Getting ClientAuthError: endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again.

[hansakaRightS]

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

2.32.1

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

2.1.2

Public or Confidential Client?

Public

Description

We can see the error sometimes for some users.

Signin Failure. Error message: ClientAuthError: endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://domain/domain/b2c_1a_signup/v2.0/.well-known/openid-configuration

package.json is looks like this.

{
  "dependencies": {
      "@azure/msal-angular": "2.1.2",
      "@azure/msal-browser": "2.32.1",
  
  },
  "overrides": {
      "@azure/msal-common": "9.0.1"
    }
}

Error Message

Signin Failure. Error message: ClientAuthError: endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://domain/domain/b2c_1a_signup/v2.0/.well-known/openid-configuration

Msal Logs

No response

MSAL Configuration

{
auth: {
        clientId: clientId,
        authority: "B2C_1A_SIGNUP_SIGNIN",
        redirectUri: '/',
        navigateToLoginRequestUrl: false
    },
    cache: {
        cacheLocation: "LocalStoarage",
        storeAuthStateInCookie: false
    }
}

Relevant Code Snippets

this.adService.msalBroadcast$()
        .pipe(
          mergeMap(res => {
              if (res.eventType === EventType.LOGIN_FAILURE) {                                      
              if (res.error) {
                msg += res.error;
              }
              return of(new LogError(msg));
            }
          })
        )

Reproduction Steps

1. Log into the system

Expected Behavior

1. should be able to login without an issue

Identity Provider

Azure B2C Custom Policy

Browsers Affected (Select all that apply)

Chrome, Firefox, Edge, Safari, Internet Explorer, None (Server), Other

Regression

No response

Source

External (Customer)

[tnorling]

This happens when the openid config endpoint cannot be reached. You'll need to inspect the network traffic when this happens to determine why it failed, often it's a network connectivity issue.

As a side note, why are you overriding msal-common? We don't recommend this, it's very likely to cause unintended behavior.

[hansakaRightS]

@tnorling thanks for the reply, i will check this.

Signin Failure. Error message: ClientAuthError: endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again. Detail: ClientAuthError: openid_config_error: Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints. Attempted to retrieve endpoints from: https://domain/domain/b2c_1a_signup/v2.0/.well-known/openid-configuration

this is the all the information we cloud see on out logs, is there a way to get more information from the handleRedirectObservable() ?

msal-common we applied this as a fix for a issue we had few months ago, we yet to update the package version to the new one.

[tnorling]

Are you putting in domain/domain/ as a placeholder when posting here or is that actually in the error message? If it's actually in the error message you should check what you're passing in as the authority value, this is not a valid url.

[tnorling]

For more detail you will need to look at your network logs which you can find either in your browser dev tools or by using a tool like Fiddler

[hansakaRightS]

No i added domain for post, error msg is contains correct authority values

[lalimasharda]

Hey @HansakaSS !
Can you confirm that you are passing in known authorities? Docs

Can you please share your network logs from the browser's Dev Tools -> Network tab or you can also reproduce this issue with Fiddler running to capture the network trace and send the trace.

[hansakaRightS]

Hey @lalimasharda
here is our configuration

      const msalConfig: Configuration = {
       auth: {
           clientId: environment.activeDirectory.clientId,
           authority: `https://${environment.activeDirectory.loginDomain}/${environment.activeDirectory.domain}/B2C_1A_SIGNUP_SIGNIN`,
           knownAuthorities: [
               environment.activeDirectory.loginDomain,
               environment.activeDirectory.editDomain
           ],
           redirectUri: '/',
           navigateToLoginRequestUrl: false
       },
       cache: {
           cacheLocation: BrowserCacheLocation.LocalStorage,
           storeAuthStateInCookie: isIE
       },
       system: {
           loggerOptions: {
               loggerCallback(logLevel: LogLevel, message: string) { },
               logLevel: LogLevel.Error,
               piiLoggingEnabled: false,
           }
       }
   };
   ```
   We only can see the issue sometimes, i will investigate the network logs or fiddler like suggested. 
   

[lalimasharda]

You can share the logs via the email id linked to my account!

[microsoft-github-policy-service]

@HansakaSS This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.