CODEWITHSUNDEEP
msal-angularmsal
Richard77
Richard77

Reputation: 21661

Why does @azure/msal is forcing users to log in even for routes that are not guarded?

Here's my routes. Any user can browse the list of products, go to the details page of a product without being logged in. Users need to log in only when accessing own listings page.

Here's my routes

export const routes: Routes = [
 {
    path: '',
    component: ProductListComponent
 },
 {
    path: 'details/:productCode',
    component: ProductDetailsComponent
 },
 {
    path: 'my-listings',
    component: MyListingsComponent,
    // canActivate: [MsalGuard]
  }
];

Here's, I commented out the guard for my-listings route. So, no route has a guard. Still, when typing http://localhost:4200 or logging off, user gets redirected to the login page.

enter image description here

Thanks for helping

Edit

The original code comes from this sample

I've gone through the code. There are 2 places where URIs and/or scopes are used, interception and guard configs.

Here's the environment file

auth: {
    authority: 'https://myInstance.ciamlogin.com/tenant-id',
    clientId: '818fb65a-f677-4e95-10023-a17734b7acf3',
    apis: [
        {
            uri: 'https://graph.microsoft.com/v1.0/me',
            scopes: 'User.Read'
        },
        {
            uri: `${baseUrl.apiUrl}`, //IS THIS THE ISSUE???
            scopes: 'api://1b03747b-4f11-44e0-a4c5-da6f7de7709e/Backend.Read'
        }
    ]
},

Here's the Guard config

export function MSALGuardConfigFactory(): MsalGuardConfiguration {
let scopes: string[] = [];
environment.auth.apis.forEach((api: any) => {
    scopes = [...scopes, api.scopes];
});
return {
      interactionType: InteractionType.Redirect,
      authRequest: { scopes },
      loginFailedRoute: '/login-failed',
  };
}

And the interceptor config

export function MSALInterceptorConfigFactory(): MsalInterceptorConfiguration {
const protectedResourceMap = new Map<string, Array<string>>();
environment.auth.apis.forEach((api: any) => {
    protectedResourceMap.set(api.uri, api.scopes.split(' ')); //IS THIS THE ISSUE???
});

return {
    interactionType: InteractionType.Redirect,
    protectedResourceMap,
   };
}

EDIT 2

It looks like I partially located the issue

if the Uri is http://localhost:7100, then any call to the API will force the user to log in.

{
            uri: 'http://localhost:7100'
            scopes: 'api://1b03747b-4f11-44e0-a4c5-da6f7de7709e/Backend.Read'
}

If I do something specific like http://localhost:7100/api/load-all-products then it doesn't force user to log in.

It seems like in the library, it's doing something like startWith(providedUrl)

Upvotes: 1

Views: 61

Answers (0)

Related Questions