error: Error Error Description: Error: certificate has expired

Probably there's a certificate to renew on the service which is responsible for the discovery metadata.

[Ric-Lavers]

This has resolved itself for me now, I didn't do anything else. Perhaps a invalid token expired?

[johndavidsimmons]

Still happening to me... click sign in and immediate get

@azure/msal-node@1.14.6 : Error - A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata. Error: Error Error Description: Error: certificate has expired

[johndavidsimmons]

@Ric-Lavers Did you do anything like clearing cache, different deafult browser, etc?

[Ric-Lavers]

@johndavidsimmons unfortunately it is now back same as before.

[Ric-Lavers]

Still a issue in VS code, looks like there are some ongoing MSAL issues shared by @cheenamalhotra. @johndavidsimmons FYI, for now i'm using the teamsfx cli to continue to build. Using teamsfx preview it spins up a local instance and is authenticating correctly for me. Not as convenient as being in vscode, for example there are no terminal logs. But logs can be accessed by watch tail -n 15 ~/.fx/cli-log/local-preview/{LOG_FILE}/backend-start.log

Hopefully, there will be fix for the extension soon.

[xiaolang124]

Still a issue in VS code, looks like there are some ongoing MSAL issues shared by @cheenamalhotra. @johndavidsimmons FYI, for now i'm using the teamsfx cli to continue to build. Using teamsfx preview it spins up a local instance and is authenticating correctly for me. Not as convenient as being in vscode, for example there are no terminal logs. But logs can be accessed by watch tail -n 15 ~/.fx/cli-log/local-preview/{LOG_FILE}/backend-start.log

Hopefully, there will be fix for the extension soon.

Thanks for the information. Can you tell me which teamsfx cli version do you use? And do you use any proxy in your VS Code or OS? Or does your company have a proxy? Can you open this url https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize.

If you can use teamsfx cli to login, you can use VsCode to debug Teams app because teamsfx cli and teamsfx VS Code extension share the same M365 account.

[cheenamalhotra]

Ref: https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/4879#issuecomment-1444047007

This worked for our VSCode-MSSQL extension, and we've also got confirmation from impacted customers with the recent "certificate has expired" error (https://github.com/microsoft/azuredatastudio/issues/22227#issuecomment-1464718452).. might as well give it a try!

[xiaolang124]

Ref: AzureAD/microsoft-authentication-library-for-js#4879 (comment)

This worked for our VSCode-MSSQL extension, and we've also got confirmation from impacted customers with the recent "certificate has expired" error (microsoft/azuredatastudio#22227 (comment)).. might as well give it a try!

Thanks for the help, we will investigate this.

[Ric-Lavers]

teamsfx cli version : 1.2.4 No proxies Yes i can open the login link

After signing in with the CLI, it still throws the same error when trying in VS code.

Also, when i try to sign into azure on VS code i get the below messaging (yes i am connected to the internet 😋 )

@xiaolang124 happy to provide more details, or a screenshare.

[mark-at-pieces]

@Ric-Lavers I'm also having the same issue, I downloaded the extension within my VsCode Instance 2 weeks ago, and had zero issue with my sign-in. Pulled it open today, and I'm getting the exact same information notification around "you appear to be offline. Please check your network connection."

Teams Toolkit: v4.99.2023021100 teamsfx: 1.2.4

[xiaolang124]

@Ric-Lavers I have created a VSIX file with the latest @azure/msal-node (1.16.0). This file is only for troubleshooting purposes and not an official release. We will publish an official version to fix this issue once we identify the root cause. Please download this VSIX file and install it in your VS Code and test it. Then let us know the results. Thank you. local-test.vsix

[xiaolang124]

@Ric-Lavers I have found a possible solution that might fix your problem. If you can try, please let us know the results.

https://github.com/microsoft/azuredatastudio/issues/22227#issuecomment-1466631757

[Ric-Lavers]

@xiaolang124 Great i can now sign in to MS365 after unchecking Http: System Certificates , however i'm now getting a new error when trying to sign into Azure.

This is happening on both v9.9.9-local.647 & v4.2.4

[xiaolang124]

@xiaolang124 Great i can now sign in to MS365 after unchecking Http: System Certificates , however i'm now getting a new error when trying to sign into Azure.

This is happening on both v9.9.9-local.647 & v4.2.4

Thanks for the information. Can you sign in Azure by using command palette (Azure: Sign in). If possible, could you successfully provision or deploy?

[adidos87]

Unchecking this two flag , it works

[Ric-Lavers]

@xiaolang124 Yes, from the CLI i can deploy, but not in vs code due to the same undefined.split() error. I've tried unchecking Proxy Strict SSL as well.

[Error] - code:unknown.TypeError, message: Cannot read properties of undefined (reading 'split'), stack: TypeError: Cannot read properties of undefined (reading 'split') at Object.ConvertTokenToJson (/Users/riclavers/.vscode/extensions/teamsdevapp.ms-teams-vscode-extension-4.2.4/out/src/extension.js:8:6389934) at TeamsFxTokenCredential.<anonymous> (/Users/riclavers/.vscode/extensions/teamsdevapp.ms-teams-vscode-extension-4.2.4/out/src/extension.js:8:6356580) at Generator.next (<anonymous>) at fulfilled (/Users/riclavers/.vscode/extensions/teamsdevapp.ms-teams-vscode-extension-4.2.4/out/src/extension.js:8:6354822)

[xiaolang124]

@xiaolang124 Yes, from the CLI i can deploy, but not in vs code due to the same undefined.split() error. I've tried unchecking Proxy Strict SSL as well.

[Error] - code:unknown.TypeError, message: Cannot read properties of undefined (reading 'split'), stack: TypeError: Cannot read properties of undefined (reading 'split') at Object.ConvertTokenToJson (/Users/riclavers/.vscode/extensions/teamsdevapp.ms-teams-vscode-extension-4.2.4/out/src/extension.js:8:6389934) at TeamsFxTokenCredential.<anonymous> (/Users/riclavers/.vscode/extensions/teamsdevapp.ms-teams-vscode-extension-4.2.4/out/src/extension.js:8:6356580) at Generator.next (<anonymous>) at fulfilled (/Users/riclavers/.vscode/extensions/teamsdevapp.ms-teams-vscode-extension-4.2.4/out/src/extension.js:8:6354822)

Are you using 'MSAL' here? If so, you may want to consider switching to 'ADAL' and giving it a try.

[Ric-Lavers]

@xiaolang124 Yep I checked and am using ADAL, for good measure i tried on MSAL as well and got the same split error

[xiaolang124]

@xiaolang124 Yep I checked and am using ADAL, for good measure i tried on MSAL as well and got the same split error

Can you give this test vsix a try and tell us the results? And what Azure account extension version do you use? If you can see your token log in your output channel, you can tell us the token structure like {"token":"*","expiresOnTimestamp":1679028706000} by hiding secret value.

[Ric-Lavers]

Can you give this test vsix a try and tell us the results? And what Azure account extension version do you use? If you can see your token log in your output channel, you can tell us the token structure like {"token":"*","expiresOnTimestamp":1679028706000} by hiding secret value.

Azure account extension version: v0.11.3

The Test vsix is successfully logging into Azure, local preview and deploying 🎉

The output structure from the vsix matches your example, but there's no output just the error popup from v4.2.4 {"token":"*","expiresOnTimestamp":1679056912000}

[xiaolang124]

Thanks for the information, we will investigate this.

[johndavidsimmons]

There has to be just some certificate to clear or refresh. I just installed vs code and the teams toolkit extension on a new computer and used a browser that has never signed into a microsoft account before and everything works perfectly...

[xiaolang124]

Checked with the VS Code team and they said that there might be an expired root certificate in your system.

          There must be an expired root certificate in your certificate store. Please remove that.
          The fact that it works when disabling the setting indicates that there is a valid certificate in NodeJS' built-in certificates. We could try to parse the certificates from the OS and skip those that have already expired.

Originally posted by @chrmarti in https://github.com/microsoft/vscode/issues/177175#issuecomment-1469672288