Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trouble getting accessToken from acquireTokenInteractive in packaged Electron app #7306

Open
1 of 2 tasks
knutssonalex opened this issue Sep 11, 2024 · 0 comments
Open
1 of 2 tasks

Trouble getting accessToken from acquireTokenInteractive in packaged Electron app #7306

knutssonalex opened this issue Sep 11, 2024 · 0 comments
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-node Related to msal-node package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@knutssonalex
Copy link

Core Library

MSAL Node (@azure/msal-node)

Core Library Version

2.13.0

Wrapper Library

Not Applicable

Wrapper Library Version

None

Public or Confidential Client?

Public

Description

When packaging Electron apps, either the ElectronSystemBrowserTestApp or a custom one, we can't get the access token back from the interactive sign in. The success template is displayed in the browser and the user is redirected back to the app, but we never get the accessToken/authResponse back.
This however, works fine in the example app and our own app.

Error Message

No errors are thrown.

MSAL Logs

[2024-09-11 10:43:33.828] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [] : @azure/[email protected] : Info - getTokenCache called
[2024-09-11 10:43:33.836] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [] : @azure/[email protected] : Info - getAuthCodeUrl called
[2024-09-11 10:43:33.836] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [] : @azure/[email protected] : Verbose - initializeRequestScopes called
[2024-09-11 10:43:33.837] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [ebebc577-14e1-43b7-965e-ed097641119b] : @azure/[email protected] : Verbose - buildOauthClientConfiguration called
[2024-09-11 10:43:33.837] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [ebebc577-14e1-43b7-965e-ed097641119b] : @azure/[email protected] : Verbose - createAuthority called
[2024-09-11 10:43:33.838] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [] : @azure/[email protected] : Verbose - Attempting to get cloud discovery metadata from authority configuration
[2024-09-11 10:43:33.838] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [] : @azure/[email protected] : Verbose - Known Authorities:
[2024-09-11 10:43:33.838] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [] : @azure/[email protected] : Verbose - Authority Metadata: N/A
[2024-09-11 10:43:33.838] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [] : @azure/[email protected] : Verbose - Canonical Authority: https://login.microsoftonline.com/c3af1697-15c2-44e3-99ae-9f34166c36fb/
[2024-09-11 10:43:33.839] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [] : @azure/[email protected] : Verbose - Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values.
[2024-09-11 10:43:33.839] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [] : @azure/[email protected] : Verbose - Found cloud discovery metadata from hardcoded values.
[2024-09-11 10:43:33.839] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [] : @azure/[email protected] : Verbose - Attempting to get endpoint metadata from authority configuration
[2024-09-11 10:43:33.839] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [] : @azure/[email protected] : Verbose - Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values.
[2024-09-11 10:43:33.839] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [] : @azure/[email protected] : Verbose - Replacing tenant domain name c3af1697-15c2-44e3-99ae-9f34166c36fb with id {tenantid}
[2024-09-11 10:43:33.840] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [ebebc577-14e1-43b7-965e-ed097641119b] : @azure/[email protected] : Info - Building oauth client configuration with the following authority: https://login.microsoftonline.com/c3af1697-15c2-44e3-99ae-9f34166c36fb/oauth2/v2.0/token.
[2024-09-11 10:43:33.840] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [ebebc577-14e1-43b7-965e-ed097641119b] : @azure/[email protected] : Verbose - Auth code client created
[2024-09-11 10:43:33.841] [info] [Wed, 11 Sep 2024 08:43:33 GMT] : [] : @azure/[email protected] : Verbose - Replacing tenant domain name c3af1697-15c2-44e3-99ae-9f34166c36fb with id {tenantid}
[2024-09-11 10:43:34.229] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [] : @azure/[email protected] : Info - acquireTokenByCode called
[2024-09-11 10:43:34.229] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [] : @azure/[email protected] : Verbose - initializeRequestScopes called
[2024-09-11 10:43:34.230] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [c76a70ee-6c5d-4898-8d68-a3ffd72a35f1] : @azure/[email protected] : Verbose - buildOauthClientConfiguration called
[2024-09-11 10:43:34.230] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [c76a70ee-6c5d-4898-8d68-a3ffd72a35f1] : @azure/[email protected] : Verbose - createAuthority called
[2024-09-11 10:43:34.231] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [] : @azure/[email protected] : Verbose - Attempting to get cloud discovery metadata from authority configuration
[2024-09-11 10:43:34.231] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [] : @azure/[email protected] : Verbose - Known Authorities:
[2024-09-11 10:43:34.231] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [] : @azure/[email protected] : Verbose - Authority Metadata: N/A
[2024-09-11 10:43:34.231] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [] : @azure/[email protected] : Verbose - Canonical Authority: https://login.microsoftonline.com/c3af1697-15c2-44e3-99ae-9f34166c36fb/
[2024-09-11 10:43:34.232] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [] : @azure/[email protected] : Verbose - Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values.
[2024-09-11 10:43:34.232] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [] : @azure/[email protected] : Verbose - Found cloud discovery metadata from hardcoded values.
[2024-09-11 10:43:34.232] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [] : @azure/[email protected] : Verbose - Attempting to get endpoint metadata from authority configuration
[2024-09-11 10:43:34.232] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [] : @azure/[email protected] : Verbose - Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values.
[2024-09-11 10:43:34.233] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [] : @azure/[email protected] : Verbose - Replacing tenant domain name c3af1697-15c2-44e3-99ae-9f34166c36fb with id {tenantid}
[2024-09-11 10:43:34.233] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [c76a70ee-6c5d-4898-8d68-a3ffd72a35f1] : @azure/[email protected] : Info - Building oauth client configuration with the following authority: https://login.microsoftonline.com/c3af1697-15c2-44e3-99ae-9f34166c36fb/oauth2/v2.0/token.
[2024-09-11 10:43:34.233] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [c76a70ee-6c5d-4898-8d68-a3ffd72a35f1] : @azure/[email protected] : Verbose - Auth code client created
[2024-09-11 10:43:34.234] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [] : @azure/[email protected] : Verbose - Replacing tenant domain name c3af1697-15c2-44e3-99ae-9f34166c36fb with id {tenantid}
[2024-09-11 10:43:34.457] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [c76a70ee-6c5d-4898-8d68-a3ffd72a35f1] : @azure/[email protected] : Verbose - setCachedAccount called
[2024-09-11 10:43:34.459] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [c76a70ee-6c5d-4898-8d68-a3ffd72a35f1] : @azure/[email protected] : Verbose - Persistence enabled, calling beforeCacheAccess
[2024-09-11 10:43:34.460] [info] [Wed, 11 Sep 2024 08:43:34 GMT] : [c76a70ee-6c5d-4898-8d68-a3ffd72a35f1] : @azure/[email protected] : Verbose - Persistence enabled, calling afterCacheAccess

Network Trace (Preferrably Fiddler)

  • Sent
  • Pending

MSAL Configuration

{
    authOptions: {
        clientId: "clientId",
        authority: "https://login.microsoftonline.com/c3af1697-15c2-44e3-99ae-9f34166c36fb",
    },
    resourceApi: {
        endpoint: "https://graph.microsoft.com/v1.0",
        scopes: ["User.Read", "openid"],
        redirectUri: "http://localhost/auth",
    },
    customProtocol: {
        name: "msal{clientId}",
    },
    cache: {
        cacheLocation: "./data/cache.json",
    },
    system: {
        loggerOptions: {
            logLevel: LogLevel.Verbose,
            loggerCallback: (level: any, message: any, containsPii: any) => {
                if (containsPii) {
                    return;
                }
                switch (level) {
                    case LogLevel.Error:
                        console.error(message);
                        return;
                    case LogLevel.Info:
                        console.info(message);
                        return;
                    case LogLevel.Verbose:
                        console.debug(message);
                        return;
                    case LogLevel.Warning:
                        console.warn(message);
                        return;
                    default:
                        console.log(message);
                        return;
                }
            },
        },
    },
};

Relevant Code Snippets

if (process.env.NODE_ENV === "development" && process.platform === "win32") {
    app.setAsDefaultProtocolClient(authConfig.customProtocol.name, process.execPath, [path.resolve(process.argv[1])]);
} else {
    app.setAsDefaultProtocolClient(authConfig.customProtocol.name);
}

export const pca = new PublicClientApplication({
    auth: {
        clientId: authConfig.authOptions.clientId,
        authority: authConfig.authOptions.authority,
    },
    cache: {
        cachePlugin: cachePlugin(CACHE_LOCATION),
    },
    system: authConfig.system,
});

async function getTokenInteractive(tokenRequest: { scopes: string[] }): Promise<AuthenticationResult> {
    try {
        const openBrowser = async (url: any) => {
            log.info("Opening browser with URL:", url);
            await shell.openExternal(url);
        };

        const loopbackClient = await CustomLoopbackClient.initialize(3001);

        const interactiveRequest: InteractiveRequest = {
            scopes: ["User.Read"],
            authority: authConfig.authOptions.authority,
            openBrowser,
            successTemplate: successTemplate,
            errorTemplate: errorTemplate,
            loopbackClient: loopbackClient,
        };

        try {
            const authResponse = await pca.acquireTokenInteractive(interactiveRequest); // This is where production code gets stuck
            return authResponse;
        } catch (error) {
            log.error("Error during interactive authentication:", error, "error type:", typeof error);
            if (error instanceof Error) {
                log.error("Error name:", error.name);
                log.error("Error message:", error.message);
                log.error("Error stack:", error.stack);
            }
            throw error;
        }
    } catch (error) {
        log.error("Interactive authentication failed", error);
        if (error instanceof Error) {
            log.error("Error name:", error.name);
            log.error("Error message:", error.message);
            log.error("Error stack:", error.stack);
        }
        throw error;
    }
}

Reproduction Steps

  1. Clone the ElectronSystemBrowserTestApp
  2. Replace with application credentials
  3. Run npm install
  4. Run npm run package
  5. Locate the packaged application and start it
  6. Try to sign in

Expected Behavior

User gets signed in from the redirect.

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

Chrome, Edge, Safari

Regression

No response

Source

Internal (Microsoft)
@knutssonalex knutssonalex added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Sep 11, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Sep 11, 2024
@github-actions github-actions bot added msal-node Related to msal-node package public-client Issues regarding PublicClientApplications labels Sep 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-node Related to msal-node package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@knutssonalex