We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I am running into an issue where end users are hitting this error AADSTS90015: Requested query string is too long when redirected to the AD login.
AADSTS90015: Requested query string is too long
After digging further into the issue, I noticed that for some odd reason, the "scope" is being appended over 70+* to the authorizationURL.
Has anyone run into this? And if so, do you have a resolution?
Since this has been extremely hard to consistently reproduce, I have been banging my head against a while all day and have yet to find the root cause.
Thanks in advance for the help!
https://login.microsoftonline.com/<redacted>/oauth2/v2.0/authorize?client_id=<redacted>&response_type=code&redirect_uri=https:%2F%2Ftesturl.azurestaticapps.net%2Fauth%2Fmicrosoft&scope=Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.Alne_access+Group.Read.All+User.Read+User.ReadBasic.Al+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.ll+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offfline_access+Group.Read.All+User.Read+User.ReadBasifline_access+Group.Read.All+User.Read+User.ReadBasid.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBac.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+emailil+offline_access+Group.Read.All+User.Read+User.Read+offline_access+Group.Read.All+User.Read+User.ReadB.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.Reasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+em+email+offline_access+Group.Read.All+User.Read+User.ail+offline_access+Group.Read.All+User.Read+User.Reroup.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+UseadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openidenid+email+offline_access+Group.Read.All+User.Read+U+email+offline_access+Group.Read.All+User.Read+Userss+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+opee+openid+email+offline_access+Group.Read.All+User.Renid+email+offline_access+Group.Read.All+User.Read+Uaccess+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.ser.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+ofile+openid+email+offline_access+Group.Read.All+Useopenid+email+offline_access+Group.Read.All+User.Reaine_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+Ud+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profil+profile+openid+email+offline_access+Group.Read.Allle+openid+email+offline_access+Group.Read.All+User.offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.ARead+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+prc.All+profile+openid+email+offline_access+Group.Readofile+openid+email+offline_access+Group.Read.All+Usail+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Reer.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.AllBasic.All+profile+openid+email+offline_access+Group.+profile+openid+email+offline_access+Group.Read.Alld+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Grou+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.ReadBasic.All+profile+openid+email+offline_access+GrAll+profile+openid+email+offline_access+Group.Read.penid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasser.ReadBasic.All+profile+openid+email+offline_accesic.All+profile+openid+email+offline_access+Group.Rele+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_accad.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.Readad+User.ReadBasic.All+profile+openid+email+offline_aBasic.All+profile+openid+email+offline_access+Grouprofile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.Rr.Read+User.ReadBasic.All+profile+openid+email+offlieadBasic.All+profile+openid+email+offline_access+Grll+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offoup.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+Use+User.Read+User.ReadBasic.All+profile+openid+email+or.ReadBasic.All+profile+openid+email+offline_accessic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read
The text was updated successfully, but these errors were encountered:
Weirdly it seems the following changes has "resolved" the issue for now, this of course though is not ideal.
I have yet to figure out exactly WHY this is causing sporadic duplicate scopes.
// removed: const scope = config.scope && config.scope.length > 0 ? config.scope : ['User.Read'] return sendRedirect( event, withQuery(authorizationURL as string, { client_id: config.clientId, response_type: 'code', redirect_uri: redirectURL, scope: 'Group.Read.All User.Read User.ReadBasic.All profile openid email offline_access', }), )
...config.authorizationParams,
Sorry, something went wrong.
Any ideas or updates on this one? Thanks again for this wonderful package.
Sorry for the late answer, this is quite weird as the authorizationParams should be empty, could you console.log it?
authorizationParams
console.log
No branches or pull requests
I am running into an issue where end users are hitting this error
AADSTS90015: Requested query string is too long
when redirected to the AD login.After digging further into the issue, I noticed that for some odd reason, the "scope" is being appended over 70+* to the authorizationURL.
Has anyone run into this? And if so, do you have a resolution?
Since this has been extremely hard to consistently reproduce, I have been banging my head against a while all day and have yet to find the root cause.
Thanks in advance for the help!
The text was updated successfully, but these errors were encountered: