Unable to link Azure Account after 1.45.1 Upgrade

[ljfraney]

• Azure Data Studio Version: 1.45.1
  • Commit: 88c21b
  • Date: 2023-08-03T00:42:37.945Z
  • VS Code: 1.79.2
  • Electron: 22.3.14
  • Chromium: 108.0.5359.215
  • Node.js: 16.17.1
  • V8: 10.8.168.25-electron-0
  • OS: Windows_NT x64 10.0.19045
• OS Version: Windows 10 Enterprise

Steps to Reproduce:

1. From "Connections" tab, click "New Connection".
2. Select "Microsoft SQL Server" for connection type, "Parameters" for input type, "Azure Active Directory - Universal with MFA support" for authentication type.
3. From the Account dropdown, select "Add an account..."

Does this issue occur when all extensions are disabled?: Yes

The "Window" output shows the following error:

Unexpected error handling Azure Account dropdown click : Error: An error occurred in MSAL library when requesting auth code URL. For more detailed information on error, please check 'Azure Accounts' output pane. 

endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://undefined/organizations/v2.0/.well-known/openid-configuration

The "Azure Accounts" output shows the following error:

[Error]: [Mon, 11 Sep 2023 13:45:35 GMT] : @azure/[email protected] : Error - A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata.
Error: Error
Error Description: Error: certificate has expired - []
[Error]: An error occurred in MSAL library when requesting auth code URL. For more detailed information on error, please check 'Azure Accounts' output pane. 

 - []
[Error]: Login failed: Error: An error occurred in MSAL library when requesting auth code URL. For more detailed information on error, please check 'Azure Accounts' output pane. 

endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://undefined/organizations/v2.0/.well-known/openid-configuration - []
[Error]: {
  "originalMessage": "endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://undefined/organizations/v2.0/.well-known/openid-configuration",
  "originalException": {
    "errorCode": "endpoints_resolution_error",
    "errorMessage": "Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://undefined/organizations/v2.0/.well-known/openid-configuration",
    "subError": "",
    "name": "ClientAuthError"
  }
} - []

I've tried the following workarounds without success:

1. Deselecting Http: System Certificates setting.
2. Deselecting Http: Proxy Strict SSL setting.
3. Deleting all files from %APPDATA%\azuredatastudio\Azure Accounts
4. Clicking "Azure Accounts: Clear Azure Account Token Cache" (This produces error "Azure Accounts: Failed to clear token cache: Error: ENOENT: no such file or directory, unlink 'C:\Users\JYF6773\AppData\Roaming\azuredatastudio\Azure Accounts\accessTokenCache'"
5. Searching for expired DigiCert certificates in the local machine certificate store.

• This issue began after upgrading from 1.42.0 to 1.45.1.
• Multiple users in my organization are reporting the same symptoms after upgrading to 1.45.1.
• My organization has strict controls around software installation, and I'm unable to install the insider build.
• This issue did not come up during our software approval UAT where 1.45.1 was a new install (not an upgrade).

[cheenamalhotra]

Hi @ljfraney

Searching for expired DigiCert certificates in the local machine certificate store.

Have you looked into any expired Trusted Root Certificate Authorities? Note they are not the same as Certificates, but the Root CA certificates, which if expired can cause this issue. More info

Secondly, does staying back on v1.42.0 work for you? (assuming you are using 'MSAL' azure.authenticationLibrary or it's default setting value)

[cheenamalhotra]

Closing as not enough info is available to investigate issue, and it's not reproducible at our end.