ClientConfigurationError Microsoft OAuth Flow

Edo 21 Reputation points
2022-10-28T11:37:30.92+00:00

I am implementing the Microsoft Auth code flow but I am stuck with this error.

Based on this code example, here is how I am initializing the client: 

   const config = {  
     auth: {  
       clientId: process.env.MICROSOFT_CLIENT_ID,  
       authority: process.env.MICROSOFT_AUTHORITY,  
       clientSecret: process.env.MICROSOFT_CLIENT_SECRET,  
     },  
   };  
   const cca = new msal.ConfidentialClientApplication(config);

And later I want to create an authentication URL to redirect the user to: 

   const authCodeUrlParameters = {  
       scopes: ["user.read"],  
       redirectUri: "http://localhost:8080/oauth/microsoft",  
       state: 'state_here',  
     };  
     
     cca  
       .getAuthCodeUrl(authCodeUrlParameters)  
       .then((authCodeUrl) => {  
         return authCodeUrl;  
       })  
       .catch((error) => console.log(JSON.stringify(error)));

But I am getting this error: {"errorCode":"empty_url_error","errorMessage":"URL was empty or null.","subError":"","name":"ClientConfigurationError"}

Based on the docs about errors, it looks like it's thrown before requests are made when the given user config parameters are malformed or missing.

Anybody can spot where the configs are malformed?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
Accepted answer
  1. Shweta Mathur 27,141 Reputation points Microsoft Employee
    2022-10-31T13:09:23.917+00:00

    Hi @Edo ,

    Thanks for reaching out.

    The error you are getting is due to the missing configuration in the application.
    In this above-mentioned code block, the application uses MSAL to obtain an authorization code request URL which require state and nonce parameters from cache as part of authCodeUrlParameters to construct the URL.
    These cached values need to be passed as part of authCodeResponse in ClientApplicaiton.acquireTokenByCode API call, to be validated before the authorization code is sent to the server in exchange for an access token.

    Here in authCodeUrlParameters those values are missing which constructs the empty URL.

    Hope this will help to construct the correct URL.

    Thanks,
    Shweta

    -------------------------------------

    Please remember to "Accept Answer" if answer helped you.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest