scottdurow / dataverse-auth Goto Github PK

Currently, node-cds-auth does not work on Debian due to a dependency on electron.

If anyone would like to help with issue please get in touch!

Hi,

Both npm audit and the OWASP Dependency Checker list the version of the electron package this package is dependent on (23.1.4) as vulnerable. An update should fix this problem, however it would require a major version upgrade; version 24.8.3 is listed as safe. Would this upgrade disrupt anything?

Source: GHSA-7m48-wc93-9g85

I'm trying to levarage dataverse-gen and dataverse-auth for some Dynamics 365 webscripting, but I'm having trouble creating a sign-in token.

Specifically, running the dataverse-auth command and progressing through the login screen leaves me with the following:

Error
Error: Get Token request returned http error: 400 and server response: {"error":"interaction_required","error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000007-0000-0000-c000-000000000000'. Trace ID: c6a6f73b-b61d-4645-bd53-e018d4264101 Correlation ID: 4287cf00-5217-4609-82d7-babc294ad79e Timestamp: 2024-03-07 16:17:24Z","error_codes":[50076],"timestamp":"2024-03-07 16:17:24Z","trace_id":"c6a6f73b-b61d-4645-bd53-e018d4264101","correlation_id":"4287cf00-5217-4609-82d7-babc294ad79e","error_uri":"https://login.windows.net/error?code=50076","suberror":"basic_action"}
    at Logger.createError (\node_modules\adal-node\lib\log.js:216:13)
    at \node_modules\adal-node\lib\oauth2client.js:502:26
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
Token Aquisition failed:{}
ERROR:Error: Get Token request returned http error: 400 and server response: {"error":"interaction_required","error_description":"AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000007-0000-0000-c000-000000000000'. Trace ID: c6a6f73b-b61d-4645-bd53-e018d4264101 Correlation ID: 4287cf00-5217-4609-82d7-babc294ad79e Timestamp: 2024-03-07 16:17:24Z","error_codes":[50076],"timestamp":"2024-03-07 16:17:24Z","trace_id":"c6a6f73b-b61d-4645-bd53-e018d4264101","correlation_id":"4287cf00-5217-4609-82d7-babc294ad79e","error_uri":"https://login.windows.net/error?code=50076","suberror":"basic_action"}

The browser that appears for the sign-in process fails to display the final 2FA screen and is effectively "frozen", with the above error shown in the console.

Attempting a device-based sign-in also failed.

Any suggestions on what might be the problem?

Note that tools such as XrmToolbox are capable of signing in without problems.

When I run npx dataverse-auth in a trial environment I get the following error: User account '{EmailHidden}' from external identity provider 'live.com' is not supported for API version '2.0'. Microsoft account pass-thru users and guests are not supported by the tenant-independent endpoint.

Could you help me?

Hi, I am trying to install on my mac m1 via npm install -g dataverse-auth and experience this error related to electron package.

If I try to install npm install dataverse-auth it finishes with the same error.
Could you help me?

Usually when I copy an environment url edge will also copy the https:// at the beginning. When I just paste that the authentication will fail. It might be nice to handle that to make it easier for the user

It is possible to implement none-interactive version of this package if we know:

• Organization URL;
• Login / Password;
• MFA secret key;

Idea is instead of just opening Electron and let users enter their credentials, actually open Electron without head and type in data, which user will normally do manually, basically implement EasyRepro / Selenium approach.

The only challenge here is Electron. As far as I can see puppeteer needs to be used (to fill in forms), but Electron is not shipped with its support. There are packages like puppeteer-in-electron, but for me they are triggering firewall confirmation window, because a port on localhost needs to be open.

I was lucky to accomplish this task using https://github.com/segmentio/nightmare and it's API is much nicer than just bare puppeteer.

I can assist in implementing, but I see following issues which I would prefer achieve some support in:

• additional command line parameters, it would be already quite a few, and many of them are optional, so it could be that arguments handling could need some love;
• electron parts, I might ruin things that I don't know are needed;
• blessing to implement this feature;

See - AzureAD/microsoft-authentication-library-for-js#3332

Looking up for tenant id is not very straightforward, would be nice to make it optional.