Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Friendly hint for a typical oidc_authority error #4676

Open
rayluo opened this issue Mar 22, 2024 · 0 comments
Open

[Feature Request] Friendly hint for a typical oidc_authority error #4676

rayluo opened this issue Mar 22, 2024 · 0 comments
Assignees
@iulico-1 @ashok672
Labels
ciam Feature Request

Comments

@rayluo
Copy link
Contributor

rayluo commented Mar 22, 2024

MSAL client type

Confidential

Problem statement

In our own web app testing, we sometimes forgot to append the /v2.0 suffix to a CIAM CUD oidc_authority, and ended up with a cryptic error message, "AADSTS500207: The account type can't be used for the resource you're trying to access". This may become an FAQ and a frequent source of customer support requests.

Proposed solution

We may add a hint into the error object/message returned by MSAL:

'Did you forget to append "/v2.0" to your oidc_authority? '

so that a full error page in a web app may look like this:

Login Failure

invalid_request
Did you forget to append "/v2.0" to your oidc_authority? AADSTS500207: The account type can't be used for the resource you're trying to access. Trace ID: e4568f2b-f5b3-4e5e-b766-e7689b180000 Correlation ID: 765569d0-7583-45ec-93f1-69d6095164a4 Timestamp: 2024-03-21 03:17:17Z

More implementation details are available in this PR in MSAL Python.

Alternatives

We could document the importance of "remember to append /v2.0 when using a CIAM custom url domain", but such a small piece of information would typically buried deep in the documentation and receives no attention.
@rayluo rayluo added untriaged Do not delete. Needed for Automation needs attention Delete label after triage labels Mar 22, 2024
@bgavrilMS bgavrilMS added Feature Request ciam and removed untriaged Do not delete. Needed for Automation needs attention Delete label after triage labels Mar 22, 2024
@localden localden self-assigned this May 19, 2024
@localden localden assigned iulico-1 and ashok672 and unassigned localden Jan 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iulico-1 iulico-1

@ashok672 ashok672

Labels
ciam Feature Request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@rayluo @bgavrilMS @iulico-1 @localden @ashok672