Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Bug] "The issuer '(null)' is invalid" error when I request my API with bearer token

See original GitHub issue

Which Version of MSAL are you using ? msal.net 1.9.0

Platform asp.net core 5.0

What authentication flow has the issue?

  • Desktop / Mobile
    • Interactive
    • Integrated Windows Auth
    • Username Password
    • Device code flow (browserless)
  • Web App
    • Authorization code
    • OBO
  • Daemon App
    • Service to Service calls

Other? - please describe;

Is this a new or existing app? This is a new app or experiment

Repro

I have added following lines of code.

// startup.cs
services.AddMicrosoftIdentityWebApiAuthentication(Configuration, "AzureAd");
app.UseAuthentication();

// WeatherForecastController
[Authorize]
[RequiredScope("Default")]

// appsettings.json
"AzureAd": {
    "Instance": "https://login.chinacloudapi.cn/",
    "ClientId": "my client id",
    "Domain": "my organization domain",
    "TenantId": "my organization tenant id",
    "Authority": "https://login.chinacloudapi.cn/my organization tenant id/"
}

Expected behavior I checked my token on jwt.ms, it shows everything is good. image

Actual behavior I use Postman to request the API, and the API tells me issuer is null in my token. image

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:1
  • Comments:17 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
Gtyrandecommented, Apr 29, 2021

@bgavrilMS

  1. I tried to set authority as sts.chinacloud.cn but response shows The issuer '(null)' is invalid also. So I prefer to think of it as a problem in msal.net.
  2. Actually I’m not a Microsoft employee. Ha ha.
0reactions
shuichen17commented, Jun 10, 2023

I use Microsoft.Identity.Web 1.25.3 and set "accessTokenAcceptedVersion": 2 Here is my code

services.AddAuthentication(options =>
                {
                    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
                    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                })
                .AddJwtBearer("AzureAd", jwtOptions =>
                {
                    jwtOptions.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateIssuer = false
                    };
                }).AddMicrosoftIdentityWebApi(Configuration.GetSection("AzureAd"));

              //  Set up basic authorization
                services.AddAuthorization(options =>
                {
                    options.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
                    .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme‌​)
                    .RequireAuthenticatedUser().Build());
                });

It works properly. My app is multitenant.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Bearer error="invalid_token", error_description="The issuer ...
The access token is in the certificate. It is failing. The security mode is TLS/SSL which has a number of different options like...
Read more >
Bearer error="invalid_token", error_description="The issuer ...
I'm trying to implement SSO for Google and Microsoft (multi-tenant) using custom policies in an SPA application using a .NET core Web API....
Read more >
Consuming web api with JWT authentication console app
The api works fine with postman and swagger. ... try { //Get the JWT string token = await AuthenticateAsync(user); Debug.
Read more >
Unable to authenticate Orchestrator API for accessing ...
Unable to authenticate Orchestrator API for accessing Bearer Token. Invalid credentials error for valid credentials entered.
Read more >
Bearer error="invalid_token", error_description="The issuer ...
I verified a token is created to angular 6 front end from core 2.1. When I test the token in the jwt.io it...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[Bug] EnableTokenAcquisitionToCallDownstreamApi overrides response_type preventing use of hybrid flow

Next page

[Bug] IsAppServicesAadAuthenticationEnabled not working with new App Service Authentication flow