I have implemented Azure authentiation in web API created in angular 10 application. While authenticating using URL "https://login.microsoftonline.com/" I am getting Request failed with status 400 inside MSAL-NODE while calling networkClient.sendPostRequestAsync(tokenEndpoint, options). Here is detailed error I am getting and code snippet. I am using @azure/msal-node@2.15.0
Code:
async callMSClient(): Promise<any> {
const msalConfig = {
auth: {
clientId: config.get("msConfig.clientId"),
authority: config.get("msConfig.aadEndPoint") + config.get("msConfig.tenantId"),
clientSecret: config.get("msConfig.clientSecret"),
redirectUri: config.get("msConfig.redirectUri"),
knownAuthorities: ["login.microsoftonline.com"]
}
};
const tokenRequest = {
scopes: [config.get("msConfig.graphEndPoint") + '.default'],
};
const cca = new msal.ConfidentialClientApplication(msalConfig);
return cca.acquireTokenByClientCredential(tokenRequest).then(data => {
return data;
}).catch(e=>{
console.log(e);
});
}Error:
ClientAuthError: network_error: Network request failed
at createClientAuthError (C:\Project\AngTest\node_modules\@azure\msal-common\dist\error\ClientAuthError.mjs:255:12)
at NetworkManager.sendPostRequest (C:\Project\AngTest\node_modules\@azure\msal-common\dist\network\NetworkManager.mjs:35:23)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at ClientCredentialClient.executePostToTokenEndpoint (C:\Project\AngTest\node_modules\@azure\msal-common\dist\client\BaseClient.mjs:79:26)
at ClientCredentialClient.executeTokenRequest (C:\Project\AngTest\node_modules\@azure\src\client\ClientCredentialClient.ts:295:30)
at ConfidentialClientApplication.acquireTokenByClientCredential (C:\Project\AngTest\node_modules\@azure\src\client\ConfidentialClientApplication.ts:166:20) {
errorCode: 'network_error', errorMessage: 'Network request failed', subError: '', correlationId: 'ef035f69-5522-4224g-633s-ccddd950b2hg'
When I deep dive into error list, while debugging I found two error infact, one is error 400 stating bad request and another is "Self Singed In Certificate Chain" error which seems I have to install a certificate in my local machine for localhost.
Here is the alternate for the problem I applied to solution.I acknowldge that @sridevi solution should work mostly but I had another problem also which I found only after deep dive. Posting if someone else is facing similar problem.
Below code worked for me.
I used grant_type:"client_credentials" and added custom agent const agent=new https.Agent({rejectUnauthorized:false}) to disable Self Signed in Certificate chain error. This is not recommended but for testing on localhost it worked for me. In higher environment you should add verified certificate from CA.
async callApi(accessToken) {
const agent=new https.Agent({rejectUnauthorized:false});
const url= "https://login.microsoftonline.com/{{id}}/oauth2/v2.0/token";
const body = new URLSearchParams({
client_id: config.get("msConfig.clientId"),
grant_type:"client_credentials",
client_secret: config.get("msConfig.clientSecret"),
scope:"https://graph.microsoft.com/.default"
})
try {
const response = await axios.post (url, body, {
responseType:"json",
headers:{
'Content-Type': 'application/x-www-form-urlencoded'
},httpsAgent: agent});
return {accessToken: response.data.access_token,
status: response.status
};
} catch (error) {
console.log(error)
return error;
}
}