Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

createNestablePublicClientApplication configured redirectUri is ignored #7590

Open
2 tasks
jan-toepper-hornetsecurity-com opened this issue Feb 25, 2025 · 1 comment
Open
2 tasks

createNestablePublicClientApplication configured redirectUri is ignored #7590

jan-toepper-hornetsecurity-com opened this issue Feb 25, 2025 · 1 comment
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@jan-toepper-hornetsecurity-com
Copy link

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

4.0.2

Wrapper Library

Not Applicable

Wrapper Library Version

None

Public or Confidential Client?

Public

Description

The provided redirectURI in createNestablePublicClientApplication is ignored and the user gets redirected back to the current page.

Error Message

The redirect URI "brk-multihub://localhost:4200" is set in the auth config and in the returned controller instance from the createNestablePublicClientApplication function.
Image

But the used acquireTokenSilent method from the controller instance ignores this configuration and sets, in the POST request, the redirect URI to the current page (brk-multihub://localhost:3000) instead.

Request: https://login.microsoftonline.com/bf27b2d4-d749-45a5-8306-f33ea11345de/oauth2/v2.0/token?client-request-id=01953d95-ecee-7520-bfdb-ab646cca2b67

Payload:
client_id=2a0bdc00-7caf-4f1d-a0a0-c7f48f3ddf2b redirect_uri=brkmultihub%3A%2F%2Flocalhost%3A3000 scope=Application.Read.All%20MailboxSettings.Read%20Mail.ReadWrite%20Mail.Send%20openid%20profile%20offline_access grant_type=refresh_token client_info=1 x-client-SKU=msal.js.browser x-client-VER=4.0.2 x-ms-lib-capability=retry-after, h429 x-client-current-telemetry=5|61,0,,,|, x-client-last-telemetry=5|0|||0,0 refresh_token=1.AUEB1LInv0nXpUWDBvM-oRNF3iC_mZE_oQdBhdwCEUeH70hCAeRBAQ.AgABAwEAAABVrSpeuWamRam2jAF1XRQEAwDs_wUA9P_ylD0iUNeHkvGmGlqh6kzkf3znfqTsx5RH9DeQ3_UxxHy1jaYSCamatvjHLzy1hk7l3tRckIxnTGYl5XTTYeNABqkusNrvzJPt5YdXd7b7IpS9g_97iHB1X6WpWTzP3vZZXCW5S5DWZ2JNF8NN4d1S8pICsAoMMqMPS2rLOz35KTRsa1RDvRn3v36044hh_v-KLEQ6oCi6FoqdTXv9mP9LfCMUD2Z3IGlmjMGcy2WU3QDNFRySeAb0-5KLstG-MhE5nS3OIIpkZ5VIdNgYQ7rQqU9SWQLILBoTvGQtoBgbvgCXfTmzzE0T44_lt2ByeRCFMGHNI6ctR6R66LUbIiRgS-E03krAisi-6h1vxYf5UWUaXTwpAfKUF4Z1g_qc_TMYUGutDPPwJs2xF6el8Sh5T8UqETwHc4t5vCUsNAIzWnoweFdfKzFQdYgiFjn3gRNJH972mMJt5Gqf6uRR_ashATOHQ9x0D2RNge8B27ZHvvE0U_0eyFAZ4hSKp0wSWed-F-iULZvR1smPi5d6n7bdv-4aa3jg0ZiewdA8V0u908zPa2p0DDCwlRllky6xWPGmjsmKyVPhmQYbyzxR9fLhF4tt5mar_8OIWhJMEFD6A08Mu4dHtymY4TZAPBseQsN7a7A9sZT2ycaSRD4PG1qWKylmgK68sYh4xvy0nSRdnWdBi486k_H1PzuYLByL5EVlFD-Z0PicfdSC3KahF8x5oWOlvJeQaGDv4cBK2Vle9vjlATjKOkRpyEad7iRyv5fmnJ6StExaLyR0OiH-aWrtaaddFQ4s8d_1HEN5jZ0TaYapASgk4Yqb3Zv36BqkbOU4On1EtdY6ECvGyjbgTbUyRF4uz6oi4ras5YWwx3VZFCUug3Wqj-MMRsG1Vk5dsFzMVU6sqm2dS5OEJgvBdfhraw claims=%7B%22access_token%22%3A%7B%22xms_cc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D X-AnchorMailbox=Oid%3Af3228d3f-5321-43fc-a103-2c946cd4ec93%40bf27b2d4-d749-45a5-8306-f33ea11345de brk_client_id=9199bf20-a13f-4107-85dc-02114787ef48 brk_redirect_uri=https://outlook.office.com/mail/oauthRedirect.html

MSAL Logs

Info - [Tue, 25 Feb 2025 14:50:34 GMT] : [] : @azure/[email protected] : Info - Nested App Auth Bridge available: true

Error - [Tue, 25 Feb 2025 15:19:38 GMT] : [] : @azure/[email protected] : Error - Cached tokens are not found for the account, proceeding with silent token request.

Info - [Tue, 25 Feb 2025 15:19:38 GMT] : [] : @azure/[email protected] : Info - BrowserCacheManager: removeTokenKey - attempting to remove accessToken with key: f3228d3f-5321-43fc-a103-2c946cd4ec93.bf27b2d4-d749-45a5-8306-f33ea11345de-login.windows.net-accesstoken-2a0bdc00-7caf-4f1d-a0a0-c7f48f3ddf2b-bf27b2d4-d749-45a5-8306-f33ea11345de-application.read.all files.read mail.read mail.readbasic mail.readwrite mail.readwrite.shared mail.send mail.send.shared mailboxsettings.read openid profile user.read email-- from map

Info - [Tue, 25 Feb 2025 15:19:38 GMT] : [] : @azure/[email protected] : Info - BrowserCacheManager: removeTokenKey - accessToken removed from map

Info - [Tue, 25 Feb 2025 15:19:38 GMT] : [] : @azure/[email protected] : Info - BrowserCacheManager: addTokenKey - accessToken added to map

Network Trace (Preferrably Fiddler)

  • Sent
  • Pending

MSAL Configuration

{
    auth: {
        clientId: "2a0bdc00-7caf-4f1d-a0a0-c7f48f3ddf2b",
        authority: "https://login.microsoftonline.com/organizations",
        redirectUri: "brk-multihub://localhost:4200",
    },
}

Relevant Code Snippets

const pca = await createNestablePublicClientApplication({
    auth: {
        clientId: "<APP_ID_OF_CDX_TENANT>",
        authority: "https://login.microsoftonline.com/organizations",
        redirectUri: "brk-multihub://localhost:4200",
    },
});

const tokenRequestPayload = {
    scopes: [
        "Application.Read.All",
        "MailboxSettings.Read",
        "Mail.ReadWrite",
        "Mail.Send",
     ],
};

await pca.acquireTokenSilent(tokenRequestPayload);

Reproduction Steps

  1. Sideload a local test add-in in Outlook OWA
  2. Execute the provided code snippet
  3. Investigate the network tabs and compare the redirect URL provided in the request with the configured redirect URI

Expected Behavior

The acquireTokenSilent method from the controller instance should provide the configured redirect URI (in this case "brk-multihub://localhost:4200") in the request instead of the current URI (in this case "brk-multihub://localhost:3000").

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

Firefox

Regression

No response
@jan-toepper-hornetsecurity-com jan-toepper-hornetsecurity-com added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Feb 25, 2025
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Feb 25, 2025
@github-actions github-actions bot added msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications labels Feb 25, 2025
@jan-toepper-hornetsecurity-com
Copy link
Author

I've tested it with navigateToLoginRequestUrl: false, but it doesn't change the mentioned behavior.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jan-toepper-hornetsecurity-com