AcquireDeviceCodeAsync Failing on Mac OS

Question

AcquireDeviceCodeAsync Failing on Mac OS

jeschu1 opened this issue 4 years ago · 1 comments

MSAL is the recommended auth library for use with the Microsoft identity platform

No new features will be implemented on ADAL. The team's efforts are on improving MSAL, the next-gen auth library. MSAL's wiki contains a migration guide from ADAL.

Only regressions, high severity issues and security issues will be fixed on ADAL. Other issues are likely to have already been fixed in MSAL.

If you think that your issue falls into the above categories, please fill in the form below.

Which Version of ADAL are you using ?
Note that to get help, you need to run the latest preview or non-preview version
For MSAL, please log issues to https://github.com/AzureAD/microsoft-authentication-library-for-dotnet
5.2.7

Which platform has the issue?

Max OS

What authentication flow has the issue?

Desktop / Mobile
- Interactive
- Integrated Windows Auth
- Username Password
- Device code flow (browserless)
Web App
- [X ] Authorization code
- OBO
Web API
- OBO

Is this a new or existing app?
Existing App
This used to work and is now broken.

Repro
We attempt to acquire a Device Code as shown here: https://github.com/microsoft/azure-pipelines-agent/blob/588d5c4f21a5ff2a29c4f55d4ef43ab2d59cb2a8/src/Agent.Listener/Configuration/CredentialProvider.cs#L87

This works fine on Windows, but no longer works on Mac. It's unclear when this broke.

Easiest way to repro is to clone: https://github.com/microsoft/azure-pipelines-agent.git
dev build
dev layout
./config.sh
Answer "Y" to TEE EULA
Give any org URL
When asked about authentication type, enter "AAD"

When run on Mac you get the below exception. When run on Windows you do not.

System.Net.Http.CurlException: Login denied
at System.Net.Http.CurlHandler.ThrowIfCURLEError(CURLcode error)
...
Microsoft.VisualStudio.Services.Agent.Listener.Configuration.AadDeviceCodeAccessToken.GetVssCredentials(IHostContext context) in /Users/agent/azure-pipelines-agent/src/Agent.Listener/Configuration/CredentialProvider.cs:line 87

Expected behavior
On Mac you should entire Device Code Flow.

Actual behavior
You get an exception.

Possible Solution
N/A

Answer 1 · 2020-10-12T06:50:23.000Z

ADAL has been deprecated. Please use MSAL https://github.com/AzureAD/microsoft-authentication-library-for-dotnet