C
C#12mo ago
Cutter

❔ Can't access Microsoft Graph. What part am I not understanding clearly?

I will give my steps. The code. and the problem. Step 1. Login using Swagger UI [See Images] Step 2. Run My Get Method to get the User. My Problem I receive this error [See Images] 
Microsoft.Identity.Web.MicrosoftIdentityWebChallengeUserException: 'IDW10502: An MsalUiRequiredException was thrown due to a challenge for the user. See https://aka.ms/ms-id-web/ca_incremental-consent. '
Microsoft.Identity.Web.MicrosoftIdentityWebChallengeUserException: 'IDW10502: An MsalUiRequiredException was thrown due to a challenge for the user. See https://aka.ms/ms-id-web/ca_incremental-consent. '
My Code StartUp.cs - Swagger UI 
 scopes.Add($"user.read", "Access application on user behalf");

                c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
                {
                    Name = "oauth2",
                    Scheme = OpenIdConnectDefaults.AuthenticationScheme,
                    BearerFormat = "JWT",
                    Type = SecuritySchemeType.OAuth2,
                    Flows = new OpenApiOAuthFlows
                    {
                        Implicit = new OpenApiOAuthFlow()
                        {
                            AuthorizationUrl = new Uri("https://login.microsoftonline.com/common/oauth2/v2.0/authorize"),
                            TokenUrl = new Uri("https://login.microsoftonline.com/common/common/v2.0/token"),
                            Scopes = scopes
                        },

                    },
                });

                c.AddSecurityRequirement(new OpenApiSecurityRequirement() {
                {
                        new OpenApiSecurityScheme {
                            Reference = new OpenApiReference {
                                Type = ReferenceType.SecurityScheme,
                                Id = "oauth2"
                            },
                            Name = "oauth2",
                            In = ParameterLocation.Header,
                        },
                        new List <string> ()
                    }
                });
 scopes.Add($"user.read", "Access application on user behalf");

                c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
                {
                    Name = "oauth2",
                    Scheme = OpenIdConnectDefaults.AuthenticationScheme,
                    BearerFormat = "JWT",
                    Type = SecuritySchemeType.OAuth2,
                    Flows = new OpenApiOAuthFlows
                    {
                        Implicit = new OpenApiOAuthFlow()
                        {
                            AuthorizationUrl = new Uri("https://login.microsoftonline.com/common/oauth2/v2.0/authorize"),
                            TokenUrl = new Uri("https://login.microsoftonline.com/common/common/v2.0/token"),
                            Scopes = scopes
                        },

                    },
                });

                c.AddSecurityRequirement(new OpenApiSecurityRequirement() {
                {
                        new OpenApiSecurityScheme {
                            Reference = new OpenApiReference {
                                Type = ReferenceType.SecurityScheme,
                                Id = "oauth2"
                            },
                            Name = "oauth2",
                            In = ParameterLocation.Header,
                        },
                        new List <string> ()
                    }
                });
Startup.cs - Add Microsoft Web Identity I Have multiple authentication Schemes 
            services.AddMicrosoftIdentityWebApiAuthentication(Configuration, "AzureAd", OpenIdConnectDefaults.AuthenticationScheme)
                .EnableTokenAcquisitionToCallDownstreamApi()
                .AddMicrosoftGraph(Configuration.GetSection("DownstreamAPI"))
                .AddInMemoryTokenCaches();
            services.AddMicrosoftIdentityWebApiAuthentication(Configuration, "AzureAd", OpenIdConnectDefaults.AuthenticationScheme)
                .EnableTokenAcquisitionToCallDownstreamApi()
                .AddMicrosoftGraph(Configuration.GetSection("DownstreamAPI"))
                .AddInMemoryTokenCaches();
My Controller Method Called 
        [HttpGet]
        [Route("microsoftgraphauth")]
        [AuthorizeForScopes(AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme, Scopes = new string[] { "microsoftgraphauth" })]
        public async Task<ActionResult> MicrosoftGraphAuth()
        {

            try
            {
                var accessToken = Request.Headers[HeaderNames.Authorization];

                User user = await graphServiceClient.Me.GetAsync(r => r.Options.WithAuthenticationScheme(OpenIdConnectDefaults.AuthenticationScheme));
            }
            catch (Exception ex)
            {
                if (ex.InnerException is MsalUiRequiredException challengeException)
                {
                    tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(new string[] { "User.Read" }, challengeException, authenticationScheme: OpenIdConnectDefaults.AuthenticationScheme, Response);
                }
            }

            return Ok();
        }
        [HttpGet]
        [Route("microsoftgraphauth")]
        [AuthorizeForScopes(AuthenticationScheme = OpenIdConnectDefaults.AuthenticationScheme, Scopes = new string[] { "microsoftgraphauth" })]
        public async Task<ActionResult> MicrosoftGraphAuth()
        {

            try
            {
                var accessToken = Request.Headers[HeaderNames.Authorization];

                User user = await graphServiceClient.Me.GetAsync(r => r.Options.WithAuthenticationScheme(OpenIdConnectDefaults.AuthenticationScheme));
            }
            catch (Exception ex)
            {
                if (ex.InnerException is MsalUiRequiredException challengeException)
                {
                    tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(new string[] { "User.Read" }, challengeException, authenticationScheme: OpenIdConnectDefaults.AuthenticationScheme, Response);
                }
            }

            return Ok();
        }
I do not get it. I have signed the user in and asking for permission for the scope User.Read? What am I missing? I am very fustrated and have been at this for a week straight. Thank you for your time 🙂
5 Replies
Cutter
Cutter12mo ago
My Json Config 
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "trublue.api.onmicrosoft.com",
    "TenantId": "common",
    "ClientId": "<Id>",
    "ClientSecret": "<Secret>",
    "ClientCapabilities": [ "cp1" ],
    "CallbackPath": "/apitest/oauth2-redirect.html",
    "Scopes": "User.Read"
  },
  "DownstreamAPI": {
    "BaseUrl": "https://graph.microsoft.com/v1.0",
    "Scopes": "user.read"
  },
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "trublue.api.onmicrosoft.com",
    "TenantId": "common",
    "ClientId": "<Id>",
    "ClientSecret": "<Secret>",
    "ClientCapabilities": [ "cp1" ],
    "CallbackPath": "/apitest/oauth2-redirect.html",
    "Scopes": "User.Read"
  },
  "DownstreamAPI": {
    "BaseUrl": "https://graph.microsoft.com/v1.0",
    "Scopes": "user.read"
  },
ffmpeg -i me -f null -
ffmpeg -i me -f null -12mo ago
do you necessarily want to use the implicit flow?
Cutter
Cutter12mo ago
Well I will be communicating with a front end app with my web api. What do you think is best? I want to be able to sign the user in and get permission to use Microsoft graph scopes
ffmpeg -i me -f null -
ffmpeg -i me -f null -12mo ago
maybe you can also try asking on the azure discord server btw, or the powpco
Accord
Accord12mo ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server
More Posts
❔ VSCode shows type definition and not the actually implementationWhen I press F12 or use the `Go To Definition` option, it only shows me the definition without any i❔ Attempting to create a Result<T, E> type, running into issues with subclassesI want to create a `Result<T, E>` and I'm running into trouble with the following: let's say I have ❔ Help with college C++ lab (need help ASAP, fell behind due to medical and work reasons)I believe I have 90% of this lab done correctly but I am held up on seemingly small issues that I am✅ C sharp help static voidHello everyone I am new to C sharp and I was wondering if someone can help me with my code it says t❔ Form in ASP.NET.MVC doesn't workhi, guys! nice to meet y'all, I just got here! :) this may sound like a silly question, but I'm new❔ Just trying to use Accord.Video.FFMPEG in C# projectSorry if my question is super stupid, literally 1 day old in C# (I have prog. exp. in other langs tgetting warning: CS8618 - Non-nullable variable must contain a non-null value when exiting constructI guess, it's not a big deal since the code is getting compiled but I still want to understand why I❔ Need help with user accountI'm creating user account using methods, but it seems a bit unclear to me how to invoke and use thes❔ Unity clamp rotationhello, i need to limit a rotation relative to another rotation and i don't know how to do it, i've aWould like to access the value of the Elements from my view model any ideas