Please provide us with the following information:

This issue is for a: (mark with an x)

- [X] bug report -> please search issues before submitting
- [ ] feature request
- [X] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

I followed tutorial at https://github.com/azure-samples/ms-identity-ciam-javascript-tutorial/tree/main/2-Authorization/2-call-api-angular, I am able to run the solution and launch the angular, when I click login I am forwarded to microsoft login prompt.

This is the url at this time which shows a correct redirect uri (in my opinion localhost/auth)

REDACTED

But after logging in I get a screen saying
We're unable to complete your request
invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.

In the configuration of the spa we can see the redirect urls configured correctly :

Any log messages given by the failure

invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.

Expected/desired behavior

redirect to spa /auth path.

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)
Windows 11

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

Please provide us with the following information:

This issue is for a: (mark with an x)

- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Followed instructions in README.md for the sample in a trial Entra tenant. App registrations created and config files updated.
Both dotnet (API) and node (SPA) samples running
Visited localhost:3000 and clicked the 'Sign-in' link. Small pop-up (size of normal 'login or register' or 'pick account' style screen) flashed momentarily then closed before loading any content.

Any log messages given by the failure

AADSTS50049: Unknown or invalid instance

{
"error": "invalid_instance",
"error_description": "AADSTS50049: Unknown or invalid instance. Trace ID: 4bb4a35a-fe66-4c56-b09b-754782482900 Correlation ID: 57cc2ed3-5425-47ae-bec5-46115860868b Timestamp: 2023-11-27 15:26:54Z",
"error_codes": [
50049
],
"timestamp": "2023-11-27 15:26:54Z",
"trace_id": "4bb4a35a-fe66-4c56-b09b-754782482900",
"correlation_id": "57cc2ed3-5425-47ae-bec5-46115860868b",
"error_uri": "https://login.microsoftonline.com/error?code=50049"
}

Expected/desired behavior

Login/register popup expected to load

OS and Version?

Windows 11 23H2 22631.2787; Node v21.2.0

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [x] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

In Tutorial: Prepare a React single-page app (SPA) for authentication in a customer tenant, code for claimUtil.js was not provided.

Any log messages given by the failure

N/A

Expected/desired behavior

Should provide code for claimUtil.js

OS and Version?

N/A

Versions

N/A

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

Recently, the domain ciamlogin.com was flagged by multiple sites and propagated into chrome and safari on iphone showing red screen as attached. My company Cisco Umbrella shows it as phishing site. I can't proceed with using my trial tenant or this sample. Any information would be appreciated. I've submitted an Azure Q&A in the Community yesterday. No reply yet.

Please provide us with the following information:

This issue is for a: (mark with an x)

- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

I followed along with the tutorial provided at this website: https://learn.microsoft.com/en-us/entra/external-id/customers/sample-web-app-node-sign-in

I have confirmed several times that the redirect URI - http://localhost:3000/auth/redirect - which is identical to the tutorial, is exactly correct in my configuration of the Web Redirect URI on Azure, and present in the body of the URL request (redacted / shortened version below).

https://##########.ciamlogin.com/#############/oauth2/v2.0/authorize?client_id=#######&scope=openid%20profile%20offline_access&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fredirect&client-request-id=etc., etc.

I have found several StackOverflows, Microsoft Community Submissions, etc. dating the last 4 years with similar issues. Each solution appears to be unique and not a global resolution to the problem.

Any log messages given by the failure

The error message provided is:
invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.

Expected/desired behavior

That the error message contain the actual values of the URIs (so that the developer can more easily identify where there is an inconsistency), or for this issue to be investigated in case there is a bigger issue at hand here.

I can see throughout logging during the application that the redirect URI is always the same value, all the way through it landing in the parameters of the URL, and I have confirmed that it is exactly correct in the Azure configuration. I've poked this every which way the last few hours and am stumped.

OS and Version?

macOS Sonoma

Versions

Microsoft Edge, v 120
Azure msal-node v. 2.6.4 (tested on version 1.17.2 and had the same response)

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

Migrate non-Open Source or non-External Collaboration repositories to GitHub inside Microsoft

In order to protect and secure Microsoft, private or internal repositories in GitHub for Open Source, which are not related to open source projects or requiring collaboration with 3rd parties (customer, partners, etc.) must be migrated to GitHub inside Microsoft a.k.a GitHub Enterprise Cloud with Enterprise Managed User (GHEC EMU).

Action

✍️ Please RSVP to opt-in or opt-out of the migration to GitHub inside Microsoft.

❗Only users with admin permission in the repository are allowed to respond. Failure to provide a response will result to your repository getting automatically archived.🔒

Instructions

Reply with a comment on this issue containing one of the following optin or optout command options below.

✅ Opt-in to migrate

@gimsvc optin --date <target_migration_date in mm-dd-yyyy format>

Example: @gimsvc optin --date 03-15-2023

OR

❌ Opt-out of migration

@gimsvc optout --reason <staging|collaboration|delete|other>

Example: @gimsvc optout --reason staging

Options:

• staging : My project will ship as Open Source
• collaboration : Used for external or 3rd party collaboration with customers, partners, suppliers, etc.
• delete : This repository will be deleted because it is no longer needed.
• other : Other reasons not specified

Need more help? 🖐️

• Email [email protected]. ✉️
• Post your questions in GitHub inside Microsoft Team in Microsoft Teams. 🗨️

https://github.com/Azure-Samples/ms-identity-ciam-javascript-tutorial/blob/main/1-Authentication/1-sign-in-react/README.md#create-user-flows (which links this dead tutorial)

Sort of pivotal links to this tutorial's usefulness could be updated

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [x] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Please provide us with the following information:
Scope Formatting in CIAM Tenants has changed to api:{app_id}

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Any log messages given by the failure

Expected/desired behavior

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [x] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

I just cloned your repo & trying SSO authentication (msal) in react SPA.
I updated my client id & respective autority with tenant id, but i;m unable to perform SSO, can you please help?
Folder path : ms-identity-ciam-javascript-tutorial-main\1-Authentication\1-sign-in-react\SPA

Any log messages given by the failure

Expected/desired behavior

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Add Google as an external authentication provider, add it to the user flow and use it to authenticate

Any log messages given by the failure

\ms-identity-ciam-javascript-tutorial\2-Authorization\4-call-api-express\App\auth\AuthProvider.js:130
codeVerifier: req.session.pkceCodes.verifier, // PKCE Code Verifier
^

TypeError: Cannot read properties of undefined (reading 'verifier')
at AuthProvider.handleRedirect (C:\GitHub\ms-identity-ciam-javascript-tutorial\2-Authorization\4-call-api-express\App\auth\AuthProvider.js:130:49)
at exports.handleRedirect (C:\GitHub\ms-identity-ciam-javascript-tutorial\2-Authorization\4-call-api-express\App\controller\authController.js:8:25)
at Layer.handle [as handle_request] (C:\GitHub\ms-identity-ciam-javascript-tutorial\2-Authorization\4-call-api-express\App\node_modules\express\lib\router\layer.js:95:5)
at next (C:\GitHub\ms-identity-ciam-javascript-tutorial\2-Authorization\4-call-api-express\App\node_modules\express\lib\router\route.js:144:13)
at Route.dispatch (C:\GitHub\ms-identity-ciam-javascript-tutorial\2-Authorization\4-call-api-express\App\node_modules\express\lib\router\route.js:114:3)
at Layer.handle [as handle_request] (C:\GitHub\ms-identity-ciam-javascript-tutorial\2-Authorization\4-call-api-express\App\node_modules\express\lib\router\layer.js:95:5)
at C:\GitHub\ms-identity-ciam-javascript-tutorial\2-Authorization\4-call-api-express\App\node_modules\express\lib\router\index.js:284:15
at Function.process_params (C:\GitHub\ms-identity-ciam-javascript-tutorial\2-Authorization\4-call-api-express\App\node_modules\express\lib\router\index.js:346:12)
at next (C:\GitHub\ms-identity-ciam-javascript-tutorial\2-Authorization\4-call-api-express\App\node_modules\express\lib\router\index.js:280:10)
at Function.handle (C:\GitHub\ms-identity-ciam-javascript-tutorial\2-Authorization\4-call-api-express\App\node_modules\express\lib\router\index.js:175:3)

Expected/desired behavior

Not to crash

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

Windows 11

Mention any other details that might be useful

I changed the line to "codeVerifier: req.session.pkceCodes.verifier || 'Not verified', // PKCE Code Verifier" just to be able to continue with Entra External ID testing.

---

Thanks! We'll be in touch soon.

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Any log messages given by the failure

Expected/desired behavior

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.