AuthenticationContext result is null
Closed this issue · 13 comments
I have
var authResult = await _authContext.AcquireTokenByAuthorizationCodeAsync( authCode, _redirectUri, credential, _scopes);
like your Authorize action result, but all of the authResult attributes (Token, etc) are null.
I see a reply from https://login.microsoftonline.com/common/oauth2/v2.0/token in Fiddler that has a token in it. What am I doing wrong here?
Thanks
What version of the ADAL library do you have in your project?
Hey, Thanks for responding.
I have this nuget package
Microsoft.Experimental.IdentityModel.Clients.ActiveDirectory: 4.0.208052020-alpha
Ok. I just tried it again with the version I used to write the tutorial, 4.0.208020147-alpha. I got a token with no problem. I updated to your version and still got a token, so there must be something odd on your end. What JSON fields do you see in the Fiddler trace (in the response)?
Sorry for the length.
This is part of my controller:
readonly string _clientId = System.Configuration.ConfigurationManager.AppSettings["ida:ClientID"];
readonly string _clientSecret = System.Configuration.ConfigurationManager.AppSettings["ida:ClientSecret"];
readonly AuthenticationContext _authContext = new AuthenticationContext("https://login.microsoftonline.com/common/oauth2/v2.0/authorize");
readonly Uri _redirectUri = new Uri("http://localhost:56788/OfficeAuthCallback");
private readonly string[] _scopes = { "https://outlook.office.com/Calendars.Read" };
public async Task<ActionResult> Microsoft()
{
var authUri = await _authContext.GetAuthorizationRequestUrlAsync(_scopes, null, _clientId,
_redirectUri, UserIdentifier.AnyUser, null);
return Redirect(authUri.ToString());
}
public async Task<ActionResult> Index()
{
var authCode = Request.Params["code"];
var credential = new ClientCredential(_clientId, _clientSecret);
try
{
var authResult = await new AuthenticationContext("https://login.microsoftonline.com/common/oauth2/v2.0/token").AcquireTokenByAuthorizationCodeAsync(
authCode, _redirectUri, credential, _scopes);
if (string.IsNullOrEmpty(authResult.Token)) return Redirect("/"); //all attr's of authResult are null
Session["access_token"] = authResult.Token;
Session["user_email"] = GetUserEmail(_authContext, _clientId);
return Redirect(Url.Action("Cal", "OfficeAuthCallback", null, Request.Url.Scheme));
}
catch (AdalException ex)
{
return Content($"ERROR retrieving token: {ex.Message}");
}
}
I see an entry in Fiddler and the JSON results look like this:
{
"expires_in": "3600",
"token_type": "Bearer",
"scope": "https://outlook.office.com/calendars.read",
"access_token": "[...]",
"refresh_token": "[...]",
"id_token": "[...]",
"id_token_expires_in": "86400"
}
Hmm. I may have to ask the ADAL guys to look at this. One difference I see is that you're setting your authority (the parameter to the constructor for AuthenticationContext) to the full endpoint, which might be throwing it. The authority for the context used to generate the login URL doesn't equal the authority for the context you used to request the token, and I wonder if ADAL is deciding that's not valid. Try setting your authority in both scenarios to just https://login.microsoftonline.com/common and see if that helps matters.
I had it set that way originally as I followed your tutorial. Since it didn't work, I thought I'd try the full endpoint.
I was newing up the authority in the method, like your tutorial. Either way, I have the same problem.
Ok. I'm going to ping the ADAL guys and see if they can give some insight.
any update on this?
I was trying to work on this more but I couldn't get logged into whatever account I finally managed to get working on https://apps-dev.dev.microsoft.com/ so I created a new MS account and a new app. If I use the client id and password from apps-dev I get this error:
https://login.live.com/err.srf?lc=1033#error=unauthorized_client&error_description=The+client+does+not+exist.+If+you+are+the+application+developer%2c+configure+a+new+application+through+the+application+management+site+at+https://manage.dev.live.com/.
If I create a NEW app, along side the original one I created last week that I can't edit, and use the client id and pass from manage.dev.live I get this error:
{
"error": "invalid_request",
"error_description": "AADSTS90019: No tenant-identifying information found in either the request or implied by any provided credentials.\r\nTrace ID: f5475eda-6103-47d3-801c-7c729dee85ac\r\nCorrelation ID: 640c2d16-c57a-4c6d-95a2-150aa52b0096\r\nTimestamp: 2015-09-09 15:49:28Z",
"error_codes": [
90019
],
"timestamp": "2015-09-09 15:49:28Z",
"trace_id": "f5475eda-6103-47d3-801c-7c729dee85ac",
"correlation_id": "640c2d16-c57a-4c6d-95a2-150aa52b0096",
"submit_url": null,
"context": null
}
Today, manage.dev.live.com doesn't even work, like at all. The site is down.
Very odd. I'm not sure exactly what manage.dev.live.com is, but I'm guessing it is an older portal that's replaced by apps.dev.microsoft.com. In your post you mentioned `apps-dev.dev.microsoft.com', which isn't the right URL. Not sure if that's causing your issue, but it might be!
well I thought I fat fingered the apps-dev.dev.microsoft.com but it looks like apps-dev.dev.microsoft.com and apps.dev.microsoft.com are different websites! I found my previously created application under apps.dev.microsoft.com. Unfortunately, authResults is still null :(
Ok. I've re-asked the Azure guys to chime in.
Closing this issue as I see nothing's happened on it in over a year. I've since updated this project to use a different library anyway (Microsoft.Identity.Client). If you still need help with the ADAL library, please open an issue directly with them (https://github.com/AzureAD/azure-activedirectory-library-for-dotnet).