"Web API now calls Microsoft Graph" sample return 401 out of the box.

[cedrox]

• [ x] bug report -> please search issues before submitting
• [ ] feature request
• [ ] documentation issue or request
• [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

configure 2. Web API now calls Microsoft Graph and run it localy

Any log messages given by the failure

{Bearer error="invalid_token"}

Expected/desired behavior

get the todo list when open the application. the call graph api during the Add Todo

OS and Version?

Window 10

Versions

VS 2019 entreprise

Mention any other details that might be useful

On a demo tenant where I am admin, I have follow all the manual step after running the configure.ps1 script. Details here :

---

IMPORTANT: Please follow the instructions below to complete a few manual step(s) in the Azure portal :

• For 'service'
  • Navigate to 'https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/3ced0b4b-ab09-42de-8c21-b2321cc88cc3/objectId/e9209043-c2c7-4225-81a1-781e5ace8e9e/isMSAApp/'
  • Navigate to the Manifest page and change 'signInAudience' to 'AzureADandPersonalMicrosoftAccount'.
• For 'client'
  • Navigate to 'https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/9a68c939-13a7-4afe-8a7d-20ad2d32d570/objectId/f4feb51a-9eb9-4a3f-9c4b-db06b9495047/isMSAApp/'
  • Navigate to the Manifest page and change 'signInAudience' to 'AzureADandPersonalMicrosoftAccount'.

  • [Optional] If you are a tenant admin, you can navigate to the API Permisions page and select 'Grant admin consent for (your tenant)'

And

In the list of pages for the application registration of the TodoListService-v2 application, select Manifest

in the manifest, search for "accessTokenAcceptedVersion", and replace null by 2. This property lets Azure AD know that the Web API accepts Microsoft identity platform (v2.0) tokens Select Save

Thanks to confirm

[CitronBaBa]

The web API server (todolistservice in "Web API now calls Microsoft Graph") has this exception and return 401 status to the client WPF application.

info: Microsoft.AspNetCore.Hosting.Diagnostics[1] Request starting HTTP/1.1 GET https://localhost:44351/api/todolist
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[1] Failed to validate the token. System.MissingMethodException: Method not found: 'Microsoft.IdentityModel.Tokens.SecurityKey Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities.FindKeyMatch(System.String, System.String, Microsoft.IdentityModel.Tokens.SecurityKey, System.Collections.Generic.IEnumerable`1)'. at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ResolveIssuerSigningKey(String token, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()

[brentschmaltz]

@CitronBaBa @cedrox what version of Microsoft.IdentityModel.JsonWebTokens is being uses? What version was used before?

[jmprieur]

@brentschmaltz : I think that ASP.NET Core uses Wilson 5 whereas Microsoft.Identity.Web uses Wilson 6.x (with the increment that Maria and I did) I guess the fix is to update all the Web APIs to Wilson 6.x? cc: @TiagoBrenck

[brentschmaltz]

Yes, we had a teams meeting where updating to 6.5.0 explicitly would fix the issue.

[cedrox]

I confirm that the fix is working. Thank you very much for responding so quickly!

[brentschmaltz]

@cedrox super to hear. Thanks for contacting us.