Integration of SSO using MSAL in Angular project gets 401 returned error after login
I am fully following the example from Example for Angular 16 from MSAL Git. The code is exactly the same with the example except for the client ID and authority. When I login with my account I got 401 error response. I also don't know how to decode the encrypted code in URL. Is it because that my account does not have access to the application in Azure AD and how can I decode the URL? The URL is like localhost:5069/api#code=xxx&client_info=xxx&state=xxx&session_state=xxx and contains 4 parts, code, client_info,state and session_state. How can I extract info from them?
The 401 error usually occurs if the Microsoft Entra ID application is not granted required API permissions to perform the operation.
I created a Multi-Tenant Microsoft Entra ID application:
Registered Redirect URL:
Grant User.Read delegated API permission as you are calling /me endpoint:
Now in environment file replace your client ID:
export const environment = {
production: false,
msalConfig: {
auth: {
clientId: 'YourClientID',
authority: 'https://login.microsoftonline.com/common'
}
},
apiConfig: {
scopes: ['user.read'],
uri: 'https://graph.microsoft.com/v1.0/me'
}
};
When I ran the sample, I logged using Popup:
The user logged in successfully:
Able to fetch signed in user profile data successfully:
To resolve the error, make sure to grant required API permissions to the Microsoft Entra ID application.
If still the issue persists, check if you are passing valid ClientID.
- And make sure to pass correct or required scope in the environment file.
- If you are calling any other API then grant and pass the required scope.
Reference:
- Need help getting Azure AD B2C SSO with Azure AD
- Unable to get all users from Microsoft Graph using Python SDK
- Azure AD, AuthenticationTicket Claims
- How to get a list of users from azure graph API
- Az-GetRoleAssigments Not returning Data for DisplayName, SignInName & Object Type - Azure Powershell Runbook
- Integration of SSO using MSAL in Angular project gets 401 returned error after login
- Azure Active Directory passing empty GUID for tenantId with default template
- Sign in to Azure Account from VS Code
- AKV10032: Invalid issuer error when connecting to Azure Key Vault from App Service
- Get all user properties from Microsoft graph
- ASP.NET Azure AD / Entra Authentication - App roles in token, but not being assigned to principal
- How to do azure single sign on with next.js 14 and App Router
- Azure ClientCertificateCredential - Using SNI
- Entra ID Schema Extension with custom Namespace
- MSAL Node service & The Partner Center API
- KeyCloak Integration with Azure B2C UserName Mapping Issue
- is it posible to access Azure App Configuration via URL or conected some how as enviroment setting of App Service?
- Generate token fails for Azure app which is both client and API (client credentials workflow)
- Pulling "On-premises last sync date time" Azure user property using PowerShell
- Authenticating to Sharepoint Online Site via React SPA in MS Teams personal Tab
- Login failed for user '<token-identified principal>' while authorizing to SQL Server via Service Principal from AAD group assigned
- MSAL library fails to parse token in Chromium based browsers
- Office 365 Exchange Online permission is not visible for registered application in azure active directory
- Azure B2C IdP-Access Token fails with IDX10511: Signature validation failed
- EntraID: how to pass application roles downstream
- During signIn receiving B2C error code ‘AADB2C99059’
- How can I read local MS Teams status
- How to find the tenant where a multi-tenant AAD application was registered
- Azure AD permissions for MS Forms
- ASP.NET Core app running on IIS gives Http Error 401.2-Unauthorize