Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error getting auth URL due to untrusted authority #60

Closed
ubukawa opened this issue Jan 8, 2021 · 8 comments
Closed

Error getting auth URL due to untrusted authority #60

ubukawa opened this issue Jan 8, 2021 · 8 comments
Labels
resolved Issue is resolved: answer provided or fix incoming

Comments

@ubukawa
Copy link

ubukawa commented Jan 8, 2021

Hello. I followed your tutorial and tried to build a server. (my own APP_ID, APP_SECRET and AUTHRITY in .env)

When I started the server, once I logged in, it returned the Error getting auth URL as below.
2021-01-08
(Strangely, if I start the server with sudo privilege, it works without error.)

I am not sure but it seems that the provided authoirty in .env is not regarded as a trusted authority.
If possible, please advise me how I can include this authority in the knownAuthorities config parameter?

Thank you for your kind attention!
@ghost ghost added the needs triage 🔍 New issue, needs triage label Jan 8, 2021
@jasonjoh
Copy link
Member

What value do you have for OAUTH_AUTHORITY?

@jasonjoh jasonjoh added needs author feedback Waiting for author (creator) of issue to provide more info and removed needs triage 🔍 New issue, needs triage labels Jan 13, 2021
@ubukawa
Copy link
Author

ubukawa commented Jan 13, 2021
edited

Thank you jasonjoh for your response. I am establishing a server internally, but I am using the tenant ID provided by my colleague as below.
OAUTH_AUTHORITY={tenandID}

@ghost ghost added needs attention 👋 Waiting on Microsoft to provide feedback and removed needs author feedback Waiting for author (creator) of issue to provide more info labels Jan 13, 2021
@jasonjoh
Copy link
Member

Hmm. Are you sure the tenant ID is correct? I've never seen this error or had to do any configuration of "knownAuthorities", not sure where that setting is.

@jasonjoh jasonjoh added needs author feedback Waiting for author (creator) of issue to provide more info and removed needs attention 👋 Waiting on Microsoft to provide feedback labels Jan 14, 2021
@ubukawa
Copy link
Author

ubukawa commented Jan 14, 2021

Thank you. I confirmed that the tenant ID is correct.
Now, I realized that my situation was a little tricky, compared with your tutorial.
As I needed to run the server as a non-root user, I made node.js to listen the port by setting the capabilities command (setcap).

Is it mandatory to run the server as a root user?

@ghost ghost added needs attention 👋 Waiting on Microsoft to provide feedback and removed needs author feedback Waiting for author (creator) of issue to provide more info labels Jan 14, 2021
@jasonjoh
Copy link
Member

It should not be mandatory to run the server as a privileged user, but I'm guessing you were setting the port to something other than the 3000 default? I believe that you do have to run as a privileged user to use the default HTTP/HTTPS ports on Linux.

@jasonjoh jasonjoh added needs author feedback Waiting for author (creator) of issue to provide more info and removed needs attention 👋 Waiting on Microsoft to provide feedback labels Jan 15, 2021
@errorstudent
Copy link

I did not change the value of AUTHORITY same as documentation, but I also got the same issue.

@jasonjoh
Copy link
Member

@errorstudent can you provide more information? What OS are you running on? Have you changed the default port?

AzureAD/microsoft-authentication-library-for-js#2600 seems relevant

@ubukawa
Copy link
Author

ubukawa commented Jan 15, 2021

Dear jasonjoh, Thank you for your advise.
Yes, I used the port 80 and 443 for web hosting.
With these ports, a simple hosting by nodejs/express worked well without sudo privilege by using setcap command.
But, I now think setcap would be not enough for using Azure AD authentication at such well know ports. Thank you!
(I somehow understood the situation. Please feel free to close this issue once you finished the discussion with other colleague. Thank you!)

@ghost ghost added needs attention 👋 Waiting on Microsoft to provide feedback and removed needs author feedback Waiting for author (creator) of issue to provide more info labels Jan 15, 2021
@jasonjoh jasonjoh added resolved Issue is resolved: answer provided or fix incoming and removed needs attention 👋 Waiting on Microsoft to provide feedback labels Jan 15, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Feb 9, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
resolved Issue is resolved: answer provided or fix incoming
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@errorstudent @jasonjoh @ubukawa