-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle AADSTS50105 and other login failures on client #5320
Comments
@agrahamwize Can you please share a screenshot of the error you are seeing? You can grey out the confidential parts if needed or email me here. |
This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @sameerag please follow up. |
@agrahamwize AAD adds this error and they do not relay that to I will ping the internal service teams to track this too, however we cannot fix this from MSAL. If the support channel does not help, please reach out to me (my email is in my profile) and I can redirect to them as needed. Closing this. |
Thanks @sameerag. I have a support ticket logged with them, 2211170040004474. I will let you know if there are issues working with them, per your guidance. Thanks again! |
Hi @agrahamwize. I would like to know if there ever has been a solution Microsoft gave you that works (aside from configuring it in Azure itself which is not really my use case as I need to redirect a user to another page if this error appears). |
Unfortunately not. Sounds like this happens internally in their system and is both, a) not a callback sort of notification condition and, b) not something that is returned to the client in the overall oauth response. I reckon its primary function is to make it easy to fully block apps that Azure is doing SSO for versus handling role-based authorization for custom apps. I guess the expectation is for the developer to handle that on their end instead. In your case, that would look like, 1) turning off the role assignment requirement, 2) Checking the roles returned in a successful authentication, and 3) if no roles (or maybe default access role?), redirect on the client side. |
MS confirmed, no current capability and no plan for implementing. |
Core Library
MSAL.js v2 (@azure/msal-browser)
Core Library Version
2.28.3
Wrapper Library
MSAL React (@azure/msal-react)
Wrapper Library Version
1.4.7
Public or Confidential Client?
Public
Description
Hi there,
At times, we have users receive the AADSTS50105 error message for their login request because the client they are logging into does not contain any role assignments and we are blocking logins with no role assignments. However, this message by default provides sensitive information to the end user and our government client would prefer the message/functionality be far more general so as not to expose client ids, etc.
It does not appear that there is a corresponding callback event to intercept this message via addEventCallback or handleRedirectPromise. I need to identify a way to intercept this error and avoid presenting the default message.
Any guidance would be appreciated.
Thanks!
Adam.g
MSAL Configuration
Relevant Code Snippets
No response
Identity Provider
Azure AD / MSA
Source
External (Customer)
The text was updated successfully, but these errors were encountered: