Closed Tinathnath closed 3 years ago
Will take a look. Null refs are most always bugs
@Tinathnath Whatever the outcome of the investigation that @bgavrilMS will do, given you already use Microsoft.Identity.Web, the way to go is not to use the OnBehalfOf provider, but directly Microsoft.Identity.Web.MicrosoftGraph (which we developed with the Microsoft Graph SDK team).
services.AddMicrosoftIdentityWebApiAuthentication(Configuration)
.EnableTokenAcquisitionToCallDownstreamApi()
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
And then you inject directly the GraphService client in your controller actions and you use it from there;
Out of curiosity (and to update the documentation), from which documentation did you get the idea of mixing MIcrosoft.Identity.Web and the OnBehalfOf provider? cc: @darrelmiller
@bgavrilMS Thanks !
@jmprieur I tried with Microsoft.Identity.Web.MicrosoftGraph in Startup but forgot to use it via DI, I created my own instance (now that I'm writing it, it doesn't make sense). I'm quite new to MSAL so I tend to mix things up. I thought the AddMicrosoftGraph()
helper could only authenticate as a daemon app, but I need to authenticate as a user that's why I used the OnBehalf provider.
Assuming this is no longer an issue. Please reopen if it is.
Hi, I'm trying to authenticate to Microsoft Graph with the official SDK and the OnBehalfOf provider. I followed the docs [https://docs.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS#OnBehalfOfProvider]() but it doesn't work. I tried multiple configuration scenarios but I still get a NullReferenceException in the process. It seems that the problem is in the
GetBodyParameters()
method, I thinkUserAssertion
is null (see [https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/master/src/client/Microsoft.Identity.Client/Internal/Requests/OnBehalfOfRequest.cs#L109]())Logs and Network traces There's no network trace matching
login.microsoftonline.com
, the error is beeing thrown before token request.StackTrace:
Which Version of MSAL are you using ?
Microsoft.Graph
: 3.30.0Microsoft.Graph.Auth
: 1.0.0-preview.0Microsoft.Identity.Web
: 1.9.1Microsoft.Identity.Web.MicrosoftGraph
: 1.9.1Platform netcore 5
What authentication flow has the issue?
Is this a new or existing app? This is a new app or experiment
Repro
Startup.cs
In my controller, I can get the user token with:
But when I create my Graph client and execute a request, it fails:
It tried with/without
RedirectUri
andAuthority
and I always get the same error.Expected behavior Expect the middleware to get a token with OBO flow to authenticate to Graph with my current API user. When I call the authorization endpoint in Postman with my clientId+secret+user token it works well ([https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow#first-case-access-token-request-with-a-shared-secret]())
Actual behavior The authentication fails in the
Microsoft.Graph.Auth
package withOnBehalfOfProvider
.Possible Solution Might be an issue with the
UserAssertion
object beeing null.Thank you