Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[Bug] Token acquisition from different tenant not working
See original GitHub issueWhich version of Microsoft Identity Web are you using? Commit ID 8a043b704a4ad89faaa635451ee7fc6d85979bf9 , but the same problem experienced also with -master dated 2020-07-21.
Where is the issue?
- Web API
- Protected web APIs call downstream web APIs
Is this a new or an existing app? The app is in production and I have upgraded to a new version of Microsoft Identity Web.
Repro
var tokenAcquisition = httpContext.RequestServices.GetRequiredService<Microsoft.Identity.Web.ITokenAcquisition>();
var tid = httpContext.User.FindFirst("tid").Value;
return tokenAcquisition.GetAccessTokenForUserAsync(new string[] { scope }, tid);
Expected behavior Token issued by tenant B.
Actual behavior When user in tenant A is a guest user in tenant B (identified by “tid”), this call returns a token issued by tenant A instead of token issued by tenant B (“tid”).
Possible solution Please see the attached patch. This is the same bug I previously reported for an older version.
Issue Analytics
- State:
- Created 3 years ago
- Comments:6
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
This issue is fixed in microsoft identity web, but there is an additional fix needed in msal .net, so moving this to blocked for now. That work will be in progress soon.
Included in 0.2.2-preview release