通过Microsoft.Identity.Web请求图形权限时出错

Question

在我的基于WebApp-graph-user sample的应用程序中，我得到了以下错误堆栈。我只是尝试登录并获取User.ReadBasic.All图形权限的令牌。我检查了所有进入AcquireTokenByAuthorizationCode的参数，它看起来都很好(没有空值)。App是使用.net core 3.1的MVC应用程序。

堆栈：

NullReferenceException:对象引用未设置为对象的实例。Microsoft.Identity.Client.Internal.ClientCredentialWrapper.get_Thumbprint() Microsoft.Identity.Client.Internal.JsonWebToken+JWTHeaderWithCertificate..ctor(ClientCredentialWrapper凭证，布尔凭证) Microsoft.Identity.Client.Internal.JsonWebToken.EncodeHeaderToJson(ClientCredentialWrapper凭证，布尔凭证) Microsoft.Identity.Client.Internal.JsonWebToken.Encode(ClientCredentialWrapper凭证，布尔凭证) Microsoft.Identity.Client.Internal.JsonWebToken.Sign(ClientCredentialWrapper凭证，布尔记录器，Microsoft.Identity.Client.Internal.Requests.ClientCredentialHelper.CreateClientCredentialBodyParameters(ICoreLogger sendCertificate，ICryptographyManager cryptographyManager，ClientCredentialWrapper clientCredential，string clientId，AuthorityEndpoints sendCertificate，bool sendX5C) Microsoft.Identity.Client.Internal.Requests.RequestBase.SendTokenRequestAsync(string tokenEndpointOverride，sendX5C additionalBodyParameters，string scopeOverride，string tokenEndpointOverride，CancellationToken cancellationToken) Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.ExecuteAsync(AcquireTokenCommonParameters IDictionary，string additionalBodyParameters，CancellationToken cancellationToken) tokenEndpointOverride cancellationToken) bool cancellationToken) Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters，，) context，结果作用域)中的值+变量Microsoft.Identity.Web.WebAppServiceCollectionExtensions+<>c__DisplayClass2_1+d.MoveNext() =等待应用程序中的结果+等待tokenAcquisition.AddAccountToCacheFromAuthorizationCodeAsync(context，options.Scope).ConfigureAwait(假)；Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage authorizationResponse，ClaimsPrincipal用户，AuthenticationProperties属性，JwtSecurityToken jwt) Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()

代码:来自TokenAcquisition.cs -第127行

                // Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it and will not send the OAuth 2.0 request in
                // case a further call to AcquireTokenByAuthorizationCodeAsync in the future is required for incremental consent (getting a code requesting more scopes)
                // Share the ID Token though
                var result = await application
                    .AcquireTokenByAuthorizationCode(scopes.Except(_scopesRequestedByMsal), context.ProtocolMessage.Code)
                    .ExecuteAsync()
                    .ConfigureAwait(false);
                context.HandleCodeRedemption(null, result.IdToken);

Answer 1

已解决:由于这里讨论的错误配置，这被证明是一个空的客户端密码值：https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1476