I am trying to use Microsoft.Identity.Web for AzureAd authentication. Below is the code segment. The call GetAuthenticationResultForAppAsync returns result. In the result, AccessToken has value but IdToken is null, which caused null pointer exception in the token validation. What do I miss? Thanks!
services.AddOpenIdConnect(options =>
{
var x = Configuration["AzureAd:CallbackPath"];
options.ClientId = Configuration["AzureAd:ClientId"];
options.ClientSecret = Configuration["AzureAd:ClientSecret"];
options.CallbackPath = new PathString(Configuration["AzureAd:CallbackPath"]);
options.Authority = Configuration["AzureAd:Instance"] + Configuration["AzureAd:TenantId"];
options.ResponseType = "code id_token";
options.Authority = options.Authority + "/v2.0/";
//options.Scope.Clear();
//options.Scope.Add("User.ReadBasic.All");
options.Scope.Add("user.read");
options.RequireHttpsMetadata = false; // add dev env condition
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = OnTokenValidated
};
// Handling the auth redemption by MSAL.NET so that a token is available in the token cache
// where it will be usable from Controllers later (through the TokenAcquisition service)
var handler = options.Events.OnAuthorizationCodeReceived;
options.Events.OnAuthorizationCodeReceived = async context =>
{
context.HandleCodeRedemption();
var _tokenAcquisition = context.HttpContext.RequestServices.GetRequiredService<ITokenAcquisition>();
//await _tokenAcquisition.AddAccountToCacheFromAuthorizationCode(context, options.Scope);
var result = await _tokenAcquisition.GetAuthenticationResultForAppAsync("/.default");
//var result = await _tokenAcquisition.GetAuthenticationResultForUserAsync(options.Scope);
// Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it
// and will not send the OAuth 2.0 request in case a further call to
// AcquireTokenByAuthorizationCode in the future for incremental consent
// (getting a code requesting more scopes)
// Share the ID Token so that the identity of the user is known in the application (in
// HttpContext.User)
context.HandleCodeRedemption(null, result.IdToken);
await handler(context);
};
});
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(Configuration, "AzureAd")
.EnableTokenAcquisitionToCallDownstreamApi()
.AddInMemoryTokenCaches();
Error on page: Microsoft.AspNetCore.Authentication.AuthenticationFailureException: An error was encountered while handling the remote login. ---> System.ArgumentNullException: IDX10000: The parameter 'token' cannot be a 'null' or an empty object. (Parameter 'token') at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.ValidateTokenUsingHandlerAsync(String idToken, AuthenticationProperties properties, TokenValidationParameters validationParameters) at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync() --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddlewareImpl.Invoke(HttpContext context)