Test Console > OAuth 2.0 Authorization Code Authorization > "Unable to authenticate due to internal error."

[Blackbaud-ChristopherRodgers]

Bug description

A customer reached out to us that they are receiving an error from the Test Console when they attempt to authorize (OAuth 2.0 Authorization Code Flow) the test console application. The error alert says "Unable to authenticate due to internal error."

Looking at the block of portal code that raises this alert, it would seem that the portal is receiving an unexpected message.

When trying to reproduce this ourselves, the only scenario where we regularly got this to happen is when we enabled a browser extension (for us, it was the Microsoft Editor extension--Microsoft Edge).

This was the message event that resulted in the error.

When things are working correctly, this is the expected event shape:

Reproduction steps

1. Install and enable browser extension (Microsoft Editor for Edge seems to do it)
2. Go to API Reference for API with OAuth 2.0 with Authorization Code (I believe this would also happen for Authorization Code w/PKCE)
3. Click on "Try it"
4. Update OAuth 2.0 Authorization from "No auth" to "authorization_code"
5. The error alert will often be raised as authorization is given and the window is closed after the redirect. However, it occasionally happens while the user is sitting on the page after the window is closed (maybe because the listener is still active and the extension is running some operation on the page?

Expected behavior

The test console receives an access token without an error. FWIW, in our testing, the access token event is also received, so the Authorization header is populated. The error simply leads some users to believe it didn't work. Ideally, the portal event listener would ignore this unexpected event.

Is your portal managed or self-hosted?

Managed

Release tag or commit SHA (if using self-hosted version)

2.24.0

API Management service name

bbapiprod

Environment

• Operating system: Windows 11
• Browser: Edge
• Version: 119.0.2151.72

[phsmith]

I got the same behavior even though the access_token was generated successfully and the requests work fine, but the alert keeps showing in a loop.

I have tested with the latest versions of Chrome and Firefox.

Edit: I disabled the React Developer Tools extension and the alert goes away.

[gs11]

I can confirm that disabling React Developer Tools in Firefox resolves the issue for me as well.

[JakubHolovsky]

I am having the same issue on Edge however I don't have react tools installed. These are the only extensions enabled in my browser:

[sthirthala]

Please log managed portal issues to Azure support team using Support + Help link in Azure portal and select Problem Type = Developer portal.

[KrisFrost]

Update: This does not look to be a Developer portal issue but rather injected extension code triggering an event listener created for the scenario of Authorization such as with Try It.

The developer portal code for the authentication registers an event listener receiveMessage.

return new Promise(((resolve,reject)=>{ try { window.open(oauthClient.code.getUri(), "_blank", "width=400,height=500"); const receiveMessage = event=>__awaiter(this, void 0, void 0, (function*() { if (!event.data.accessToken) return void alert("Unable to authenticate due to internal error."); const accessToken = event.data.accessToken , accessTokenType = event.data.accessTokenType; resolve(${utils_1.Utils.toTitleCase(accessTokenType)} ${accessToken}) } )); window.addEventListener("message", receiveMessage, !1) } catch (error) { reject(error) } }

Setting a break point here, and then stepping through, the code triggering these event is coming from content.js from editor extension in this case. Other extensions can be debugged the same way.

For the editor extension, what appears to be doing is a grammar check on the drop-down box for either the Authorization flow dropdown or the Subscription key drop down or all of them.

It's triggering the dev portals receiveMessage eventlistener. I did find I could go into the settings and changed "This can read and change site data" to When you click the extension. This prevents the issue as well.

Additionally, you could try experiment with turning off grammar or also exclude the developer portal domain from being used by the extension which is probably the best option and still have the extension available.