HTTP ERROR 401 Unauthorized with Azure App Registration

Jenkins and plugins versions report

Environment

```text Jenkins: 2.479 OS: Linux - 6.8.0-45-generic Java: 17.0.12 - Eclipse Adoptium (OpenJDK 64-Bit Server VM) --- Office-365-Connector:4.21.5 ant:511.v0a_a_1a_334f41b_ antisamy-markup-formatter:162.v0e6ec0fcfcf6 apache-httpcomponents-client-4-api:4.5.14-208.v438351942757 asm-api:9.7-33.v4d23ef79fcc8 authentication-tokens:1.119.v50285141b_7e1 blueocean:1.27.16 blueocean-autofavorite:1.2.5 blueocean-bitbucket-pipeline:1.27.16 blueocean-commons:1.27.16 blueocean-config:1.27.16 blueocean-core-js:1.27.16 blueocean-dashboard:1.27.16 blueocean-display-url:2.4.3 blueocean-events:1.27.16 blueocean-git-pipeline:1.27.16 blueocean-github-pipeline:1.27.16 blueocean-i18n:1.27.16 blueocean-jwt:1.27.16 blueocean-personalization:1.27.16 blueocean-pipeline-api-impl:1.27.16 blueocean-pipeline-editor:1.27.16 blueocean-pipeline-scm-api:1.27.16 blueocean-rest:1.27.16 blueocean-rest-impl:1.27.16 blueocean-web:1.27.16 bootstrap5-api:5.3.3-1 bouncycastle-api:2.30.1.78.1-248.ve27176eb_46cb_ branch-api:2.1178.v969d9eb_c728e build-timeout:1.33 caffeine-api:3.1.8-133.v17b_1ff2e0599 calendar-view:0.3.3 checks-api:2.2.1 cloudbees-bitbucket-branch-source:888.v8e6d479a_1730 cloudbees-folder:6.955.v81e2a_35c08d3 command-launcher:115.vd8b_301cc15d0 commons-compress-api:1.26.1-2 commons-httpclient3-api:3.1-3 commons-lang3-api:3.17.0-84.vb_b_938040b_078 commons-text-api:1.12.0-129.v99a_50df237f7 config-file-provider:978.v8e85886ffdc4 configuration-as-code:1850.va_a_8c31d3158b_ credentials:1381.v2c3a_12074da_b_ credentials-binding:681.vf91669a_32e45 data-tables-api:2.1.6-1 dependency-check-jenkins-plugin:5.5.1 display-url-api:2.204.vf6fddd8a_8b_e9 docker-commons:443.v921729d5611d docker-workflow:580.vc0c340686b_54 durable-task:577.v2a_8a_4b_7c0247 echarts-api:5.5.1-1 eddsa-api:0.3.0-4.v84c6f0f4969e email-ext:1844.v3ea_a_b_842374a_ envinject-api:1.199.v3ce31253ed13 favorite:2.221.v19ca_666b_62f5 font-awesome-api:6.6.0-2 git:5.5.1 git-client:6.0.0 git-server:126.v0d945d8d2b_39 github:1.40.0 github-api:1.321-478.vc9ce627ce001 github-branch-source:1797.v86fdb_4d57d43 gradle:2.13 gson-api:2.11.0-41.v019fcf6125dc handy-uri-templates-2-api:2.1.8-30.v7e777411b_148 htmlpublisher:1.36 instance-identity:201.vd2a_b_5a_468a_a_6 ionicons-api:74.v93d5eb_813d5f jackson2-api:2.17.0-379.v02de8ec9f64c jakarta-activation-api:2.1.3-1 jakarta-mail-api:2.1.3-1 javax-activation-api:1.2.0-7 javax-mail-api:1.6.2-10 jaxb:2.3.9-1 jdk-tool:80.v8a_dee33ed6f0 jenkins-design-language:1.27.16 jjwt-api:0.11.5-112.ve82dfb_224b_a_d jnr-posix-api:3.1.19-2 joda-time-api:2.13.0-85.vb_64d1c2921f1 jquery:1.12.4-1 jquery3-api:3.7.1-2 jsch:0.2.16-86.v42e010d9484b_ json-api:20240303-41.v94e11e6de726 json-path-api:2.9.0-58.v62e3e85b_a_655 junit:1303.v05e2505656b_7 ldap:759.vef7f616475df lockable-resources:1315.v4ea_8e5159ec8 mailer:488.v0c9639c1a_eb_3 mapdb-api:1.0.9-40.v58107308b_7a_7 matrix-auth:3.2.2 matrix-project:838.v4d7b_7b_f9b_d4b_ mina-sshd-api-common:2.14.0-131.v04e9b_6b_e0362 mina-sshd-api-core:2.14.0-131.v04e9b_6b_e0362 nexus-artifact-uploader:2.14 nodejs:1.6.2 oic-auth:4.355.v3a_fb_fca_b_96d4 okhttp-api:4.11.0-181.v1de5b_83857df pam-auth:1.11 people-view:1.2 pipeline-build-step:540.vb_e8849e1a_b_d8 pipeline-github-lib:61.v629f2cc41d83 pipeline-graph-analysis:216.vfd8b_ece330ca_ pipeline-groovy-lib:730.ve57b_34648c63 pipeline-input-step:495.ve9c153f6067b_ pipeline-milestone-step:119.vdfdc43fc3b_9a_ pipeline-model-api:2.2214.vb_b_34b_2ea_9b_83 pipeline-model-definition:2.2214.vb_b_34b_2ea_9b_83 pipeline-model-extensions:2.2214.vb_b_34b_2ea_9b_83 pipeline-rest-api:2.34 pipeline-stage-step:312.v8cd10304c27a_ pipeline-stage-tags-metadata:2.2214.vb_b_34b_2ea_9b_83 pipeline-stage-view:2.34 pipeline-utility-steps:2.17.0 plain-credentials:183.va_de8f1dd5a_2b_ plugin-util-api:5.1.0 prism-api:1.29.0-17 pubsub-light:1.18 resource-disposer:0.24 role-strategy:743.v142ea_b_d5f1d3 scm-api:696.v778d637b_a_762 script-security:1362.v67dc1f0e1b_b_3 snakeyaml-api:2.3-123.v13484c65210a_ sse-gateway:1.27 ssh-agent:376.v8933585c69d3 ssh-credentials:343.v884f71d78167 ssh-slaves:2.973.v0fa_8c0dea_f9f sshd:3.330.vc866a_8389b_58 structs:338.v848422169819 test-results-aggregator:2.2 test-results-analyzer:0.4.1 timestamper:1.27 token-macro:400.v35420b_922dcb_ trilead-api:2.147.vb_73cc728a_32e variant:60.v7290fc0eb_b_cd workflow-aggregator:600.vb_57cdd26fdd7 workflow-api:1336.vee415d95c521 workflow-basic-steps:1058.vcb_fc1e3a_21a_9 workflow-cps:3969.vdc9d3a_efcc6a_ workflow-durable-task-step:1371.vb_7cec8f3b_95e workflow-job:1441.vb_2d416905b_35 workflow-multibranch:795.ve0cb_1f45ca_9a_ workflow-scm-step:427.v4ca_6512e7df1 workflow-step-api:678.v3ee58b_469476 workflow-support:926.v9f4f9b_b_98c19 ws-cleanup:0.46 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-45-generic x86_64)

Jenkins running on docker

Reproduction steps

Plugin is configured with -'clientId', 'clientSecret' and 'Well-known configuration endpoint' from azure app registration, there is a custom 'user field name': preferred_username and a custom 'groups field name': roles
with plugin version [4.354.v321ce67a_1de8] everything works properly, but with plugin version [4.355.v3a_fb_fca_b_96d4] there is an error page displayed when the login is processed.
switching back to version 4.354.v321ce67a_1de8 fixes the problem.
when i use the same config with keycloak, both versions of the plugin work

Expected Results

azure app registration works with plugin version 4.355.v3a_fb_fca_b_96d4

Actual Results

Anything else?

Is there any config that i could set to get more logs? i tried to set a custom logger for the whole module via syslog admin page, but there are no plugin related logs displayed.

Are you interested in contributing a fix?

No response

jenkinsci / oic-auth-plugin