search

AzureAD / azure-activedirectory-library-for-ruby

The ADAL for Ruby library makes it easy for Ruby applications to authenticate to AAD in order to access AAD protected web resources.
http://www.windowsazure.com/en-us/services/active-directory/
MIT License
36 stars 78 forks source link

nexpected client assertion type #55

Open lemmycaution opened 7 years ago

lemmycaution commented 7 years ago

Hi there,

I'm trying to run client_assertation_certificate_example but stuck with below error. It seems I'm missing something in configuration but cannot find it. Any tip most welcome, thanks a lot.

V, [2017-04-09T14:46:55.995211 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: TokenRequest getting token for client for https://graph.microsoft.com/v1.0.
V, [2017-04-09T14:46:55.995686 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Creating self signed JWT payload. Expires: 2017-04-09 14:56:54 +0100. NotBefore: 2017-04-09 14:46:54 +0100.
V, [2017-04-09T14:46:55.995842 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Creating self signed JWT header with thumbprint: rWHKnQ53WQH79JiMnyGFarbTnSs=.
V, [2017-04-09T14:46:55.998631 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: TokenRequest checking cache #<ADAL::MemoryCache:0x007fdc0f0e9be0> for token.
V, [2017-04-09T14:46:55.998705 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Searching cache for tokens by keys: [:authority, :client_id].
V, [2017-04-09T14:46:55.998781 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Validating 0 possible cache matches.
V, [2017-04-09T14:46:55.998841 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Looking through 0 matching cache entries for resource https://graph.microsoft.com/v1.0.
V, [2017-04-09T14:46:55.998893 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Attempting to obtain access token for https://graph.microsoft.com/v1.0 by refreshing 1 of 0 matching MRRTs.
I, [2017-04-09T14:46:55.998931 #73458]  INFO -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Did not find token in cache.
V, [2017-04-09T14:46:55.999085 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Creating self signed JWT payload. Expires: 2017-04-09 14:56:54 +0100. NotBefore: 2017-04-09 14:46:54 +0100.
V, [2017-04-09T14:46:55.999177 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Creating self signed JWT header with thumbprint: rWHKnQ53WQH79JiMnyGFarbTnSs=.
V, [2017-04-09T14:46:56.001347 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Creating self signed JWT payload. Expires: 2017-04-09 14:56:55 +0100. NotBefore: 2017-04-09 14:46:55 +0100.
V, [2017-04-09T14:46:56.001411 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Creating self signed JWT header with thumbprint: rWHKnQ53WQH79JiMnyGFarbTnSs=.
V, [2017-04-09T14:46:56.003526 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Resorting to OAuth to fulfill token request.
V, [2017-04-09T14:46:56.201593 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Attempting to create a TokenResponse from raw response.
E, [2017-04-09T14:46:56.201842 #73458] ERROR -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Parsed an ErrorResponse with error: invalid_request and error description: AADSTS90023: Unexpected client assertion type.
Trace ID: cffebcfe-402c-48bf-b90b-8a2b765e4200
Correlation ID: a2a72bbd-a2f9-4276-baf3-6362e13b3821
Timestamp: 2017-04-09 13:46:55Z.
Failed to authenticate with client credentials. Received error: invalid_request and error description: AADSTS90023: Unexpected client assertion type.
Trace ID: cffebcfe-402c-48bf-b90b-8a2b765e4200
Correlation ID: a2a72bbd-a2f9-4276-baf3-6362e13b3821
Timestamp: 2017-04-09 13:46:55Z.
akrulwich commented 7 years ago

Seeing the same issue. @lemmycaution did you ever resolve this?

lemmycaution commented 7 years ago

No, sorry. I ended up with using some other platform.

On Mon, Jul 3, 2017 at 3:48 PM, akrulwich notifications@github.com wrote:

Seeing the same issue. @lemmycaution https://github.com/lemmycaution did you ever resolve this?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/AzureAD/azure-activedirectory-library-for-ruby/issues/55#issuecomment-312665105, or mute the thread https://github.com/notifications/unsubscribe-auth/AAVcvXzXXMxzK4RFF5y7Ueq9uOOJk1dvks5sKP8vgaJpZM4M4B70 .

akrulwich commented 7 years ago

@lemmycaution Thanks

kule commented 7 years ago

I had this it's an easy fix - if you look through the code of the dotnet version, it uses a different JWT_BEARER string:

https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/blob/2e528e99d50ea3176c968ea95820f6c033b48b59/src/Microsoft.IdentityModel.Clients.ActiveDirectory/Internal/OAuthConstants.cs#L73

Someone's already done a pull request too: https://github.com/AzureAD/azure-activedirectory-library-for-ruby/pull/39

In the meantime you can monkey patch the gem to fix:

module ADAL
  class TokenRequest
    module GrantType
      JWT_BEARER = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
    end
  end
end