Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Token not refreshing with AuthenticationManager OBO #644

Open
HappyDump opened this issue Apr 25, 2022 · 2 comments · May be fixed by #651
Open

Token not refreshing with AuthenticationManager OBO #644

HappyDump opened this issue Apr 25, 2022 · 2 comments · May be fixed by #651

Comments

@HappyDump
Copy link

HappyDump commented Apr 25, 2022
edited

Hi, I am currently facing a problem using the AuthenticationManager with OnbehalfOf in order to index a Sharepoint site so the task can take several hours and we are currently facing a token refreshing issue.

The AuthenticationManager instance is created as follow:

_authenticationManager = AuthenticationManager.CreateWithOnBehalfOf(clientId,
                                                                                clientSecret,
                                                                                _assertion,
                                                                                tenantId,
                                                                                azureEnvironment);

and the context is retrieved with the following method:

context = _authenticationManager.GetContext(siteUrl);

It appears that the token is never refreshed since after running a task for 70 to 90 minutes I get an exception from MSAL prompting that the token has expired:

Microsoft.Identity.Client.MsalUiRequiredException:AADSTS500133: Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: 2022-04-15T07:44:55.1649335Z, expiry time of assertion 2022-04-15T07:44:07.0000000Z.

and with the following stacktrace:

async Task<AuthenticationResult> Microsoft.Identity.Client.Internal.Requests.RequestBase.HandleTokenRefreshErrorAsync(MsalServiceException e, MsalAccessTokenCacheItem cachedAccessTokenItem)|async Task<AuthenticationResult> Microsoft.Identity.Client.Internal.Requests.OnBehalfOfRequest.ExecuteAsync(CancellationToken cancellationToken)|async Task<AuthenticationResult> Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)|async Task<AuthenticationResult> Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenOnBehalfOfParameters onBehalfOfParameters, CancellationToken cancellationToken)|async Task<ClientContext> PnP.Framework.AuthenticationManager.GetContextAsync(string siteUrl, CancellationToken cancellationToken)|ClientContext PnP.Framework.AuthenticationManager.GetContext(string siteUrl)|ClientContext s.cor.MicrosoftGraph.SharePoint.SharePointCsomService.CreateAzureAdAppOnlyAuthenticatedContext(string siteUrl) in SharePointCsomService.cs:99

I haven't found in the framework a way to refresh the token.

Is this a bug? If not, I haven't found any information to help me with that situation if this is working as intended intended.

I am using version 1.9.0

Thanks for your help :)
@HappyDump HappyDump changed the title Token not refreshing Token not refreshing with AuthenticationManager OBO Apr 25, 2022
@HappyDump
Copy link
Author

After some investigation, it appears that the account retrieved while using msal's confidentialClientApplication.AcquireTokenOnBehalfOf is never cached.

confidentialClientApplication.GetAccountsAsync() always returns null.

@HappyDump
Copy link
Author

HappyDump commented Apr 27, 2022
edited

After more digging there are two new methods used to handle long running processes with OBO that were added to MSAL.

@HappyDump HappyDump linked a pull request May 3, 2022 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added support for long-running On Behalf Of flow HappyDump/pnpframework
1 participant
@HappyDump