ERR_INVALID_ARG_TYPE on the /redirect

[rwrife]

I've got a basic app setup and when AAD goes to redirect back to my site I'm getting [ERR_INVALID_ARG_TYPE]: The first argument must be of type string or an instance of Buffer, ArrayBuffer, or Array or an Array-like Object. Received undefined
at new NodeError (node:internal/errors:371:5)
at Function.from (node:buffer:321:9)
at _callee$ (C:\Projects\myproject\node_modules\microsoft-identity-express\src\client\webapp\MsalWebAppAuthClient.ts:184:139)

any ideas?

[derisen]

Hi @rwrife, apologies for the very late response. Looks like there was an issue when accessing the req.session.key (which internally is used for encrypting/decrypting the state parameter). I can't come up with anything off the top of my head other than somehow your express session is not properly properly set up. Can you confirm that?

And sorry for the cryptic error message, but we are picking up this project again and we will work on adding better error logging for such issues.

[hnougher]

I can get the same thing with more detail.

Good hint on something in express session.
The easiest temporary solution for me seems to be to set cookie.secure=false even though that is not recommended.

node:internal/errors:465
    ErrorCaptureStackTrace(err);
    ^

TypeError [ERR_INVALID_ARG_TYPE]: The first argument must be of type string or an instance of Buffer, ArrayBuffer, or Array or an Array-like Object. Received undefined
    at new NodeError (node:internal/errors:372:5)
    at Function.from (node:buffer:323:9)
    at _callee$ (/app/node_modules/microsoft-identity-express/dist/microsoft-identity-express.cjs.development.js:1556:127)
    at tryCatch (/app/node_modules/microsoft-identity-express/dist/microsoft-identity-express.cjs.development.js:167:40)
    at Generator.invoke [as _invoke] (/app/node_modules/microsoft-identity-express/dist/microsoft-identity-express.cjs.development.js:398:22)
    at Generator.next (/app/node_modules/microsoft-identity-express/dist/microsoft-identity-express.cjs.development.js:223:21)
    at asyncGeneratorStep (/app/node_modules/microsoft-identity-express/dist/microsoft-identity-express.cjs.development.js:18:24)
    at _next (/app/node_modules/microsoft-identity-express/dist/microsoft-identity-express.cjs.development.js:40:9)
    at /app/node_modules/microsoft-identity-express/dist/microsoft-identity-express.cjs.development.js:47:7
    at new Promise (<anonymous>) {
  code: 'ERR_INVALID_ARG_TYPE'
}

[derisen]

@hnougher apologies for late response. Thanks for the debug. cookie.secure should be false if the app is running on http, but are you saying you run into this even when running the app on a https connection?

[hnougher]

@derisen That is correct.
It was annoyingly working fine in development (http localhost etc) and breaking for production (https only).

[derisen]

Closing as completed.