Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Angular MSAL Configuration - Setting up authorityMetadata and doesn't redirect to register page. #7157

Open
hansakaRightS opened this issue Jun 11, 2024 · 0 comments
Open

Angular MSAL Configuration - Setting up authorityMetadata and doesn't redirect to register page. #7157

hansakaRightS opened this issue Jun 11, 2024 · 0 comments
Labels
b2c Related to Azure B2C library-specific issues bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@hansakaRightS
Copy link

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.0.4

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

3.1.0

Public or Confidential Client?

Public

Description

We are tying to setup a authority metadata in our angular msal configurations. we have followed this document here

we have our msal configurations setup like this

    const isIE = window.navigator.userAgent.indexOf('MSIE ') > -1 || window.navigator.userAgent.indexOf('Trident/') > -1;
    const endpoint_url = `https://${environment.activeDirectory.loginDomain}/${environment.activeDirectory.domain}`;
    const msalConfig: Configuration = {
        auth: {
            clientId: environment.activeDirectory.clientId,
            authority: `${endpoint_url}/B2C_1A_SIGNUP_SIGNIN`,
            knownAuthorities: [
                environment.activeDirectory.loginDomain,
                environment.activeDirectory.editDomain
            ],
            redirectUri: '/',
            navigateToLoginRequestUrl: false,
            authorityMetadata: `{
                "issuer": "https://${environment.activeDirectory.loginDomain}/${environment.activeDirectory.tenentId}/v2.0/",
                "authorization_endpoint": "${endpoint_url}/b2c_1a_signup_signin/oauth2/v2.0/authorize",
                "token_endpoint": "${endpoint_url}/b2c_1a_signup_signin/oauth2/v2.0/token",
                "end_session_endpoint": "${endpoint_url}/b2c_1a_signup_signin/oauth2/v2.0/logout",
                "jwks_uri": "${endpoint_url}/b2c_1a_signup_signin/discovery/v2.0/keys",
                "response_modes_supported": [ "query", "fragment", "form_post" ], "response_types_supported": [ "code", "code id_token", "code token", "code id_token token", "id_token", "id_token token", "token", "token id_token" ], "scopes_supported": [ "openid" ], "subject_types_supported": [ "pairwise" ], "id_token_signing_alg_values_supported": [ "RS256" ], "token_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic" ], "claims_supported": [ "newUser", "email", "sub", "playerId", "X-Frame-Options", "iss", "iat", "exp", "aud", "acr", "nonce", "auth_time" ]
            }`
        },
        cache: {
            cacheLocation: BrowserCacheLocation.LocalStorage,
            storeAuthStateInCookie: isIE
        },
        system: {
            loggerOptions: {
                loggerCallback(logLevel: LogLevel, message: string) { },
                logLevel: LogLevel.Error,
                piiLoggingEnabled: false,
            },
            allowNativeBroker: false
        }
    };

The problem is when we call the register we are redirected to the loigin ui.

this.msalService.loginRedirect({
        scopes: [`https://${environment.activeDirectory.domain}/${environment.activeDirectory.directoryId}/access_as_user`],
        authority: `https://${environment.activeDirectory.loginDomain}/${environment.activeDirectory.domain}/B2C_1A_SIGNUP`,
        extraQueryParameters: extraParameters
      });
  
  when we are calling this function to redirect to the register, we are redirects to the login page instead. 
  
without the  `authorityMetadata` this works without a problem. we need to add the authority meta data for a problem we are having with the login sometimes.

how do we set up the authority meta data to support both login and register and other method we may have to call?

### Error Message

No error

### MSAL Logs

No Logs

### Network Trace (Preferrably Fiddler)

- [X] Sent
- [ ] Pending

### MSAL Configuration

```javascript
const isIE = window.navigator.userAgent.indexOf('MSIE ') > -1 || window.navigator.userAgent.indexOf('Trident/') > -1;
    const endpoint_url = `https://${environment.activeDirectory.loginDomain}/${environment.activeDirectory.domain}`;
    const msalConfig: Configuration = {
        auth: {
            clientId: environment.activeDirectory.clientId,
            authority: `${endpoint_url}/B2C_1A_SIGNUP_SIGNIN`,
            knownAuthorities: [
                environment.activeDirectory.loginDomain,
                environment.activeDirectory.editDomain
            ],
            redirectUri: '/',
            navigateToLoginRequestUrl: false,
            authorityMetadata: `{
                "issuer": "https://${environment.activeDirectory.loginDomain}/${environment.activeDirectory.tenentId}/v2.0/",
                "authorization_endpoint": "${endpoint_url}/b2c_1a_signup_signin/oauth2/v2.0/authorize",
                "token_endpoint": "${endpoint_url}/b2c_1a_signup_signin/oauth2/v2.0/token",
                "end_session_endpoint": "${endpoint_url}/b2c_1a_signup_signin/oauth2/v2.0/logout",
                "jwks_uri": "${endpoint_url}/b2c_1a_signup_signin/discovery/v2.0/keys",
                "response_modes_supported": [ "query", "fragment", "form_post" ], "response_types_supported": [ "code", "code id_token", "code token", "code id_token token", "id_token", "id_token token", "token", "token id_token" ], "scopes_supported": [ "openid" ], "subject_types_supported": [ "pairwise" ], "id_token_signing_alg_values_supported": [ "RS256" ], "token_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic" ], "claims_supported": [ "newUser", "email", "sub", "playerId", "X-Frame-Options", "iss", "iat", "exp", "aud", "acr", "nonce", "auth_time" ]
            }`
        },
        cache: {
            cacheLocation: BrowserCacheLocation.LocalStorage,
            storeAuthStateInCookie: isIE
        },
        system: {
            loggerOptions: {
                loggerCallback(logLevel: LogLevel, message: string) { },
                logLevel: LogLevel.Error,
                piiLoggingEnabled: false,
            },
            allowNativeBroker: false
        }
    };

Relevant Code Snippets

this.msalService.loginRedirect({
        scopes: [`https://${environment.activeDirectory.domain}/${environment.activeDirectory.directoryId}/access_as_user`],
        authority: `https://${environment.activeDirectory.loginDomain}/${environment.activeDirectory.domain}/B2C_1A_SIGNUP`,
        extraQueryParameters: extraParameters
      });

Reproduction Steps

  1. Click on the register with authorityMetadata configurations

Expected Behavior

Should redirects to the register page.

Identity Provider

Azure B2C Custom Policy

Browsers Affected (Select all that apply)

Chrome, Firefox, Edge, Safari

Regression

No response

Source

External (Customer)
@hansakaRightS hansakaRightS added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Jun 11, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Jun 11, 2024
@github-actions github-actions bot added b2c Related to Azure B2C library-specific issues msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications labels Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
b2c Related to Azure B2C library-specific issues bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hansakaRightS