0

I've an ASP.NET Core application using ASP.NET Core Identity and trying to authenticate against Azure AD.

services.AddAuthentication()
    .AddOpenIdConnect("AzureAD", "Azure AD", option =>
    {
        option.ClientId = Configuration["AzureAD:AppId"]; 
        option.ClientSecret = "abc";
        option.Authority = string.Format(Configuration["AzureAd:AadInstance"], Configuration["AzureAd:Tenant"]);
        option.SignedOutRedirectUri = Configuration["AzureAd:PostLogoutRedirectUri"];
        option.ResponseType = OpenIdConnectResponseType.CodeIdToken;
        option.SaveTokens = true;
        option.SignInScheme = IdentityConstants.ExternalScheme;
        option.Events = new OpenIdConnectEvents
        {
            OnRemoteFailure = OnAuthenticationFailed,                       
        };
    });

Everything works fine, the user can login using its credentials.

Now i'm trying to access Microsoft Graph in order to receive the user's email address (it's not send as claim in the id_token). But when I use the received access_token from the login flow the Graph aPI returns an error:

Code: InvalidAuthenticationToken
Message: CompactToken parsing failed with error code: -2147184105

When I look at the access_token it looks weird. It's not a valid JWT. AQABAAAAAABHh4kmS_aKT5XrjzxRAtHzymKlkayx9UvCfyg_uHq1prmSP8f0Mi5BfiqkdIZeqJsBbm9SSbDbMrQ0JgNa6pa6M97IjVr6ZHdtt3ryT8vns_kz5BxkdJFkL79Ql3ywzyKldfLuX9jwq1eCgQ1MMdqKUDW4q5g38...

What I'm doing wrong?

Improve this question

1 Answer 1

Reset to default
2

You need to use OnAuthorizationCodeReceived notification which could be used to acquire access token for microsoft graph api using ADAL/MSAL . Please refer to this blog for ASP.NET Core 2.0 Azure AD Authentication .

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks, that helped. Now I've a "real" access token. Your code samples of your GitHub repo also helped me. Especially getting a special access token for Microsoft Graph.
Please consider accept as answer which may help others who meet same problem .

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.