Issue with the flow microsoft-authentication-library-for-dotnet and Username Password

Vasileios Klouvatos 1 Reputation point
2021-09-10T11:12:21.217+00:00

We have one application with an Web API .net core project. We provide an http endpoint for login. We are using the https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Username-Password-Authentication in order authenticate the user and also provide a token based on the application id that is registered to the Azure. The application already contains granted scopes to access to office 365 resources. The application also is configured to Allow public client flows => True.

We are getting a token when we call the function AcquireTokenByUsernamePassword(....) but the token is not valid to make the request to the office 365 http resource.
When i am trying to use the token to send an HTTP GET request to the https://graph.microsoft.com/v1.0/me
I am getting the following error :
Code : InvalidAuthenticationToken
Message : Invalid x5t claim

Could you please help me to debug why i am getting this error?

Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
209 questions
SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,739 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,664 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. MichaelHan-MSFT 18,016 Reputation points
    2021-09-13T06:28:23.027+00:00

    Hi @Vasileios Klouvatos ,

    Per my test, this way to get the access token works fine on my end. You could share the code you use so I could help you more.
    Below is my demo code: 

        private static async Task<string> GetATokenForGraph()  
    {  
        string applicationId = "xxxx";  
        string tenantId = "contoso.onmicrosoft.com";  

        IPublicClientApplication confApp = PublicClientApplicationBuilder.Create(applicationId)  
        .WithAuthority($"https://login.microsoftonline.com/{tenantId}")  
        .Build();  
        var userName = "michael@contoso.onmicrosoft.com";  
        var password = "xxx";  
        var securePassword = new SecureString();  
        foreach (char c in password)  
            securePassword.AppendChar(c);  
        var scopes = new string[] { "user.read" };  
        var authenticationResult = await confApp.AcquireTokenByUsernamePassword(scopes, userName, securePassword).ExecuteAsync();  
        return authenticationResult.AccessToken;  
    }

    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.