-
Notifications
You must be signed in to change notification settings - Fork 345
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] #4989
Comments
Hi @ggroves - you pasted a signed token on a public website. Can you please confirm that the token was expired at the moment you pasted it? (I had a look at the exp claim in it and it does seem so). I recommend that you change the password for the user in the token and invalidate all their sessions, just to be safe. MSAL deals with token acquisition. You seem to have acquired a token. The problem seems around token validation. Graph performs token validation. Please open a bug on Graph SDK - https://github.com/microsoftgraph/msgraph-sdk-dotnet for talk to support to accelerate your ask |
Thank you. Opened an issue with Graph. microsoftgraph/msgraph-sdk-dotnet#2736 |
Does not seem to be an issue in MSAL. |
Library version used
4.66.1.0
.NET version
8.0.10
Scenario
ConfidentialClient - web api (AcquireTokenOnBehalfOf)
Is this a new or an existing app?
The app is in production, I haven't upgraded MSAL, but started seeing this issue
Issue description and reproduction steps
We were asked to open this issue by Microsoft support. We have three identically configured Azure web apps (development, test, production). On development and production, calls to MS Graph fail. Here is what we log:
dbug: UnifiedSmartPortal.Services.UserService[0] [CallMicrosoftGraph] Calling Microsoft Graph...
info: UnifiedSmartPortal.Networking.GraphLoggingHandler[0]
MSAL Request: Method: GET, RequestUri: 'https://graph.microsoft.com/v1.0/me?$select=companyName,department,displayName,employeeType,givenName,jobTitle,mail,manager,officeLocation,preferredName,userPrincipalName', Version: 1.1, Content: , Headers:
{
Accept: application/json
Authorization: Bearer
FeatureFlag: 00000003
Cache-Control: no-store, no-cache
User-Agent: kiota-dotnet/1.3.4
SdkVersion: graph-dotnet-core/3.1.6 (featureUsage=00000003; hostOS=Microsoft Windows NT 10.0.20348.0; hostArch=X64; runtimeEnvironment=.NET 8.0.8;)
client-request-id: 48a0999b-d24a-49ee-ae01-bb62021e097d
}
warn: UnifiedSmartPortal.Services.UserService[0] [CallMicrosoftGraph] MSGraph is unavailable - ArgumentNull
The same code works on the test instance, and multiple development machines. We have verified that test is set up the same as development and production.
Packages: Microsoft.Identity.Web 3.3.1, Microsoft.Identity.Web.GraphServiceClient 3.31, Microsoft.Kiota.Authentication.Azure 1.14.0
Relevant code snippets
Expected behavior
This is what is logged from the same call on localhost:
info: UnifiedSmartPortal.Networking.GraphLoggingHandler[0]
MSAL Request: Method: GET, RequestUri: 'https://graph.microsoft.com/v1.0/me?$select=companyName,department,displayName,employeeType,givenName,jobTitle,mail,manager,officeLocation,preferredName,userPrincipalName', Version: 1.1, Content: , Headers:
{
Accept: application/json
Authorization: Bearer ****
FeatureFlag: 00000003
Cache-Control: no-store, no-cache
User-Agent: kiota-dotnet/1.3.4
SdkVersion: graph-dotnet-core/3.1.6 (featureUsage=00000003; hostOS=Microsoft Windows NT 10.0.22631.0; hostArch=X64; runtimeEnvironment=.NET 8.0.10;)
client-request-id: 5f1ff492-4dfc-4077-8a59-37804945e114
}
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
No response
The text was updated successfully, but these errors were encountered: