Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tenant 'organizations' not found #175

Closed
2 tasks done
bcallaghan-fri opened this issue Jul 12, 2019 · 3 comments
Closed
2 tasks done

Tenant 'organizations' not found #175

bcallaghan-fri opened this issue Jul 12, 2019 · 3 comments

Comments

@bcallaghan-fri
Copy link

Describe the bug

Attempting to use the authority https://login.microsoftonline.com/organizations results in the following error.

OPError: invalid_tenant (AADSTS90002: Tenant 'organizations' not found. This may happen if there are no active subscriptions for the tenant. Check with your subscription administrator.
Trace ID: 300590d6-2a8e-4c83-9f3f-db557c283800
Correlation ID: a93061b7-384f-4bb9-ab75-78d12cb062ff
Timestamp: 2019-07-12 05:23:38Z)
    at processResponse (C:/Users/.../node_modules/openid-client/lib/helpers/process_response.js:39:13)
    at C:/Users/.../node_modules//openid-client/lib/issuer.js:241:20
    at async C:/Users/.../node_modules/p-some/index.js:82:19
    OPError: expected 200 OK, got: 404 Not Found
    at processResponse (C:/Users/.../node_modules/openid-client/lib/helpers/process_response.js:42:11)
    at C:/Users/.../node_modules/openid-client/lib/issuer.js:241:20
    at async C:/Users/.../node_modules/p-some/index.js:82:19

Changing the authority to https://login.microsoftonline.com/common fixes the issue. Both authorities work with MSAL.js.

To Reproduce
Issuer and Client configuration: (inline or gist) - Don't forget to redact your secrets.

const issuer = await Issuer.discover('https://login.microsoftonline.com/organizations');
this.client = new issuer.Client({
	client_id: '<my-client-id>',
	redirect_uris: ['https://login.microsoftonline.com/common/oauth2/nativeclient']
});

Expected behaviour
The "organizations" tenant should be usable as documented at MSDN.

Environment:

  • openid-client version: 3.2.1

  • node version: 12.0.0 (Electron 6.0.0-beta.13)

  • the bug is happening on latest openid-client too.

  • i have searched the issues tracker on github for similar issues and couldn't find anything related.
@panva
Copy link
Owner

panva commented Jul 12, 2019

https://login.microsoftonline.com/organizations is 100% invalid and the error you're getting comes from microsoft, echoed by this library.

https://login.microsoftonline.com/organizations/v2.0 works but will likely need a patch similar to common to allow the Azure AD multi-tenancy issuer validation relaxed.

@panva panva closed this as completed in 4891b5b Jul 12, 2019
@panva
Copy link
Owner

panva commented Jul 12, 2019

https://login.microsoftonline.com/common is also the old azure issuer, you want to be using https://login.microsoftonline.com/common/v2.0.

@bcallaghan-fri
Copy link
Author

Thanks for the fast response. Adding /v2.0 to the end of the authority fixed the problem.

@github-actions github-actions bot locked and limited conversation to collaborators Apr 4, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@panva @bcallaghan-fri