Azure Government: Confidential Client is not supported in Cross Cloud request.
jacobcritch opened this issue Β· comments
Hi! π
Firstly, thanks for your work on this project! π
Today I used patch-package to patch remix-auth-microsoft@1.0.3 for the project I'm working on.
For those of us using Azure For US Government, we will encounter the following error in our session data upon redirect:
'__flash_auth:error__': {
[1] message: '{"error":"invalid_request","error_description":"AADSTS900432: Confidential Client is not supported in Cross Cloud request.
This is because .com is hardcoded in the package. Maybe we should add some flag or something based on the passed in tenant to determine whether to use .us or .com.
Here is the diff that solved my problem:
diff --git a/node_modules/remix-auth-microsoft/build/index.js b/node_modules/remix-auth-microsoft/build/index.js
index f088946..aa41ae8 100644
--- a/node_modules/remix-auth-microsoft/build/index.js
+++ b/node_modules/remix-auth-microsoft/build/index.js
@@ -8,8 +8,8 @@ class MicrosoftStrategy extends remix_auth_oauth2_1.OAuth2Strategy {
clientID,
clientSecret,
callbackURL,
- authorizationURL: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize`,
- tokenURL: `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`,
+ authorizationURL: `https://login.microsoftonline.us/${tenant}/oauth2/v2.0/authorize`,
+ tokenURL: `https://login.microsoftonline.us/${tenant}/oauth2/v2.0/token`,
}, verify);
this.name = "microsoft";
+ this.userInfoURL = "https://graph.microsoft.us/oidc/userinfo";This issue body was partially generated by patch-package.
Hi @jacobcritch π Thank you for bringing this issue to my attention. It seems like this could be easily fixed by adding a parameter you can use to define the Azure instance (.com or .us).
I will update this issue when I've come up with a solution.