search

OneDrive / onedrive-sdk-dotnet-msa-auth-adapter

Other
26 stars 22 forks source link

Exception in MsaAuthenticationProvider with "User.Read" scope #42

Open 23W opened 7 years ago

23W commented 7 years ago

Can I use MsaAuthenticationProvider for receive token for both OneDrive and Microsoft Graph services ? I need Microsoft Graph for reading information about current logged user (because OneDrive SDK hasn't such method). But, if I add scope "User.Read" to scope array, msaAuthProvider.AuthenticateUserAsync() will generate exception after user authentication.

string AppKey = "APP_ID";
string AppRedirect = "https://login.live.com/oauth20_desktop.srf";
string[] AppScopes = { "User.Read",  "offline_access", "onedrive.readwrite" };

var msaAuthProvider = new MsaAuthenticationProvider(AppKey, AppRedirect, AppScopes, new CredentialVault(AppKey));
await msaAuthProvider.AuthenticateUserAsync();  //!< produces Microsoft.Graph.ServiceException exception after authentication

var client = new OneDriveClient("https://api.onedrive.com/v1.0", msaAuthProvider);

Exception data:

Data {System.Collections.ListDictionaryInternal} System.Collections.IDictionary System.Collections.ListDictionaryInternal} Error {Code: generalException Message: Unexpected exception returned from the service. } Microsoft.Graph.Error

Small addition. Such code (token for OneDrive) works fine.

var msaAuthProvider = new MsaAuthenticationProvider(AppKey, AppRedirect, new[] { "offline_access", "onedrive.readwrite" }, new CredentialVault(AppKey));
await msaAuthProvider.AuthenticateUserAsync();

Such code (token for access to User profile) works fine, too.

var msaAuthProvider = new MsaAuthenticationProvider(AppKey, AppRedirect, new[] { "User.Read" }, new CredentialVault(AppKey));
await msaAuthProvider.AuthenticateUserAsync();

But together it will generate exception. Why so?

var msaAuthProvider = new MsaAuthenticationProvider(AppKey, AppRedirect, new[] { "User.Read", "offline_access", "onedrive.readwrite" }, new CredentialVault(AppKey));
await msaAuthProvider.AuthenticateUserAsync();
daboxu commented 7 years ago

hi @23W the MSA provider only works MSA OAuth which you can see it goes to login.live.com/oauth while unfortunately it won't work with Microsoft Graph Service which talks to Azure AD OAuth V2, I would suggest you use the MSAL library for talking with Microsoft Graph Service. Sorry for these confusing OAuth definitions, for detail you can see my answer here: https://github.com/OneDrive/onedrive-sdk-csharp/issues/216.