Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] AcquireTokenInteractive with loopback address as redirect URI is ignored #539

Open
1 of 8 tasks
armbzk opened this issue Dec 2, 2024 · 0 comments
Open
1 of 8 tasks

[Bug] AcquireTokenInteractive with loopback address as redirect URI is ignored #539

armbzk opened this issue Dec 2, 2024 · 0 comments
Labels
bug Something isn't working p2 public-client

Comments

@armbzk
Copy link

armbzk commented Dec 2, 2024

Which version of MSAL Go are you using?

Microsoft Authentication Library for Go 1.3.2

Where is the issue?

  • Public client
    • Device code flow
    • Username/Password (ROPC grant)
    • Authorization code flow
  • Confidential client
    • Authorization code flow
    • Client credentials:
      • client secret
      • client certificate
  • Token cache serialization
    • In-memory cache
  • Other (please describe)

Is this a new or an existing app?

c. This is a new app or an experiment.

What version of Go are you using (go version)?

go version go1.21.1

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE=
GOARCH=amd64
GOBIN=
GOCACHE=C:\Users\armbzk\AppData\Local\go-build
GOENV=C:\Users\armbzk\AppData\Roaming\go\env
GOEXE=.exe
GOEXPERIMENT=
GOFLAGS=
GOHOSTARCH=amd64
GOHOSTOS=windows
GOINSECURE=
GOMODCACHE=C:\Users\armbzk\go\pkg\mod
GONOPROXY=
GONOSUMDB=
GOOS=windows
GOPATH=C:\Users\armbzk\go
GOPRIVATE=
GOPROXY=https://proxy.golang.org,direct
GOROOT=C:\Program Files\Go
GOSUMDB=sum.golang.org
GOTMPDIR=
GOTOOLCHAIN=auto
GOTOOLDIR=C:\Program Files\Go\pkg\tool\windows_amd64
GOVCS=
GOVERSION=go1.21.1
GCCGO=gccgo
GOAMD64=v1
AR=ar
CC=gcc
CXX=g++
CGO_ENABLED=1
GOMOD=D:\gitea\armbzk\cli-auth\go.mod
GOWORK=
CGO_CFLAGS=-O2 -g
CGO_CPPFLAGS=
CGO_CXXFLAGS=-O2 -g
CGO_FFLAGS=-O2 -g
CGO_LDFLAGS=-O2 -g
PKG_CONFIG=pkg-config
GOGCCFLAGS=-m64 -mthreads -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=C:\Users\armbzk\AppData\Local\Temp\go-build1100814025=/tmp/go-build -gno-record-gcc-switches

Repro

... acquireOpts := []public.AcquireInteractiveOption{ public.WithRedirectURI("http://127.0.0.1:0"), } authResult, err = client.AcquireTokenInteractive(ctx, c.scopes, acquireOpts...) //make a new request to Azure AD ...

Expected behavior

  • Expect that redirect server listens on http://127.0.0.1:<port>
  • RFC8252 recommends to use loopback IP instead of localhost.

Actual behavior

  • Started redirect server listens on http://localhost:<port>
  • Configuring the Redirect URI in MS AD app to http://127.0.0.1 is not possible with current MSAL

Possible solution
Current default to localhost is fine. If acquireOpts contains public.WithRedirectURI("http://127.0.0.1:0") it should be considered.

Additional context / logs / screenshots
n/a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working p2 public-client
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bgavrilMS @armbzk