Not able to login with Personal accounts MSAL

[ayush4computing]

Core Library

MSAL Node (@azure/msal-node)

Core Library Version

1.17.3

Wrapper Library

Not Applicable

Wrapper Library Version

NA

Public or Confidential Client?

Confidential

Description

We are currently not able to login with personal Microsoft account, earlier it was working fine and we haven't made any code changes. Earlier it was working fine but now we are seeing this issue. Our old personal accounts are still working fine but the newly created accounts are seeing the problem.

Error Message

This is the error that we are getting

req.body [Object: null prototype] { error: 'server_error', state: 'eyJzdWNjZXNzUmVkaXJlY3QiOiIvIn0=' }

ClientAuthError: request_cannot_be_made: Token request cannot be made without authorization code or refresh token.

MSAL Logs

No response

Network Trace (Preferrably Fiddler)

• [ ] Sent
• [ ] Pending

MSAL Configuration

const endpoint = 'https://login.microsoftonline.com/common/discovery/instance';

This is the endpoint that we are using

Relevant Code Snippets

handleRedirect(options = {}) {
        return async (req, res, next) => {
            if (!req.body || !req.body.state) {
                return next(new Error('Error: response not found'));
            }

 const authCodeRequest = {
                        ...req.session.authCodeRequest,
                        code: req.body.code,
                        codeVerifier: req.session.pkceCodes.verifier,
                    };

                    const msalInstance = this.getMsalInstance(this.msalConfig);

                    if (req.session.tokenCache) {
                        msalInstance.getTokenCache().deserialize(req.session.tokenCache);
                    }

                    const tokenResponse = await msalInstance.acquireTokenByCode(authCodeRequest, req.body);

                    req.session.tokenCache = msalInstance.getTokenCache().serialize();

                    req.session.account = tokenResponse.account;
                    req.session.isAuthenticated = true;

                    const state = JSON.parse(this.cryptoProvider.base64Decode(req.body.state));
                    
                    this.acquireToken({
                        scopes: ['Test.ReadWrite'],
                        redirectUri: REDIRECT_URI,
                        successRedirect: POST_LOGOUT_REDIRECT_URI
                    })(req, res, next);
                } catch (error) {
                    console.log(error);
                    res.redirect(POST_LOGOUT_REDIRECT_URI)
                }

Reproduction Steps

1. Login in with personal microsoft account
2. It redirects back to the login page

Expected Behavior

It should logged in the user with personal account

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

Chrome

Regression

No response

[ayush4computing]

Team, this is on high priority for us.

[ayush4computing]

@ocindev @tnorling Do you guys have thoughts on this, please?

[tnorling]

The error tells you what's wrong, there's no auth code in the request you've passed to MSAL. It looks like you got a server error back from the /authorize request but without more detail I can't say what the problem is. At a minimum you should add error detection and handling to the logic you've shared here. To debug further you should collect a network trace and review it to see if that gives you more detail. If you need help with this I suggest opening a ticket with Azure support

[microsoft-github-policy-service[bot]]

@@ayush4computing This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.