[Bug] Error when attempting to use PCKE
See original GitHub issueWhich version of Microsoft Identity Web are you using? 0.4.0-preview
Where is the issue?
- Web app
- Sign-in users
- Sign-in users and call web APIs
- Web API
- Protected web APIs (validating tokens)
- Protected web APIs (validating scopes)
- Protected web APIs call downstream web APIs
- Token cache serialization
- In-memory caches
- Session caches
- Distributed caches
- Other (please describe)
Is this a new or an existing app? a. The app is in production and I have upgraded to a new version of Microsoft Identity Web.
Repro
services.AddMicrosoftIdentityWebAppAuthentication(Configuration)
.EnableTokenAcquisitionToCallDownstreamApi()
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
services.Configure<MicrosoftIdentityOptions>(options =>
{
options.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
options.UsePkce = true;
options.ResponseType = OpenIdConnectResponseType.Code;
});
services.AddMvc();
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(policy));
});
Expected behavior I try to upgrade from Microsoft.AspNetCore.Authentication.AzureAd.UI to Microsoft.Identity.Web. I reuse the app registration, which works fine with an Authorization Code Flow. I expect that the app successfully logs in the user using Auth Code Flow.
Actual behavior When trying to log in, I get the following error:
OpenIdConnectProtocolException: Message contains error: 'unsupported_response_type', error_description: 'AADSTS700054: response_type 'id_token' is not enabled for the application.
I don’t really understand the error message. Is it trying to perform an implicit flow?
With the older package, the initial redirect to https://login.microsoftonline.com
contains the query &response_type=code
; with Microsoft.Identity.Web it contains response_type=code%20id_token
; why is it doing that?
Issue Analytics
- State:
- Created 3 years ago
- Comments:5
Top GitHub Comments
@calbert82uhah, the fix is available in Microsoft.Identity.Web 1.0.0
@jmprieur Yes, with this branch the
response_type
has changed tocode
, and I can log in a user!