Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
159 views
in Technique[技术] by (71.8m points)

c# - Microsoft Graph Token Lacks 'Account' property

C# application (.Net framework 4.8) I'm working on is relying on files stored on OneDrive on technical user. Files are accessed via Microsoft Graph SDK. The authenthication is performed via Msal token stored on the machine. We've also implemented watcher service ensuring that the Token is refreshed before expiration.

Recently I've been assigned to migrate everything to different user, however I'm struggling to acquire Token for Authenthication with all of the properties I need.

The token which is currently in place and is used in the application have following structure:

{
    "AccessToken": {
         ...
        }
    },
    "RefreshToken": {
         ...
        }
    },
    "IdToken": {
         ...
        }
    },
    "Account": {
        "": {
            "home_account_id": "",
            "environment": "",
            "client_info": "",
            "username": "",
            "name": "",
            "local_account_id": "",
            "authority_type": "MSSTS",
            "realm": ""
        }
    },
    "AppMetadata": {
        "appmetadata-login.windows.net-{appId}": {
            "environment": "",
            "client_id": ""
        }
    }
}

And when I try to acquire the token according to following documentation: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

{
    "token_type": "Bearer",
    "scope": "openid profile email https://graph.microsoft.com/Files.ReadWrite.All",
    "expires_in": 3599,
    "ext_expires_in": 3599,
    "access_token": "",
    "refresh_token": "",
    "id_token": ""
}

I get the token without the "Account" object/property in the JSON. The question is, how can I obtain the access token including the account property?

After checking the access token via jwt.ms it turns out that the accounts property are embedded in the access token. When I try to access the account via following code it is not possible. Confidential client application with the new token does not contain any accounts.

private async Task<string> GetTokenAsync()
{ 
    var cca = ConfidentialClientApplicationBuilder.Create(appId).WithClientSecret(appSecret).WithRedirectUri(redirectUri).Build();
    GraphTokenCache.TokenFilePath = tokenFilePath;
    GraphTokenCache.EnableSerialization(cca.UserTokenCache);
            
    var accounts = await cca.GetAccountsAsync();

    var account = accounts.First(); // <- Always returns 0
    var result = cca.AcquireTokenSilent(new[] { "Files.ReadWrite.All" }, account).ExecuteAsync().Result;
                return result.AccessToken;
}

public class GraphTokenCache
{
    public static string TokenFilePath;

    public static void EnableSerialization(ITokenCache cache)
    {
        cache.SetBeforeAccess(BeforeAccessNotification);
        cache.SetAfterAccess(AfterAccessNotification);
    }

    static void BeforeAccessNotification(TokenCacheNotificationArgs args)
    {
            if (System.IO.File.Exists(TokenFilePath))
            {
                var bytes = System.IO.File.ReadAllBytes(TokenFilePath);
                args.TokenCache.DeserializeMsalV3(bytes);
            }
    }

    static void AfterAccessNotification(TokenCacheNotificationArgs args)
    {
            if (args.HasStateChanged)
            {
                var bytes = args.TokenCache.SerializeMsalV3();
                System.IO.File.WriteAllBytes(TokenFilePath, bytes);
            }
    }
}
question from:https://stackoverflow.com/questions/65672046/microsoft-graph-token-lacks-account-property

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...