Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] AcquireTokenInteractive Error (Missing Token Type) #3746

Closed
1 task done
JacExec opened this issue Oct 12, 2022 · 2 comments
Closed
1 task done

[Bug] AcquireTokenInteractive Error (Missing Token Type) #3746

JacExec opened this issue Oct 12, 2022 · 2 comments
Labels
bug P2

Comments

@JacExec
Copy link

JacExec commented Oct 12, 2022
edited
Loading

Logs and network traces

Log 
[Auth] [AUTHORIZATION CODE FLOW] Interactive Mode

MSAL Logging: SAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:12Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] MSAL MSAL.CoreCLR with assembly version '4.47.0.0'. 
CorrelationId(a80ca448-3b5c-4698-a834-3c7b877c7e5e)

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:12Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] === InteractiveParameters Data ===
LoginHint provided: False
User provided: False
UseEmbeddedWebView: NotSpecified
ExtraScopesToConsent: 
Prompt: not_specified
HasCustomWebUi: True

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:12Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] 
=== Request Data ===
Authority Provided? - True
Client Id - 677c607d-cbb3-4c22-ab91-06a7059f2ef2
Scopes - user.read
Redirect Uri - msauth.com.****.****://auth
Extra Query Params Keys (space separated) -
ClaimsAndClientCapabilities -
Authority - https://login.microsoftonline.com/******************************/
ApiId - AcquireTokenInteractive
IsConfidentialClient - False
SendX5C - False
LoginHint -
IsBrokerConfigured - False
HomeAccountId -
CorrelationId - a80ca448-3b5c-4698-a834-3c7b877c7e5e
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured: 

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:12Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] === Token Acquisition (InteractiveRequest) started:
Authority: https://login.microsoftonline.com/***********************/
Scope: user.read
ClientId: *****************************

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:12Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] [Region discovery] Not using a regional authority. 

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:12Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] [Instance Discovery] Tried to use network cache provider 
for login.microsoftonline.com. Success? False. 

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:12Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Fetching instance discovery from the network from host 
login.microsoftonline.com. Endpoint 
https://login.microsoftonline.com/common/discovery/instance.

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:12Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Starting [Oauth2Client] Sending GET request

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:12Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Starting [HttpManager] ExecuteAsync 

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:12Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] [HttpManager] Sending request. Method: GET. URI: 
https://login.microsoftonline.com/common/discovery/instance. 

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:13Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] [HttpManager] Received response. Status code: OK.

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:13Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Finished [HttpManager] ExecuteAsync in 1669 ms

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:13Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Finished [Oauth2Client] Sending GET request in 1674 ms

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:13Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Starting [OAuth2Client] Deserializing response

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:13Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Finished [OAuth2Client] Deserializing response in 61 ms

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:13Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] [Instance Discovery] Tried to use network cache provider 
for login.microsoftonline.com. Success? False.

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:14Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] [Instance Discovery] After hitting the discovery endpoint, 
the network provider found an entry for login.microsoftonline.com ? 
False.

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:14Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] [Instance Discovery] Instance metadata for this authority 
could neither be fetched nor found. MSAL will continue regardless. SSO 
might be broken if authority aliases exist. Authority: 
https://login.microsoftonline.com/b00367e2-193a-4f48-94de-7245d45c0947/

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:14Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Authority validation enabled? True. 

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:14Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Authority validation - is known env? True. 

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:14Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Using CustomWebUi to acquire the authorization code

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:14Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] calling CustomWebUi.AcquireAuthorizationCode
AcquireAuthorizationCodeAsync: COMPLETE URI: 
https://login.microsoftonline.com/b00367e2-193a-4f48-94de�7245d45c0947/oauth2/v2.0/authorize?scope=user.read+openid+profile+offline_access&response_type=code&client_id=677c607d-cbb3-4c22-ab91-06a7059f2ef2&redirect_uri=msauth.com.*****.*****.*****.*****:%2F%2Faut
h&client-request-id=a80ca448-3b5c-4698-a834-3c7b877c7e5e&x-clientSKU=MSAL.CoreCLR&x-client-Ver=4.47.0.0&x-clientOS=Unix+20.6.0.0&prompt=select_account&code_challenge=YDdGveo17M76GkcoU9S
F9rpqWE3KPTZ2RSX4Qy_nEQs&code_challenge_method=S256&state=ec95aab5-9b69-
4fa5-a372-b8337fd1ca3d7dcfd7d9-14ba-4219-b915-3b054881eba6&client_info=1 
--- REDIRECT: msauth.com.*****.*****.*****.*****

---> Returned URL: 
msauth.com.*****.*****.*****.*****://auth/?code=0.AQsA4mcDsDoZSE�U3nJF1FwJR31gfGezyyJMq5EGpwWfLvINAAA.AgABAAIAAAD--
DLA3VO7QrddgJg7WevrAgDs_wQA9PapPHrR4q08fOwLKWXYZL1_gDMZeWKtk49Mim5j5qrJtvVUOAooQrFqbGGgO1igyNq0I9DCWUQY1Xd5FWSclvnxQ2CqedmSBs_JFFzXjAEBxt6wighuBYW6N9Xy4Uzb0orTD0sALGqSeVZVpo0OngIjuJP4u
8Nw4z0IfnmVAAlflEdc5F3s2CArhsyglYyZNDugA5jGjrnNhWTm7hqQe7LgHMCCLahzPwymr3JNaEej4aGh7RHXaQ_NwFl0K94jO3b8GSDLje_hUu0I_Cyw_HTSdcq16ebrZ6NlOhiufMGDaa57Vc37rMxIpSnDgWsTl5
weEfVgttX0HaaqTy8PqNXxOZcMsBk0rjC0FEPLfs5E9NFOct1KYVCE2EhkzK1peunvZ3Wma0G
0mYMgAJlxrg7-GFyOAn06LXyRgXWz7PZk-wpSB4i2PPYghY3YE9h_rzYxHTqQ5kf9ezA05Ez8uqL8SBoVPMgyvVgYh89GF2E6ftSTgSHytp1sZ8gTORoAqyts_
B2hKTGyufB8AHrMSW03sslZ6WcYiq3JyVDB5PM89dAJp5CiE3GjrshrabqVFSE99cMDvBjIPY
Ys1GaPItJCdveJh86Io6cxfTcabikoWQWhPT7BF71Rd47FUT7fDpMdoYYqmKNFSGnEXJW7ax3
85YvlFi-12IJwMrLwsU3lfuBQh_7ZctlVpE9M5YWjQP9SjSPQdSEa9iq4Ny235BZlK6MazP2-
n1voqgCm9ah7ongaBR8wfecQDU0UHlEemQdKwEa20g6SoQ2mCt7S2ILmIqMHNGoF3ZBIYEuPNMx6p_R3tWsm
5Ifw_dTOjxRf3BQrkPztxdI2eARb8IWcjaXjq4TOpGlRk__8Kx23bhjMxd4YcLnBOTZ_Qq0G5QJnAIm_t107Q09Y_F308JEMEXN2M2jsDM2-
svaXyoLr5pDClu_esj3a&client_info=eyJ1aWQiOiJhMDAyNWY1Yy1hN2VkLTQ2NzktYmIy
My01MDdiYmI3ZTUwM2MiLCJ1dGlkIjoiYjAwMzY3ZTItMTkzYS00ZjQ4LTk0ZGUtNzI0NWQ0N
WMwOTQ3In0&state=ec95aab5-9b69-4fa5-a372-b8337fd1ca3d7dcfd7d9-14ba-4219-
b915-3b054881eba6&session_state=c5d1f4a2-9840-4bbb-bde5-2255ec5a259d

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Redirect Uri was matched. Returning success from 
CustomWebUiHandler. 
MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] An authorization code was retrieved from the /authorize 
endpoint. 

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Exchanging the auth code for tokens. 

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] === InteractiveParameters Data ===
LoginHint provided: False
User provided: False
UseEmbeddedWebView: NotSpecified
ExtraScopesToConsent: 
Prompt: not_specified
HasCustomWebUi: True

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Starting TokenClient:SendTokenRequestAsync

MSAL Logging: SAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] [Token Client] Fetching MsalTokenResponse .... 

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Starting [Oauth2Client] Sending POST request

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Starting [HttpManager] ExecuteAsync

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] [HttpManager] Sending request. Method: POST. URI: 
https://login.microsoftonline.com/b00367e2-193a-4f48-94de�7245d45c0947/oauth2/v2.0/token.

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] [HttpManager] Received response. Status code: OK.

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Finished [HttpManager] ExecuteAsync in 269 ms

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Finished [Oauth2Client] Sending POST request in 288 ms

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Starting [OAuth2Client] Deserializing response

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Finished [OAuth2Client] Deserializing response in 26 ms

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:20Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] Finished TokenClient:SendTokenRequestAsync in 365 ms

MSAL Logging: MSAL 4.47.0.0 MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 
12:12:00) Unix 20.6.0.0 [2022-10-11 15:20:21Z - a80ca448-3b5c-4698-a834-
3c7b877c7e5e] MSAL.CoreCLR.4.47.0.0.MsalClientException: 
ErrorCode: token_type_missing
Microsoft.Identity.Client.MsalClientException: The response from the 
token endpoint does not contain the token_type parameter. This happens if 
the identity provider (AAD, B2C, ADFS, etc.) did not include the access 
token type in the token response. Verify the configuration of the 
identity provider. 
at Microsoft.Identity.Client.OAuth2.TokenClient.SendTokenRequestAsync...

*** [Auth] MSAL.CoreCLR.4.47.0.0.MsalClientException: ErrorCode: 
token_type_missing
Microsoft.Identity.Client.MsalClientException: The response from the 
token endpoint does not contain the token_type parameter. This happens if 
the identity provider (AAD, B2C, ADFS, etc.) did not include the access 
token type in the token response. Verify the configuration of the 
identity provider.

Which version of MSAL.NET are you using?
MSAL 4.47.0.0

Platform
iOS - Unity - .NET Standard 2.1
MSAL.CoreCLR Mono Unity IL2CPP (May 15 2022 12:12:00) Unix 20.6.0.0

What authentication flow has the issue?

  • Desktop / Mobile
    • Interactive

Is this a new or existing app?
App in development phase

Repro

PublicClientApplication creation

_pca = PublicClientApplicationBuilder
                        .Create(platformSettings.ClientID)
                        .WithAuthority(platformSettings.Authority)
                        .WithLogging(
                            (level, message, containsPii) =>
                            {
                                Debug.Log($"MSAL Logging: {message} ");
                            },
                            LogLevel.Verbose, enablePiiLogging: true, enableDefaultPlatformLogging: true)
                        .WithRedirectUri(platformSettings.RedirectUri)
                        .Build();

AcquireToken flow

#if UNITY_EDITOR
                authResult = await _pca.AcquireTokenInteractive(_configuration.Scopes)
                                                 .ExecuteAsync(cancelToken) 
                                                 .ConfigureAwait(false);
#elif UNITY_IOS
                authResult = await _pca.AcquireTokenInteractive(_configuration.Scopes)
                                                .WithCustomWebUi(new FancyWebUI()) 
                                                .ExecuteAsync(cancelToken);
#else

Expected behavior
The interactive authentication flow must works correctly both in Unity editor (pc) and on target platform (iOS) and return the token after the user has completed the authentication flow in a browser / web view.

Actual behavior
[Unity Editor] 🟢
When user access is requested, the authentication flow starts in the browser, then the user successfully completes the login. The procedure ends successfully and the access token is returned in the calling application to be used in subsequent API calls.

[iOS] 🔴
When user access is requested, the authentication flow starts in the Web View (SFSafariViewController), then the user successfully completes the login. The procedure ends with error:

MsalClientException: The response from the token endpoint does not contain the token_type parameter. This happens if
the identity provider (AAD, B2C, ADFS, etc.) did not include the access token type in the token response. Verify the configuration of the identity provider.

MSAL Log Summary
1) Redirect Uri was matched. Returning success from CustomWebUiHandler.
2) An authorization code was retrieved from the /authorize endpoint.
3) Exchanging the auth code for tokens.
4) SendTokenRequestAsync
MSAL Client Exception: Error Code: token_type_missing

Possible solution
I have no idea how to proceed, the log does not help, Azure side everything seems to be configured correctly.

Additional context / logs / screenshots / links to code
iCustomWebUi Interface
MSAL Error Handling
@JacExec JacExec changed the title [Bug] [Bug] AcquireTokenInteractive Error (Missing Token Type) Oct 12, 2022
@bgavrilMS
Copy link
Member

bgavrilMS commented Oct 13, 2022
edited
Loading

We expect the response from AAD to have a key "token_type" which will be set to "Bearer" in this case. The server is pretty good at this, so I suspect that's happening here is an error in JSON deserialization, which uses reflection and is known to have issues on Unity.

https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/main/src/client/Microsoft.Identity.Client/OAuth2/OAuth2Client.cs

We can't fix this in the netstandard version of the library, but we do plan to add a fix it in an upcoming NET6 version of the library, which would use the new System.Text.Json library which does not rely on reflection.

Tracking issue:

#3682

@bgavrilMS
Copy link
Member

Closing as duplicate

@bgavrilMS bgavrilMS closed this as not planned Won't fix, can't repro, duplicate, stale Oct 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug P2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bgavrilMS @JacExec