milanholemans
commented
3 months ago Hi @scberr If I read it correctly, you are trying to use CLI behind a corporate proxy? Have you tried following this guide?
Closed scberr closed 1 week ago
milanholemans
commented
3 months ago Hi @scberr If I read it correctly, you are trying to use CLI behind a corporate proxy? Have you tried following this guide?
scberr
commented
3 months ago Thank you for the response. I've read that documentation but the proxy we have uses a very complex pac file.
It's unclear from the error message if the issue is
A. we've extracted the proxy server incorrectly from the pac file and m365 can't connect to login.microsoftonline.com
Or B. There is a successful connection being made but there is a failure performing the OAuth login process.
Can you tell from the error what is going on?
milanholemans
commented
3 months ago @waldekmastykarz, if I'm not mistaken, you added/reviewed this functionality. Do you have an idea what could be wrong?
waldekmastykarz
commented
3 months ago At the moment, we don't support pac files. We only support specifying the proxy through environment variables, like @milanholemans mentioned. Following the stack trace of the error you shared with us, it seems like MSAL (which CLI uses for authentication) can't connect with Microsoft Entra, which would indicate connectivity rather than auth issues. If you could share with us some more info about what you've done, being mindful of not sharing anything sensitive, then perhaps we could debug the issue together.
scberr
commented
3 months ago Thank you for your assistance. We're going to do some more diagnosis and reverse engineering of the pac file to see if we can identify the root cause. From the extra info you provided it's almost certainly a proxy issue. There are over 40 different proxy servers/rules in the pac file though.
I'll update this ticket with the outcome, it will take a bit of time next week.
sindhujausbank
commented
1 month ago Hello, I am getting the same error. Please lmk what could be the issue. - [
](url)
Sendrayan
commented
1 month ago As per Fiddler Log we are getting 502 Error along with below Response.
Response: HTTP/1.1 502 Fiddler - Connection Failed Date: Wed, 07 Aug 2024 12:17:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Cache-Control: no-cache, must-revalidate Timestamp: 22:17:51.808
[Fiddler] The connection to 'localhost' failed.
Error: ConnectionRefused (0x274d).
System.Net.Sockets.SocketException No connection could be made because the target machine actively refused it 127.0.0.1:12588
Sendrayan
commented
1 month ago Kindly find the Request Details below: GET http://localhost:12588/favicon.ico HTTP/1.1 Host: localhost:12588 Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: http://localhost:12588/?code=***** Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Sendrayan
commented
1 month ago Getting Failed in
~~Request Details with Proxy { host: '127.0.0.1', port: '3128', method: 'CONNECT', path: 'login.microsoftonline.com', headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8' } }
Response Error in MSAL: Error: Error connecting to proxy. Http status code: 400. Http status message: Bad Request
Also I have Update the Corporate Proxy URL in HTTP_PROXY & HTTPS_PROXY in Environment Variable it retuning the same result.
sindhujausbank
commented
1 month ago We are trying to send the proxy like in this example. Here is the code implementation too. The same request is working in postman with same proxy but not working through code. Please give me an example of how to send the proxy in the request
const msal = @./msal-node"); const LogLevel = @./msal-node"); const https = require("https");
const msalConfig = { auth: { clientId: "clientid", clientSecret: "seceret", authority: authorityUrl },
system: { loggerOptions: { loggerCallback(loglevel, message, containsPii) { console.log(message); },
piiLoggingEnabled: false,
logLevel: msal.LogLevel.Verbose,
},
proxyUrl:url,// customAgentOptions:{} }, };
const cca = new msal.ConfidentialClientApplication(msalConfig); console.log("cca **** this is cca", cca); const tokenRequest = { scopes:[scope], };
async function getToken() { try { const tokenResponse = await cca.acquireTokenByClientCredential( tokenRequest ); console.log("tokenResponse ** this is token rewsponse ", tokenResponse); if (tokenResponse && tokenResponse.accessToken) { return tokenResponse.accessToken; } else { throw new Error("Failed to acquire access token"); } } catch (error) { console.log("error", error); throw new Error("Error retrieving access token: " + error); } } getToken();
From: Sendrayan @.> Date: Wednesday, August 7, 2024 at 11:22 PM To: pnp/cli-microsoft365 @.> Cc: Polkampally, Sindhuja @.>, Comment @.> Subject: [EXTERNAL] Re: [pnp/cli-microsoft365] Diagnosing error: ClientAuthError: network_error: Network request failed (Issue #6092) [WARNING] Use caution when opening attachments or links from unknown senders.
Getting Failed in
~~Request Details with Proxy { host: '127.0.0.1', port: '3128', method: 'CONNECT', path: 'login.microsoftonline.com', headers: { 'Content-Type': 'application/x-www-form-urlencoded;charset=utf-8' } }
Response Error in MSAL: Error: Error connecting to proxy. Http status code: 400. Http status message: Bad Request
Also I have Update the Corporate Proxy URL in HTTP_PROXY & HTTPS_PROXY in Environment Variable it retuning the same result.
milanholemans
commented
1 month ago Are you also using a PAC-file @sindhujausbank?
sindhujausbank
commented
1 month ago No, I am not. I am trying to understand why postman call works and not through the code when it is using the same proxy. Can you please send me an example code of how to send proxy in the code above
From: Milan Holemans @.> Sent: Thursday, August 8, 2024 1:25:08 PM To: pnp/cli-microsoft365 @.> Cc: Polkampally, Sindhuja @.>; Mention @.> Subject: [EXTERNAL] Re: [pnp/cli-microsoft365] Diagnosing error: ClientAuthError: network_error: Network request failed (Issue #6092)
[WARNING] Use caution when opening attachments or links from unknown senders.
Are you also using a PAC-file
waldekmastykarz
commented
1 month ago Hey @sindhujausbank, it seems like you're building a custom app. This issue list focuses on supporting CLI for Microsoft 365. For generic auth questions, please submit your issue to the MSAL repo at https://github.com/AzureAD/microsoft-authentication-library-for-js.
sindhujausbank
commented
1 month ago I built a custom app with the code I shared. Right now, for testing Purposes, the project just has the code to get the access token
From: Waldek Mastykarz @.> Sent: Friday, August 9, 2024 5:37:09 AM To: pnp/cli-microsoft365 @.> Cc: Polkampally, Sindhuja @.>; Mention @.> Subject: [EXTERNAL] Re: [pnp/cli-microsoft365] Diagnosing error: ClientAuthError: network_error: Network request failed (Issue #6092)
[WARNING] Use caution when opening attachments or links from unknown senders.
Hey @sindhujausbankhttps://urldefense.com/v3/__https://github.com/sindhujausbank__;!!GRBPSLYk!9xXYKMQGdRNQgtVqKATe_GJ9lm4qcqdX3GObqerAma12ZpQFH7TZwrVKdoC1rf1nUdatDoSTzuxABkDdI3mGWIh8WcIfotYp$ are you using CLI for M365 or building a custom app? If you use the CLI, could you please share with us what you've configured, how are you starting the CLI and what error you're seeing? It'll help us understand what's wrong.
— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https://github.com/pnp/cli-microsoft365/issues/6092*issuecomment-2277656962__;Iw!!GRBPSLYk!9xXYKMQGdRNQgtVqKATe_GJ9lm4qcqdX3GObqerAma12ZpQFH7TZwrVKdoC1rf1nUdatDoSTzuxABkDdI3mGWIh8WenN3dl3$, or unsubscribehttps://urldefense.com/v3/__https://github.com/notifications/unsubscribe-auth/BKMNJQM5O4A5NQRCC4WRQV3ZQSLVLAVCNFSM6AAAAABJPJYDF2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENZXGY2TMOJWGI__;!!GRBPSLYk!9xXYKMQGdRNQgtVqKATe_GJ9lm4qcqdX3GObqerAma12ZpQFH7TZwrVKdoC1rf1nUdatDoSTzuxABkDdI3mGWIh8WerIkydH$. You are receiving this because you were mentioned.Message ID: @.***>
U.S. BANCORP made the following annotations
Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.
waldekmastykarz
commented
1 week ago Closing due to lack of further comments from the OP
itpropro
commented
1 week ago We have the same problem with node-msal. A normal client credential request fails with
Handling error AuthenticationRequiredError: network_error: Network request failedThere are no network issues, a manual post with cli/postman has no problems, it's just the msal-node library.
Using Node 20 with pnpm.
I am trying to use m365 in a corporate environment with a complex pac file for the proxy.
I believe I've set the proxy right, but I may not have.
We are receiving the following error when trying to login and would appreciate any guidance on how to work out the root cause. personal information is redacted, but the username/password is definitely correct: