Could not resolve endpoints
Just spent more hours than I should working out why we were getting the following error from the MsalFetchClient in the @pnp/nodejs-commonjs library.
ClientAuthError: endpoints_resolution_error: Error: could not resolve endpoints. Please check network and try again. Detail: Discover incomplete
This was a classic case of looking but not seeing it really couldn’t resolve the endpoint, because it was missing a /.
The clue was when I looked up the actual Application configuration options for MSAL at Client application configuration (MSAL) — Microsoft identity platform | Microsoft Docs
There Authority is defined as an identity provider instance and sign in audience for the app and possibly the tenant ID.
Common authority URLs are listed including the one I wanted:
https://login.microsoftonline.com/<tenant>/
Note the trailing /.
If you leave this off when connecting to Sharepoint Online you get the error listed above but not when you connect to MS Graph using a Client Secret.
It appears that the AzureAD/microsoft-authentication-library-for-js: Microsoft Authentication Library (MSAL) for JS (github.com) team have two different parsers in use depending on if you use a secret or a certificate, with the certificate one being stricter.
