AL icon indicating copy to clipboard operation
AL copied to clipboard
verified publisher icon microsoft

AL: Publish extension without building does not work with AAD/MicrosoftEntraID authentication on-premises

Open ernestasjuska opened this issue 4 months ago • 2 comments

1. Describe the bug

AL: Publish extension without building command creates invalid authentication URI when using AAD/MicrosoftEntraID authentication on-premises.

Image 
https://login.microsoftonline.com/aspa/oauth2/v2.0/authorize
?scope=https%3a%2f%2fapi.businesscentral.dynamics.com%2f.default+openid+profile+offline_access
&response_type=code
&client_id=41839ce3-4041-4bac-8c17-0941f25d7aaf
&redirect_uri=http%3a%2f%2flocalhost%3a56282
&client-request-id=7a80a362-8b1a-4eb3-af87-b26e81f389e3
&x-client-SKU=MSAL.NetCore
&x-client-Ver=4.61.3.0
&x-client-OS=Microsoft+Windows+10.0.26100
&prompt=select_account
&code_challenge=cofsh8O26zSzHb0_cJSKaPG9eVmXshkqj8YU9F-yHOU
&code_challenge_method=S256
&state=a918ea58-a7a0-48bb-a1e6-543a8f11d0d939a798f6-c9e8-4f0e-a481-b8572bd5d3ba
&client_info=1
&sso_nonce=AwABEgEAAAADAOz_BQD0_wmLfsBDiiU1n5p_yQzQaqJu3tKxFOlXWBVwtnSXzQpPUDecFGRaBFII1_asgwdKNvglSnDrACDdirmFirWAUikgAA
&mscrid=7a80a362-8b1a-4eb3-af87-b26e81f389e3

The aspa is the on-premises BC tenant - Azure and Entra ID does not know about it so it should pass common.

Regular publishing works fine and uses this authorization URI:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize
?scope=https%3A%2F%2Fapi.businesscentral.dynamics.com%2F.default+openid+profile+offline_access
&response_type=code
&client_id=41839ce3-4041-4bac-8c17-0941f25d7aaf
&redirect_uri=http%3A%2F%2Flocalhost%3A61599
&client-request-id=00c363ee-9bbe-4d22-891c-8230e672d74b
&x-client-SKU=MSAL.NetCore
&x-client-Ver=4.61.3.0
&x-client-OS=Microsoft+Windows+10.0.26100
&prompt=select_account
&code_challenge=LY2f8M09SEVe3_MOfMpTwrBkO0dKUtMRvFZUmbWuRJY
&code_challenge_method=S256
&state=be7e1838-3292-4ed0-9779-025686583f22c273a309-d035-4531-999f-9842c813fb1e
&client_info=1

Changing tenant to common in URI lets us to autenticate but then VS Code complains: Image

2. To Reproduce Steps to reproduce the behavior:

Creating BC server with EntraID authentication is a lot of work, it is better to use existing one.

  1. Create empty app using AL: GO and remove all *.al files.
  2. Download symbols. The launch configuration must specify authentication AAD or MicrosoftEntraID.
  3. Create launch.json configuration for attaching debugger to BC web servises.
  4. Use AL: Debug without publishing command to attach debugger to BC.
  5. Use AL: Publish extension without building command to reproduce the error.

3. Expected behavior

VS Code is authenticated and the BC app is published.

4. Actual behavior

We get EntraID authentication error before we can provide our login. Image

5. Versions:

  • AL Language: 15.2.1630495
  • Visual Studio Code: 1.103.2
  • Business Central: 26.1.33404.33876
  • List of Visual Studio Code extensions that you have installed:
    • ms-dynamics-smb.al
  • Operating System:
    • [x] Windows
    • [ ] Linux
    • [ ] MacOS

Final Checklist

Please remember to do the following:

  • [x] Search the issue repository to ensure you are reporting a new issue

  • [x] Reproduce the issue after disabling all extensions except the AL Language extension

  • [x] Simplify your code around the issue to better isolate the problem

ernestasjuska avatar Aug 25 '25 11:08 ernestasjuska

Did you maybe had a debug session? I normally receive this error when I had a debug session attached and forgot about it Then when I publish again this strange error appears

duichwer avatar Sep 10 '25 15:09 duichwer

Yes, the AL: Publish extension without building command is used when debugging upgrade code. So debugger is active at that time.

ernestasjuska avatar Sep 12 '25 23:09 ernestasjuska