Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] WWW-Authentication parser should strip the optional v2.0 form authorization uri #4416

Closed
bgavrilMS opened this issue Nov 9, 2023 · 0 comments · Fixed by #4610
Closed

[Bug] WWW-Authentication parser should strip the optional v2.0 form authorization uri #4416

bgavrilMS opened this issue Nov 9, 2023 · 0 comments · Fixed by #4610
Assignees
@trwalke
Labels
bug confidential-client P3
Milestone
4.60.0

Comments

@bgavrilMS
Copy link
Member

Library version used

4.56

.NET version

all

Scenario

Other - please specify

Is this a new or an existing app?

This is a new app or experiment

Issue description and reproduction steps

https://login.microsoftonline.com//common/v2.0/.well-known/openid-configuration

See how the authroization uri is "authorization_endpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",

Our WWW-Authenticate parser doesn't convert this correctly to an authority, see https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/main/src/client/Microsoft.Identity.Client/WwwAuthenticateParameters.cs#L424

Relevant code snippets

No response

Expected behavior

Strip out the v2.0 but only if it exists

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response
@bgavrilMS bgavrilMS added untriaged Do not delete. Needed for Automation needs attention Delete label after triage bug P3 confidential-client and removed untriaged Do not delete. Needed for Automation needs attention Delete label after triage labels Nov 9, 2023
@bgavrilMS bgavrilMS changed the title [Bug] WWW-Authentication parser should strip the optional v2.0 form authroization uri [Bug] WWW-Authentication parser should strip the optional v2.0 form authorization uri Nov 9, 2023
@trwalke trwalke mentioned this issue Feb 1, 2024
Closed
1 task
@trwalke trwalke self-assigned this Feb 1, 2024
@bgavrilMS bgavrilMS linked a pull request Feb 2, 2024 that will close this issue
Updating wwwAuthenticateParsing to handle v2.0 #4596
Closed
1 task
@trwalke trwalke mentioned this issue Feb 5, 2024
Merged
1 task
@trwalke trwalke linked a pull request Feb 6, 2024 that will close this issue
Updating wwwAuthenticateParsing to handle v2.0 #4610
Merged
1 task
@trwalke trwalke closed this as completed Feb 6, 2024
@pmaytak pmaytak added this to the 4.60.0 milestone Feb 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@trwalke trwalke

Labels
bug confidential-client P3
Projects
MSAL.NET Customer Trust
Archived in project
Milestone
4.60.0
3 participants
@bgavrilMS @trwalke @pmaytak