nuxt-auth-utils icon indicating copy to clipboard operation
nuxt-auth-utils copied to clipboard

Published 20 hours ago verified publisher icon Atinux

AADSTS90015: Requested query string is too long

Open AndrewR3K opened this issue 1 year ago • 5 comments

I am running into an issue where end users are hitting this error AADSTS90015: Requested query string is too long when redirected to the AD login.

After digging further into the issue, I noticed that for some odd reason, the "scope" is being appended over 70+* to the authorizationURL.

Has anyone run into this? And if so, do you have a resolution?

Since this has been extremely hard to consistently reproduce, I have been banging my head against a while all day and have yet to find the root cause.

Thanks in advance for the help!

https://login.microsoftonline.com/<redacted>/oauth2/v2.0/authorize?client_id=<redacted>&response_type=code&redirect_uri=https:%2F%2Ftesturl.azurestaticapps.net%2Fauth%2Fmicrosoft&scope=Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.Alne_access+Group.Read.All+User.Read+User.ReadBasic.Al+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.ll+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offfline_access+Group.Read.All+User.Read+User.ReadBasifline_access+Group.Read.All+User.Read+User.ReadBasid.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBac.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+emailil+offline_access+Group.Read.All+User.Read+User.Read+offline_access+Group.Read.All+User.Read+User.ReadB.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.Reasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+em+email+offline_access+Group.Read.All+User.Read+User.ail+offline_access+Group.Read.All+User.Read+User.Reroup.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+UseadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openidenid+email+offline_access+Group.Read.All+User.Read+U+email+offline_access+Group.Read.All+User.Read+Userss+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+opee+openid+email+offline_access+Group.Read.All+User.Renid+email+offline_access+Group.Read.All+User.Read+Uaccess+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.ser.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+ofile+openid+email+offline_access+Group.Read.All+Useopenid+email+offline_access+Group.Read.All+User.Reaine_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+Ud+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profil+profile+openid+email+offline_access+Group.Read.Allle+openid+email+offline_access+Group.Read.All+User.offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.ARead+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+prc.All+profile+openid+email+offline_access+Group.Readofile+openid+email+offline_access+Group.Read.All+Usail+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Reer.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.AllBasic.All+profile+openid+email+offline_access+Group.+profile+openid+email+offline_access+Group.Read.Alld+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Grou+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.ReadBasic.All+profile+openid+email+offline_access+GrAll+profile+openid+email+offline_access+Group.Read.penid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasser.ReadBasic.All+profile+openid+email+offline_accesic.All+profile+openid+email+offline_access+Group.Rele+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_accad.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.Readad+User.ReadBasic.All+profile+openid+email+offline_aBasic.All+profile+openid+email+offline_access+Grouprofile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.Rr.Read+User.ReadBasic.All+profile+openid+email+offlieadBasic.All+profile+openid+email+offline_access+Grll+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offoup.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+Use+User.Read+User.ReadBasic.All+profile+openid+email+or.ReadBasic.All+profile+openid+email+offline_accessic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read

AndrewR3K avatar Oct 14 '24 22:10 AndrewR3K

Weirdly it seems the following changes has "resolved" the issue for now, this of course though is not ideal.

I have yet to figure out exactly WHY this is causing sporadic duplicate scopes.

  1. Hard coded scope Example:
// removed:       const scope = config.scope && config.scope.length > 0 ? config.scope : ['User.Read']

return sendRedirect(
        event,
        withQuery(authorizationURL as string, {
          client_id: config.clientId,
          response_type: 'code',
          redirect_uri: redirectURL,
          scope: 'Group.Read.All User.Read User.ReadBasic.All profile openid email offline_access',
        }),
      )
  1. Removed the spread opp
...config.authorizationParams,

AndrewR3K avatar Oct 23 '24 17:10 AndrewR3K

Any ideas or updates on this one? Thanks again for this wonderful package.

AndrewR3K avatar Dec 04 '24 22:12 AndrewR3K

Sorry for the late answer, this is quite weird as the authorizationParams should be empty, could you console.log it?

atinux avatar Dec 09 '24 11:12 atinux

I'm facing the same issue, which causes a 400 Bad Request - Request Header too large

Degoya-Studio avatar Mar 03 '25 15:03 Degoya-Studio

I'm also facing this issue, scope values are duplicated after each /auth/login HTTP requests. If the application is restarted, it's back to original value.

PS: using auth0 provider

clementguillot avatar May 28 '25 08:05 clementguillot