Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Graph SDK error Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException with 3.0.4 #1719

Closed
StevieBleeds opened this issue Jun 29, 2024 · 2 comments
Closed

Graph SDK error Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException with 3.0.4 #1719

StevieBleeds opened this issue Jun 29, 2024 · 2 comments
Labels
no-recent-activity status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close

Comments

@StevieBleeds
Copy link

StevieBleeds commented Jun 29, 2024
edited
Loading

On Thursday 27 June, I started to see errors with the Graph SDK in a number of our web apps where it was throwing a Microsoft.Graph.AGS.Contracts.ClaimsChallengeRequiredException error. No changes were made to either application, so this was an error that started Thursday morning.

The web apps were using a client credential flow with a single tenant application registration. I could replicate the issue across a number of subscriptions in the same tenant, but not in another tenant where the web apps continued to work using a client credential flow.

There have not been any internal network or conditional access policy changes and could not see anything in the logs. I raised a ticket with Microsoft who confirmed that they couldn't see anything either.

I'm using Node v16.16.0 and microsoft-graph-client v3.0.4 (also tested v3.0.7, got the same error). To mitigate this, I expedited an internal roadmap item and moved them from client credential to managed identity which fixed the issue.

However, I have discovered a fix for what appears to be a Graph CAE issue with the client credential flow which can be traced to this query from a couple years ago (Azure/azure-cli#24684) and involved adding the following AZURE_IDENTITY_DISABLE_CP1=1 environment variable to the settings in the Web App service. When I done this, the web app sprung back into life again.

I'm hoping someone advise on a couple queries please:

  • Why did I only start seeing this on Thursday when this issue seemingly has been around for a couple years?
  • Will it likely affect the managed identity flow in the same way?

web_app_error
web_app_code_1
web_app_code_2
@fey101
Copy link
Contributor

fey101 commented Jul 10, 2024

Thanks @StevieBleeds for raising this. However this issue looks to be related to the MSGraph API itself instead of the sdk. Please raise this question here https://developer.microsoft.com/en-us/graph/support

@fey101 fey101 added the status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close label Jul 10, 2024
@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link
Contributor

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
no-recent-activity status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fey101 @StevieBleeds