Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AADSTS90015: Requested query string is too long #249

Open
AndrewR3K opened this issue Oct 14, 2024 · 1 comment
Open

AADSTS90015: Requested query string is too long #249

AndrewR3K opened this issue Oct 14, 2024 · 1 comment

Comments

@AndrewR3K
Copy link

AndrewR3K commented Oct 14, 2024
edited
Loading

I am running into an issue where end users are hitting this error AADSTS90015: Requested query string is too long when redirected to the AD login.

After digging further into the issue, I noticed that for some odd reason, the "scope" is being appended over 70+* to the authorizationURL.

Has anyone run into this? And if so, do you have a resolution?

Since this has been extremely hard to consistently reproduce, I have been banging my head against a while all day and have yet to find the root cause.

Thanks in advance for the help!

https://login.microsoftonline.com/<redacted>/oauth2/v2.0/authorize?client_id=<redacted>&response_type=code&redirect_uri=https:%2F%2Ftesturl.azurestaticapps.net%2Fauth%2Fmicrosoft&scope=Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.Alne_access+Group.Read.All+User.Read+User.ReadBasic.Al+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.ll+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offfline_access+Group.Read.All+User.Read+User.ReadBasifline_access+Group.Read.All+User.Read+User.ReadBasid.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBac.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+emailil+offline_access+Group.Read.All+User.Read+User.Read+offline_access+Group.Read.All+User.Read+User.ReadB.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.Reasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+em+email+offline_access+Group.Read.All+User.Read+User.ail+offline_access+Group.Read.All+User.Read+User.Reroup.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+UseadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openidenid+email+offline_access+Group.Read.All+User.Read+U+email+offline_access+Group.Read.All+User.Read+Userss+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+opee+openid+email+offline_access+Group.Read.All+User.Renid+email+offline_access+Group.Read.All+User.Read+Uaccess+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.ser.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+ofile+openid+email+offline_access+Group.Read.All+Useopenid+email+offline_access+Group.Read.All+User.Reaine_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+Ud+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profil+profile+openid+email+offline_access+Group.Read.Allle+openid+email+offline_access+Group.Read.All+User.offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.ARead+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+prc.All+profile+openid+email+offline_access+Group.Readofile+openid+email+offline_access+Group.Read.All+Usail+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Reer.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.AllBasic.All+profile+openid+email+offline_access+Group.+profile+openid+email+offline_access+Group.Read.Alld+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Grou+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.ReadBasic.All+profile+openid+email+offline_access+GrAll+profile+openid+email+offline_access+Group.Read.penid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasser.ReadBasic.All+profile+openid+email+offline_accesic.All+profile+openid+email+offline_access+Group.Rele+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_accad.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.Readad+User.ReadBasic.All+profile+openid+email+offline_aBasic.All+profile+openid+email+offline_access+Grouprofile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.Rr.Read+User.ReadBasic.All+profile+openid+email+offlieadBasic.All+profile+openid+email+offline_access+Grll+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offoup.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+Use+User.Read+User.ReadBasic.All+profile+openid+email+or.ReadBasic.All+profile+openid+email+offline_accessic.All+profile+openid+email+offline_access+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+Group.Read.All+User.Read+User.ReadBasic.All+profile+openid+email+offline_access+Group.Read.All+User.Read
@AndrewR3K
Copy link
Author

Weirdly it seems the following changes has "resolved" the issue for now, this of course though is not ideal.

I have yet to figure out exactly WHY this is causing sporadic duplicate scopes.

  1. Hard coded scope
    Example:
// removed:       const scope = config.scope && config.scope.length > 0 ? config.scope : ['User.Read']

return sendRedirect(
        event,
        withQuery(authorizationURL as string, {
          client_id: config.clientId,
          response_type: 'code',
          redirect_uri: redirectURL,
          scope: 'Group.Read.All User.Read User.ReadBasic.All profile openid email offline_access',
        }),
      )
  1. Removed the spread opp
...config.authorizationParams,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AndrewR3K