[Bug] "The issuer '(null)' is invalid" error when I request my API with bearer token

See original GitHub issue

Which Version of MSAL are you using ? msal.net 1.9.0

Platform asp.net core 5.0

What authentication flow has the issue?

Desktop / Mobile
- Interactive
- Integrated Windows Auth
- Username Password
- Device code flow (browserless)
Web App
- Authorization code
- OBO
Daemon App
- Service to Service calls

Other? - please describe;

Is this a new or existing app? This is a new app or experiment

Repro

I have added following lines of code.

// startup.cs
services.AddMicrosoftIdentityWebApiAuthentication(Configuration, "AzureAd");
app.UseAuthentication();

// WeatherForecastController
[Authorize]
[RequiredScope("Default")]

// appsettings.json
"AzureAd": {
    "Instance": "https://login.chinacloudapi.cn/",
    "ClientId": "my client id",
    "Domain": "my organization domain",
    "TenantId": "my organization tenant id",
    "Authority": "https://login.chinacloudapi.cn/my organization tenant id/"
}

Expected behavior I checked my token on jwt.ms, it shows everything is good.

Actual behavior I use Postman to request the API, and the API tells me issuer is null in my token.

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:17 (3 by maintainers)

Top GitHub Comments

1reaction

Gtyrandecommented, Apr 29, 2021

@bgavrilMS

I tried to set authority as sts.chinacloud.cn but response shows The issuer '(null)' is invalid also. So I prefer to think of it as a problem in msal.net.
Actually I’m not a Microsoft employee. Ha ha.

0reactions

shuichen17commented, Jun 10, 2023

I use Microsoft.Identity.Web 1.25.3 and set "accessTokenAcceptedVersion": 2 Here is my code

services.AddAuthentication(options =>
                {
                    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
                    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                })
                .AddJwtBearer("AzureAd", jwtOptions =>
                {
                    jwtOptions.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateIssuer = false
                    };
                }).AddMicrosoftIdentityWebApi(Configuration.GetSection("AzureAd"));

              //  Set up basic authorization
                services.AddAuthorization(options =>
                {
                    options.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
                    .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme‌)
                    .RequireAuthenticatedUser().Build());
                });

It works properly. My app is multitenant.