Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exception is thrown in acquireTokenByClientCredential if authority ends with /consumers when use personal tenant account #7528

Open
2 tasks
star-starry-sea opened this issue Jan 24, 2025 · 0 comments
Open
2 tasks

Exception is thrown in acquireTokenByClientCredential if authority ends with /consumers when use personal tenant account #7528

star-starry-sea opened this issue Jan 24, 2025 · 0 comments
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed confidential-client Issues regarding ConfidentialClientApplications msal-node Related to msal-node package Needs: Attention 👋 Awaiting response from the MSAL.js team question Customer is asking for a clarification, use case or information.

Comments

@star-starry-sea
Copy link

star-starry-sea commented Jan 24, 2025
edited
Loading

Core Library

MSAL Node (@azure/msal-node)

Core Library Version

3.1.0

Wrapper Library

Not Applicable

Wrapper Library Version

None

Public or Confidential Client?

Confidential

Description

Hello!
The issue "Exception is thrown in acquireTokenByClientCredential if tenantId is missing #5805" added a check for legal tenantId values ​​(prohibiting the case where the value is consumers). However, when the azure application option is only for individual tenants, tenantId (parse from the end of authority) may be consumers, as mentioned in the official nodejs (server) usage sample. Therefore, writing this in the current version will produce an exception without tenantId, which is not expected.

Error Message

D:\Projects\Webstorm\untitled\node_modules@azure\msal-node\lib\msal-node.cjs:861
return new ClientAuthError(errorCode, additionalMessage);
^

ClientAuthError: missing_tenant_id_error: A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.
at createClientAuthError (D:\Projects\Webstorm\untitled\node_modules@azure\msal-node\lib\msal-node.cjs:861:12)
at ConfidentialClientApplication.acquireTokenByClientCredential (D:\Projects\Webstorm\untitled\node_modules@azure\msal-node\lib\msal-node.cjs:11616:19)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
errorCode: 'missing_tenant_id_error',
errorMessage: 'A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.',
subError: ''
Node.js v20.15.1

MSAL Logs

[Fri, 24 Jan 2025 13:07:47 GMT] : [] : @azure/[email protected] : Info - acquireTokenByClientCredential called
[Fri, 24 Jan 2025 13:07:47 GMT] : [] : @azure/[email protected] : Verbose - initializeRequestScopes called
D:\Projects\Webstorm\untitled\node_modules@azure\msal-node\lib\msal-node.cjs:861
return new ClientAuthError(errorCode, additionalMessage);
^

ClientAuthError: missing_tenant_id_error: A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.
at createClientAuthError (D:\Projects\Webstorm\untitled\node_modules@azure\msal-node\lib\msal-node.cjs:861:12)
at ConfidentialClientApplication.acquireTokenByClientCredential (D:\Projects\Webstorm\untitled\node_modules@azure\msal-node\lib\msal-node.cjs:11616:19)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
errorCode: 'missing_tenant_id_error',
errorMessage: 'A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.',
subError: ''
Node.js v20.15.1

Network Trace (Preferrably Fiddler)

  • Sent
  • Pending

MSAL Configuration

{
    auth: {
        clientId: "clientId",
        authority: "https://login.microsoftonline.com/consumers",
        clientSecret: "clientSecret"
    }
}

Relevant Code Snippets

const msal = require('@azure/msal-node');

const msalConfig = {
    auth: {
        clientId: "clientId",
        authority: "https://login.microsoftonline.com/consumers",
        clientSecret: "clientSecret"
    },
    system: {
        loggerOptions: {
            loggerCallback(loglevel, message, containsPii) {
                console.log(message);
            },
            piiLoggingEnabled: false,
            logLevel: msal.LogLevel.Verbose,
        }
    }
};

const cca = new msal.ConfidentialClientApplication(msalConfig);

const tokenRequest = {
    scopes: [ 'https://graph.microsoft.com/.default' ],
};

cca.acquireTokenByClientCredential(tokenRequest).then(res => {
    console.log(res)
})

Reproduction Steps

  1. Use the "Relevant Code Snippets" above.
  2. Install the latest "@azure/msal-node".
  3. Replace the clientId and clientSecret with your own.
  4. Run the code;

Expected Behavior

Like the version below 2.0. It will not throw an error. It will send the request and print the response successfully.

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

None (Server)

Regression

@azure/msal-node 2.0.0
@star-starry-sea star-starry-sea added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Jan 24, 2025
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Jan 24, 2025
@github-actions github-actions bot added confidential-client Issues regarding ConfidentialClientApplications msal-node Related to msal-node package labels Jan 24, 2025
@star-starry-sea star-starry-sea mentioned this issue Jan 25, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed confidential-client Issues regarding ConfidentialClientApplications msal-node Related to msal-node package Needs: Attention 👋 Awaiting response from the MSAL.js team question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@star-starry-sea