Azure AD Auth: Invalid Compact JWE

[DominikOlczak]

Steps to reproduce

Steps:

1. npx create-toolpad-app@latest --studio dog-app
2. cd dog-app
3. npx run dev
4. Setting up Azure AD Authentication
5. Sign in with Azure AD

Current behavior

Redirected to MS, selected the account and returned to the login page with an error in the console:

[auth][error] JWTSessionError: Read more at https://errors.authjs.dev#jwtsessionerror [auth][cause]: JWEInvalid: Invalid Compact JWE at compactDecrypt (<>/dog-app/node_modules/jose/dist/node/esm/jwe/compact/decrypt.js:13:15) at jwtDecrypt (<>/dog-app/node_modules/jose/dist/node/esm/jwt/decrypt.js:5:29) at Object.decode (<>/dog-app/node_modules/@auth/core/jwt.js:67:31) at Module.session (<>/dog-app/node_modules/@auth/core/lib/actions/session.js:17:39) at AuthInternal (<>/dog-app/node_modules/@auth/core/lib/index.js:35:38) at async Auth (<>/dog-app/node_modules/@auth/core/index.js:111:34) at async <>/dog-app/node_modules/@toolpad/studio/dist/cli/index.mjs:366:24

Expected behavior

Expects to log in.

Context

I registered the application in Azure, set env according to the instructions.

Your environment

npx @mui/envinfo

  System:
    OS: Windows 11 10.0.22631
    Browser: Microsoft Edge for Business 130.0.2849.46
  Binaries:
    Node: 20.15.1 - ~\Node\node.EXE
    npm: 10.7.0 - ~\Node\npm.CMD
    pnpm: Not Found
  Browsers:
    Chrome: Not Found
    Edge: Chromium (127.0.2651.74)
  npmPackages:
    @emotion/react:  11.13.3
    @emotion/styled:  11.13.0
    @mui/base:  5.0.0-beta.59
    @mui/core-downloads-tracker:  6.1.5
    @mui/icons-material:  6.1.4
    @mui/lab:  6.0.0-beta.12
    @mui/material:  6.1.4
    @mui/private-theming:  6.1.5
    @mui/styled-engine:  6.1.5
    @mui/system:  6.1.4
    @mui/types:  7.2.18
    @mui/utils:  6.1.4
    @mui/x-charts:  7.21.0
    @mui/x-charts-vendor:  7.20.0
    @mui/x-data-grid:  7.21.0
    @mui/x-data-grid-premium:  7.21.0
    @mui/x-data-grid-pro:  7.21.0
    @mui/x-date-pickers:  7.21.0
    @mui/x-date-pickers-pro:  7.21.0
    @mui/x-internals:  7.21.0
    @mui/x-license:  7.21.0
    @mui/x-tree-view:  7.21.0
    @toolpad/core:  0.8.1
    @toolpad/studio: latest => 0.8.1
    @toolpad/studio-components:  0.8.1
    @toolpad/studio-runtime:  0.8.1
    @toolpad/utils:  0.8.1
    @types/react:  18.3.12
    react:  18.3.1
    react-dom:  18.3.1
    typescript:  5.5.4

Search keywords: azure authentication

[apedroferreira]

Hi, thanks for reporting this issue!
Did the Azure authentication use to work before updating to v0.8.1 of @toolpad/studio, or have you ever only tried in this latest version?
Just making sure it's not a regression due to any latest changes.

Also just in case before I look further into this: did you try clearing your cookies?

[DominikOlczak]

I tested only on the latest version. Interestingly, it uses three accounts that give different results, and I did not set different permissions for them:

Account 1:
[auth][cause]: JWEInvalid: Invalid Compact JWE at compactDecrypt (<>/dog-app/node_modules/jose/dist/node/esm/jwe/compact/decrypt.js:13:15) at jwtDecrypt (<>/dog-app/node_modules/jose/dist/node/esm/jwt/decrypt.js:5:29) at Object.decode (<>/dog-app/node_modules/@auth/core/jwt.js:67:31) at Module.session (<>/dog-app/node_modules/@auth/core/lib/actions/session.js:17:39) at AuthInternal (<>/dog-app/node_modules/@auth/core/lib/index.js:35:38) at async Auth (<>/dog-app/node_modules/@auth/core/index.js:111:34) at async <>/dog-app/node_modules/@toolpad/studio/dist/cli/index.mjs:366:24

Account 2:
[auth][error] AccessDenied: AccessDenied. Read more at https://errors.authjs.dev#accessdenied at handleAuthorized (<>/dog-app/node_modules/@auth/core/lib/actions/callback/index.js:405:15) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async Module.callback (<>/dog-app/node_modules/@auth/core/lib/actions/callback/index.js:63:30) at async AuthInternal (<>/dog-app/node_modules/@auth/core/lib/index.js:27:24) at async Auth (<>/dog-app/node_modules/@auth/core/index.js:111:34) at async <>/dog-app/node_modules/@toolpad/studio/dist/cli/index.mjs:366:24

Account 3:
Successful login

[prakhargupta1]

Hi @DominikOlczak,
If it worked for Account 3 => Your configuration is correct. Were you able to make it work for the other two accounts?

I tried and it worked for my account.

[github-actions]

Since the issue is missing key information and has been inactive for 7 days, it has been automatically closed. If you wish to see the issue reopened, please provide the missing information.