ClientConfigurationError Microsoft OAuth Flow

Question

I am implementing the Microsoft Auth code flow but I am stuck with this error.

Based on this code example, here is how I am initializing the client:

const config = {
  auth: {
    clientId: process.env.MICROSOFT_CLIENT_ID,
    authority: process.env.MICROSOFT_AUTHORITY,
    clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
  },
};
const cca = new msal.ConfidentialClientApplication(config);

And later I want to create an authentication URL to redirect the user to:

const authCodeUrlParameters = {
    scopes: ["user.read"],
    redirectUri: "http://localhost:8080/oauth/microsoft",
    state: 'state_here',
  };

  cca
    .getAuthCodeUrl(authCodeUrlParameters)
    .then((authCodeUrl) => {
      return authCodeUrl;
    })
    .catch((error) => console.log(JSON.stringify(error)));

But I am getting this error: {"errorCode":"empty_url_error","errorMessage":"URL was empty or null.","subError":"","name":"ClientConfigurationError"}

Based on the docs about errors, it looks like it's thrown before requests are made when the given user config parameters are malformed or missing.

Anybody can spot where the configs are malformed?

Answer 1

The error is because of the missing configuration requirements in the application. And most importantly , check the authorization request url for missing parameters like state and nonce and the redirect url.

Here request URL may require state and nonce parameters form cache as part of authCodeUrlParameters to construct the URL.

In authCodeUrlParameters see which of them is missed as they may lead to url to null.

You try to give your domain in knownAuthority

Ex:

 auth: {
        clientId: 'xxxx-xx-xx-xx-xxxxx',
        authority: '<give authority>', 
        knownAuthorities: ['<domain here>']
        redirectUri: 'https://localhost:8080'
    },
cache: {
    cacheLocation: "sessionStorage",
    storeAuthStateInCookie: false,
    secureCookies: false
},

Please make sure the redirect url is in correct format:

See Redirect URI (reply URL) restrictions - Microsoft Entra | Microsoft Learn

After setting the correct url, I could get proper response