[Bug] DeviceCode verficationUri is always null

[jghiloni]

Which version of MSAL Go are you using?
Note that to get help, you need to run the latest version.

Microsoft Authentication Library for Go 1.2.2

Where is the issue?

• Public client
  • Device code flow
  • Username/Password (ROPC grant)
  • Authorization code flow
• Confidential client
  • Authorization code flow
  • Client credentials:
    • client secret
    • client certificate
• Token cache serialization
  • In-memory cache
• Other (please describe)

Is this a new or an existing app?

This is a new app

What version of Go are you using (go version)?

$ go version
1.23.2

What operating system and processor architecture are you using (go env)?

go env Output

$ go env
GO111MODULE=''
GOARCH='arm64'
GOBIN=''
GOCACHE='/Users/jghiloni/Library/Caches/go-build'
GOENV='/Users/jghiloni/Library/Application Support/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='arm64'
GOHOSTOS='darwin'
GOINSECURE=''
GOMODCACHE='/Users/jghiloni/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='darwin'
GOPATH='/Users/jghiloni/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/opt/homebrew/Cellar/go/1.23.2/libexec'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='local'
GOTOOLDIR='/opt/homebrew/Cellar/go/1.23.2/libexec/pkg/tool/darwin_arm64'
GOVCS=''
GOVERSION='go1.23.2'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/Users/jghiloni/Library/Application Support/go/telemetry'
GCCGO='gccgo'
GOARM64='v8.0'
AR='ar'
CC='cc'
CXX='c++'
CGO_ENABLED='1'
GOMOD='/dev/null'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -ffile-prefix-map=/var/folders/mr/llndyl2j0fj9k9pzqtb10ykw0000gn/T/go-build2305052682=/tmp/go-build -gno-record-gcc-switches -fno-common'

Repro

loginCtx, cancel := context.WithTimeout(a.appCtx, 900*time.Second)
defer cancel()

deviceCode, err := authApp.AcquireTokenByDeviceCode(loginCtx, backend.Scope)
if err != nil {
    return nil, err
}

log.Printf("%#v", deviceCode.Result)

Expected behavior
deviceCode.Result.VerificationURI != ""

Actual behavior
deviceCode.Result.VerificationURI == ""

Possible solution

This is pretty clearly a JSON marshaling issue, as if I run the same method via cURL, the field is set (see below)

Additional context / logs / screenshots

$ curl -s https://login.microsoftonline.com/udtonline.com/oauth2/v2.0/devicecode -F client_id=XXX -F scope="user.read offline_access" | jq
{
  "user_code": "XXX",
  "device_code": "XXX",
  "verification_uri": "https://microsoft.com/devicelogin",
  "expires_in": 900,
  "interval": 5,
  "message": "To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXX to authenticate."
}

[bgavrilMS]

That url is always the same for the public cloud

[jghiloni]

I mean, that's nice and all, but the go library is still clearly parsing the JSON incorrectly, as it's set when calling using pure HTTP.