Unable to complete Authorization Code Flow to Azure AD with new Forge Application

Hi, I’ve created a Hello World type project using Forge.
This is what my Manifest looks like:

    - key: msgraph-hello-world-queue-page
      function: main
      title: Forge app for Graph
    - key: main
      handler: index.run
          - azure
  id: ari:cloud:ecosystem::app/MY APP ID
    - read:jira-work
        - 'https://graph.microsoft.com'
        - 'https://login.microsoftonline.com'
    - key: azure
      name: Azure
        - 'offline_access'
        - '.default'
      type: oauth2
      clientId: MY CLIENT ID
        - msgraph
      bearerMethod: authorization-header
          remote: azure-account
          path: /MY TENANT ID/oauth2/v2.0/authorize
          remote: azure-oauth
          path: /MY TENANT ID/oauth2/v2.0/token
          remote: msgraph
          path: /v1.0/me
            id: id
            displayName: displayName
  - key: msgraph
    baseUrl: https://graph.microsoft.com
  - key: azure-account
    baseUrl: https://login.microsoftonline.com
  - key: azure-oauth
    baseUrl: https://login.microsoftonline.com

Azure’s authorization response to the /authorize endpoint looks like this:

With my auth’s bearerMethod set to authorization-header, I get the following error:
There was an error invoking the function - Code is not defined

With my auth’s bearerMethod set to form-encoded, this error comes up:

Trace ID: 00000000000000008a7e9b84606acb07
There was an error invoking the function - Only json and url encoded forms supported.

With it set to uri-query, i get the following:

Trace ID: 0000000000000000add838d8b1ddf15e
There was an error invoking the function - Code is not defined

Can someone please assist me?
My goal is to create an application that I can sign into using Azure AD, which will grant me access to the APIs exposed by my application using my newly gained access token.

What happens when you click on the link to authorize in your forge app? It’s not entirely clear from your description. Which url does it ultimately take you to and what does that screen look like. The response you posted is a tutorial from Microsoft. If this is the response to the /authorize endpoint then you are doing something wrong in this step.

Can you get the url Forge is taking you to when you click on the authorize link?

authorization-header is the correct bearerMethod. This doesn’t appear to have anything to do with the problem you are having.

I am also working on this with Carlos. Using authorization-header, when clicking to allow app, it takes you to the approval page. When clicking approve it shows this error.

Something went wrong
Trace ID: 0000000000000000994e15e28f1b2cb7
There was an error invoking the function - Code is not defined

ReferenceError: Code is not defined
at Object.App [as type] (index.js:41541:73)
at index.js:35660:36
at async asyncMap (index.js:35595:24)
at async index.js:35616:29
at async index.js:35006:31

Refresh app

What is the microsoft url it takes you to for the approve step? I want to verify that all of the query parameters are correct. It sounds like something is wrong with this step.

I don’t know how to answer that. When I click accept on the atlassian consent page it returns to the original Jira page with that error.

In azure I actually deleted the client secret so I would expect that it would fail with a different error but I got the same error which seems to point to an issue before it even hits Azure.

Having said that in the logs I do see this message which seems to say it was getting through approving of the app on Atlassian’s side:
User authorized “service-management-test”

All of this is made more confusing because the very first time I installed this app, it got through the Atlassian approval and gave me the page that shows the microsoft url and asks if I want to approve. The url looked fine to me (almost exactly the same to the url that worked fine in a Confluence app I made that does the same thing … and it works there.)
When I clicked approve I got the error I mentioned about “Code is not defined”. Since then I don’t get the approve to connect to azure page anymore. After clicking approve for Atlassian it just shows the error. This is despite uninstalling and reinstalling the app.

Microsoft may consider you authorized already through a cookie so it doesn’t even show the page. That would line up with it only showing once. Can you try in an incognito window?

Thanks for the help. I never thought that it might be saved as a cookie.
Turns out the reason we were getting this error is we used Code from ForgeUI in the app, but forgot to import it.