azure-devops-npm-auth icon indicating copy to clipboard operation
azure-devops-npm-auth copied to clipboard

Published 20 hours ago verified publisher icon gsoft-inc

Error using refresh token

Open terwort opened this issue 3 years ago • 15 comments

Hello,

We've been using this package for a very long time, and yesterday it randomly started failing with the below error. Any idea what's going on?

Screen Shot 2022-02-02 at 3 01 40 PM

terwort avatar Feb 02 '22 21:02 terwort

Experiencing the same issue.

troywatt avatar Feb 03 '22 07:02 troywatt

I can confirm we're having the same issue. Maybe something changed on azure side?

mpm-os avatar Feb 03 '22 10:02 mpm-os

Azure DevOps deprecated TLS 1.0 and 1.1 on the 31st of January. The displayed error relates to the identifiers required in the OAuth flow so I doubt that's the problem. However I just started experiencing this same issue February 1st so the timing makes me suspicious!

MilesWellsSVT avatar Feb 03 '22 14:02 MilesWellsSVT

I believe that change was rolled back.

mpm-os avatar Feb 03 '22 15:02 mpm-os

I believe that change was rolled back.

A coworker informed me of this and I came back to edit my comment. You're on top of it!

I wonder if the Azure common tenant for logging in users via AD has changed? I can't find anything about it from a quick search but I'm not familiar with that part of the documentation either.

MilesWellsSVT avatar Feb 03 '22 17:02 MilesWellsSVT

I am experiencing this issue today, is there a workaround available?

mauve avatar Feb 07 '22 09:02 mauve

I am experiencing this issue today, is there a workaround available?

Generate an access token and stick it in your user level .npmrc

https://docs.microsoft.com/en-us/azure/devops/artifacts/npm/npmrc?view=azure-devops&tabs=linux#credentials-setup

MilesWellsSVT avatar Feb 07 '22 18:02 MilesWellsSVT

@MilesWellsSVT thanks, I should have been more precise in my comment. I was wondering if there is a workaround I can do to make this tool work again, for example change some config in Azure AD, or DevOps or so?

mauve avatar Feb 08 '22 08:02 mauve

@MilesWellsSVT thanks, I should have been more precise in my comment. I was wondering if there is a workaround I can do to make this tool work again, for example change some config in Azure AD, or DevOps or so?

Ahh. Check out the Advanced Usage. If you can create your own app that can authenticate through AD you can supply your own ids to azure-devops-npm-auth. I haven't tested this so I'm trusting the docs at their word =).

MilesWellsSVT avatar Feb 08 '22 19:02 MilesWellsSVT

Has anyone had a chance to try out Advanced Usage to create your own AD application now that it's been a week? Going to try this tomorrow having a few people come to me today and tell me it's still a problem for them.

ColinKrist avatar Feb 14 '22 22:02 ColinKrist

@ColinKrist, I've tried it out, and it works like a charm. I also created a powershell script that automates the app registration in Azure AD with the necessary admin consent grants required to allow azure-devops-npm-auth to work on your behalf.

I'm going to submit a PR with this powershell script

christianacca avatar Feb 16 '22 16:02 christianacca

That sounds awesome @christianacca!

I also feel to keep this package alive and well we should remove the default AD app since it's essentially broken and guide users to create their own AD apps in their respective tenants. It's not super bolts included as it once was, but at least new users wont be confused.

ColinKrist avatar Feb 17 '22 14:02 ColinKrist

@ColinKrist, here's the PR as promised: #29

christianacca avatar Feb 19 '22 17:02 christianacca

Thanks @christianacca I tested your script and it worked for me and I can now use azure-devops-npm-auth again.

mauve avatar Feb 20 '22 13:02 mauve

If you can't or don't want to create your own app, you can use the client_id from nuget artifacts-credprovider: 872cd9fa-d31f-45e0-9eab-6e460a02d1f1 and get the tenant_id from the response headers of your feed:

curl -v <FEED_URL> 2>&1|grep -i x-vss-resourcetenant

gentoo90 avatar Nov 19 '22 16:11 gentoo90