ClientAuthError: Error: could not resolve endpoints. Please check network and try again when not supplying authenticationParameters

[Tovli]

I'm submitting a...

[x] Regression (a behavior that used to work and stopped working in a new release)
[ ] Bug report  
[ ] Performance issue
[ ] Feature request
[ ] Documentation issue or request
[ ] Other... Please describe:

Browser:

• Chrome version XX
• Firefox version XX
• IE version XX
• Edge version XX
• Safari version XX

Library version

Library version: 1.0.0



## Current behavior

When using loginPopup without an AuthenticationParameters parameter then an exception is thrown due to undefined request parameter

## Expected behavior

The loginPopup window should be displayed

## Minimal reproduction of the problem with instructions

Login using this code:
this.app.loginPopup().then(function () {
      return this.app.acquireTokenSilent();
    }).catch(function (error) { return Promise.reject(error) }

    );

[sameerag]

@Tovli Thanks for raising this. loginPopup() should have been working without any request. Will reach out once I debug this.

[sameerag]

@Tovli I just tested this and it works as expected. loginPopup() works without a parameter. From the error you posted I do see that this error could be thrown if the endPoint verification is failing. Can you please send us the authority that you are using to make this call?

We make a call to the end point before sending a real request to the service to ensure that it is a reachable and valid. A call is made to Open-Id well known configuration and any failure in this path causes the above error: "Error: could not resolve endpoints."

[Tovli]

Hi man, you are right, I forgot to add my config. I'm sending authority : https://login.microsoftonline.com/tfp/<tenant_name>. onmicrosoft.com/<SignInSignUp_User_Flow_Name> And the ClientId of course. Sorry for the disinformation Thanks for checking this Now I send the same authority in the loginRequest as well and it works as expected (Would change that later on of course :) )

…

On Sun, May 5, 2019, 23:21 Sameera Gajjarapu ***@***.***> wrote: @Tovli <https://github.com/Tovli> I just tested this and it works as expected. loginPopup() works without a parameter. From the error you posted I do see that this could be probably the endPoint Verification that is failing. Can you please send us the authority that you are using to make this call? "Error: could not resolve endpoints." is seen only when we make a call to the end point before sending a real request to the service to ensure that it is a reachable and valid. A call is made to Open-Id well known configuration <https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc#fetch-the-openid-connect-metadata-document> and any failure in this path causes the above error. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#691 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADM67RAPPCLJZTJEOPVLRR3PT46ULANCNFSM4HK37EXA> .

[Tovli]

so this is the expected behavior?

…

On Sun, May 5, 2019, 23:38 Sameera Gajjarapu ***@***.***> wrote: Closed #691 <#691> . — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#691 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADM67RFPSWIUAHHNGDORFFLPT5ASRANCNFSM4HK37EXA> .

[sameerag]

Yes. loginPopup() and logonRedirect() work without any inputs, they give you an idToken with scopes as "clientId". acquireToken() calls need 'scopes' as parameters.

Any failure in the i/p parameters in config(if authority is set there - or during app registration) is thrown to the user before we proceed with the authentication.

[Tovli]

Wonder why you've decide to introduce this in 1.0.0 The only thing I do now is sending the authority to the loginPopup as well as to the constructor. previously (0.2.4) just the constructor was enough... The error text is still an enigma to me as the url stays the same. I must be missing something in the desired flow

…

On Mon, May 6, 2019, 00:01 Sameera Gajjarapu ***@***.***> wrote: Yes. loginPopup() and logonRedirect() work without any inputs, they give you an idToken with scopes as "clientId". acquireToken() calls need 'scopes' as parameters. Any failure in the i/p parameters in config(if authority is set there - or during app registration) is thrown to the user before we proceed with the authentication. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#691 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADM67RG3Q6VUNE4IV6SBDPLPT5DK3ANCNFSM4HK37EXA> .

[sameerag]

oh! Sorry I misunderstood you too. I thought passing the right authority in 'configuration' solved your issue. Are you saying if the authority in configuration is correct and you are making a loginPopup() request without any parameters, are you still failing?

[Tovli]

yes. I will try to put a better code sample for this issue tomorrow. it's midnight here already :-) Thanks for helping.

…

On Mon, May 6, 2019, 00:08 Sameera Gajjarapu ***@***.***> wrote: oh! Sorry I misunderstood you too. I thought passing the right authority in 'configuration' solved your issue. Are you saying if the authority in configuration is correct and you are making a loginPopup() request without any parameters, are you still failing? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#691 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADM67RF5GL56AZVYYEPXRMLPT5ED7ANCNFSM4HK37EXA> .

[Tovli]

Hi
I've cloned msal B2C sample and all I've changed was this line:
clientApplication.loginPopup(loginRequest).then(function (loginResponse) {
to:
clientApplication.loginPopup().then(function (loginResponse) {

My workaround was to create a login request with authority and pass it to the login popup:

var loginRequest = {
        authority: "https://login.microsoftonline.com/tfp/fabrikamb2c.onmicrosoft.com/b2c_1_susi"
      };

Hope that clarify the issue

[Tovli]

@sameerag ?

[sameerag]

@Tovli I ack your response. I will try to reach out this/next week on this once I check with the B2C service team. I have tested with MSA and it works without 'authority' and hence I suspect the B2C flow issue in this case.

[Tovli]

Thanks. Maybe I'm misusing the authority parameter...
Will wait for you update

[runeabrahams1]

Hi, I'm getting the same error as @Tovli. I updated my code from preview.4 to the 1.0 release, then the error occurred.

Solved it by doing the change below. Not sure why i need to add authority again after adding it in the constructor of UserAgentApplication.

this.msalAgent = new UserAgentApplication({
  auth: {       
    clientId, // My client id
    authority // My Auth
  },
...
})

...
// Worked in 1.0.0-preview.4, but not 1.0.0
this.msalAgent.loginPopup().then(...)

// Works in 1.0.0
this.msalAgent.loginPopup({
  authority // My auth
}).then(...)

[pkanher617]

Hi @Tovli and @runeabrahams1 thanks for your feedback.

Can you post the full stack trace of the error you are receiving? We can help better debug these issues that way. Thanks.

[sameerag]

@Tovli and @runeabrahams1 I found one issue which will be a PR soon, in addition to this as @pkanher617 mentioned stack trace would help us get a test branch sooner to ensure we are fixing the same bug.

[sameerag]

Can you guys please try #698 and let me know? The PR still needs Unit tests added, but I suspect this will fix your issue.

[Tovli]

@sameerag thanks, I will test it later. In the meantime, here is my stackTrace:

Uncaught (in promise) ClientAuthError: Error: could not resolve endpoints. Please check network and try again.
    at ClientAuthError.AuthError [as constructor] (http://localhost:8080/app.js:25201:28)
    at new ClientAuthError (http://localhost:8080/app.js:25322:28)
    at Function../node_modules/msal/lib-es6/error/ClientAuthError.js.ClientAuthError.createEndpointResolutionError (http://localhost:8080/app.js:25332:16)
    at http://localhost:8080/app.js:22719:92```

[Tovli]

@sameerag - As I am using npm to install msal in my app (vue spa). I cannot test this using the same way I would install the npm package you eventually publish (no name attribute in the package.json)
Please let me know if there is a way to install your branch as I would be happy to assist in testing.
Another option for you is to try it on the msal B2C sample

[LakeGH]

Experiencing this issue as well, but only in Edge. In Chrome works as expected.

ClientAuthError: Error: could not resolve endpoints. Please check network and try again. Details: Error: Permission denied{"errorCode":"endpoints_resolution_error","errorMessage":"Error: could not resolve endpoints. Please check network and try again. Details: Error: Permission denied","name":"ClientAuthError"}
ClientAuthError: Error: could not resolve endpoints. Please check network and try again. Details: Error: Permission denied
   at AuthError (https://app.pd-local.com:3001/static/webApps/pptAddin/taskpaneClient.js?startTime=1557429993984:19057:9)
   at ClientAuthError (https://app.pd-local.com:3001/static/webApps/pptAddin/taskpaneClient.js?startTime=1557429993984:9931:9)
   at ClientAuthError.createEndpointResolutionError (https://app.pd-local.com:3001/static/webApps/pptAddin/taskpaneClient.js?startTime=1557429993984:9941:9)
   at Anonymous function (https://app.pd-local.com:3001/static/webApps/pptAddin/taskpaneClient.js?startTime=1557429993984:59058:17)
   at run (https://app.pd-local.com:3001/static/webApps/pptAddin/taskpaneClient.js?startTime=1557429993984:43655:13)
   at Anonymous function (https://app.pd-local.com:3001/static/webApps/pptAddin/taskpaneClient.js?startTime=1557429993984:43668:28)
   at flush (https://app.pd-local.com:3001/static/webApps/pptAddin/taskpaneClient.js?startTime=1557429993984:22180:9)

Configuration:

const appConfig = {
  auth: {
    clientId: config.msAuth.clientID,
    redirectUri: redirectUri,
    authority: "https://login.microsoftonline.com/common"
  },
  cache: {
    cacheLocation: "localStorage",
    storeAuthStateInCookie: true,
  },
};
const userAgentApplication = new Msal.UserAgentApplication(appConfig);

...
userAgentApplication
      .loginPopup({
        scopes: ["user.read"],
        prompt: "select_account",
        authority: "https://login.microsoftonline.com/common"
      })

We've tried with and without authority, but still get the same error on Edge. Chrome works in either case.

Tried using msal version 1.0.0 and 1.0.0-preview.5, same result.

[AE-MS]

FWIW I believe I just ran into this issue the first time I tried to use the msal library. The symptoms+fix+error message seem to be the same. I debugging the issue and it does indeed seem to be fixed with #698 . Note that it affects both loginPopup and loginRedirect and #698 appears to fix both cases.

[sameerag]

Great! Thanks, @AE-MS. I will optimize all our parameter checks tonight and finalize this PR. We want this included in the patch release we are planning next week.

[sameerag]

#698 is now merged with dev.

[sameerag]

Closing this as the PR #698 got merged into dev now.

[Tovli]

Thanks. I need to understand how I can test code that is on PR and not through npm in vue so I can be of a better help

…

On Fri, May 24, 2019, 22:28 Sameera Gajjarapu ***@***.***> wrote: Closing this as the PR #698 <#698> got merged into dev now. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#691?email_source=notifications&email_token=ADM67REDRWPWXBGD55ML4WTPXA6WBA5CNFSM4HK37EXKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODWGL57A#issuecomment-495763196>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ADM67RFXLKCUL5SASIR4HJ3PXA6WBANCNFSM4HK37EXA> .