Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Azure.Identity - AuthorizationCodeCredential stopped working after 1.11.0 #43468

Closed
brubtsov opened this issue Apr 17, 2024 · 4 comments · Fixed by #43513
Closed

[BUG] Azure.Identity - AuthorizationCodeCredential stopped working after 1.11.0 #43468

brubtsov opened this issue Apr 17, 2024 · 4 comments · Fixed by #43513
Assignees
@christothes
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that

Comments

@brubtsov
Copy link

Library name and version

Azure.Identity 1.11.0

Describe the bug

I'm trying to upgrade from version 1.9.0 to latest 1.11.1. The code below uses AuthorizationCodeCredential implementation to exchange authorization code and authorize for GraphServiceClient.

AuthorizationCodeCredential authorizationCodeCredential = new AuthorizationCodeCredential("MY_TENANT_ID",
	"MY_CLIENT_ID", "MY_CLIENT_SECRET", "AUTHORIZATION_CODE",
	new AuthorizationCodeCredentialOptions { RedirectUri = new Uri("MY_CALLBACK_URI") });

using var graphServiceClient = new GraphServiceClient(authorizationCodeCredential);

This implementation was working in 1.9.0 but stopped working in version 1.11.0 +.

Last line throws exception

Azure.Identity.AuthenticationFailedException
Message=AuthorizationCodeCredential authentication failed: AADSTS901001: Invalid request. The claims request parameter value '<MY_CALLBACK_URI_HERE>' is invalid. Trace ID: 9bd4f284-2f06-4d44-95b7-c1e757b62000 Correlation ID: 2de93a07-fab4-451c-a0f5-1554780c67fd Timestamp: 2024-04-17 10:14:04Z

I inspected outgoing HTTP requests. And I see that request to token endpoint POST https://login.microsoftonline.com/XXXX/oauth2/v2.0/token is different. Now library adds extra 'claims' param to request body
...&claims=<MY_REDIRECT_URL_GOES_HERE>&... which API considers as incorrect.

Is this a bug? If not a bug, what is correct usage of AuthorizationCodeCredential?

Expected behavior

I'm able to authenticate using AuthorizationCodeCredential implementation

Actual behavior

Exception is thrown; see description.

Reproduction Steps

Use code provided in description. Lib versions: Azure.Identity 1.11.0, Microsoft.Graph 5.49.0

Environment

Windows 11, ASP NET Core, net 6.0
@github-actions github-actions bot added Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Apr 17, 2024
@github-actions GitHub Actions
Copy link

Thank you for your feedback. Tagging and routing to the team member best able to assist.

@ystvan
Copy link

ystvan commented Apr 18, 2024

I have the same issue

@christothes christothes mentioned this issue Apr 18, 2024
Merged
@ystvan
Copy link

ystvan commented Apr 19, 2024

@christothes with the speed of light! can't wait this to be merged! thank you

@christothes
Copy link
Member

this should be fixed in https://www.nuget.org/packages/Azure.Identity/1.11.2

@github-actions github-actions bot locked and limited conversation to collaborators Jul 19, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@christothes christothes

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Projects
Azure Identity SDK Improvements
Archived in project
Milestone
No milestone
3 participants
@christothes @brubtsov @ystvan