Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Log an error if ppl perform OBO over common or organizations #4606

Closed
bgavrilMS opened this issue Feb 5, 2024 · 5 comments · Fixed by #4642
Closed

[Bug] Log an error if ppl perform OBO over common or organizations #4606

bgavrilMS opened this issue Feb 5, 2024 · 5 comments · Fixed by #4642
Assignees
@trwalke
Labels
bug ICM This issue has a corresponding ICM, either for our team or another. P2 public-client scenario:WebApi Supportability
Milestone
4.60.0

Comments

@bgavrilMS
Copy link
Member

Library version used

4.58

.NET version

all

Scenario

ConfidentialClient - web api (AcquireTokenOnBehalfOf)

Is this a new or an existing app?

None

Issue description and reproduction steps

We keep getting issues related OBO + guest users.

Correct pattern is:

  1. Extract tid claim from client assertion
  2. Use authority cloud/tid to perform OBO on

Actual (wrong) pattern used by many is to use cloud/common to perform OBO

Relevant code snippets

No response

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

Log.Error similar to the one we put in client_credentials
@bgavrilMS bgavrilMS added untriaged Do not delete. Needed for Automation needs attention Delete label after triage scenario:WebApi Supportability ICM This issue has a corresponding ICM, either for our team or another. public-client bug P2 and removed untriaged Do not delete. Needed for Automation needs attention Delete label after triage labels Feb 5, 2024
@bgavrilMS bgavrilMS added this to the 4.60.0 milestone Feb 5, 2024
@bgavrilMS bgavrilMS moved this from Committed to Committed High Priority in MSAL Customer Trust / QM Feb 5, 2024
@pmaytak
Copy link
Contributor

pmaytak commented Feb 14, 2024

As part of this we should also add a clear code snippet in our docs on how to do this:

Correct pattern is:

Extract tid claim from client assertion
Use authority cloud/tid to perform OBO on

@trwalke trwalke moved this from Committed High Priority to In Progress in MSAL Customer Trust / QM Feb 16, 2024
@trwalke trwalke self-assigned this Feb 16, 2024
@trwalke trwalke mentioned this issue Feb 21, 2024
Merged
1 task
@trwalke trwalke moved this from In Progress to Waiting for Code Review in MSAL Customer Trust / QM Feb 22, 2024
@pmaytak pmaytak linked a pull request Feb 23, 2024 that will close this issue
Adding error log for common/organizations on OBO flow #4642
Merged
1 task
@trwalke
Copy link
Member

trwalke commented Mar 6, 2024

As part of this we should also add a clear code snippet in our docs on how to do this:

Correct pattern is:
Extract tid claim from client assertion
Use authority cloud/tid to perform OBO on

Which client assertion are we referring to exactly? what we pass into WithClientAssertion or ClaimsPrincipal?
I am trying to find a code snippet where this is happening.

@bgavrilMS

@github-project-automation github-project-automation bot moved this from Waiting for Code Review to Done in MSAL Customer Trust / QM Mar 6, 2024
@trwalke trwalke reopened this Mar 6, 2024
@github-project-automation github-project-automation bot moved this from Done to Committed High Priority in MSAL Customer Trust / QM Mar 6, 2024
@trwalke
Copy link
Member

trwalke commented Mar 6, 2024

Keeping issue open to track doc updates

@bgavrilMS bgavrilMS moved this from Committed High Priority to Done in MSAL Customer Trust / QM Mar 6, 2024
@pmaytak
Copy link
Contributor

pmaytak commented Mar 21, 2024

Were the docs updated?

@neha-bhargava neha-bhargava modified the milestones: 4.60.0, 4.61.0 Mar 27, 2024
@neha-bhargava neha-bhargava modified the milestones: 4.61.0, 4.60.0 Mar 27, 2024
@neha-bhargava neha-bhargava moved this from Done to Blocked/Waiting for reply in MSAL Customer Trust / QM Apr 1, 2024
@pmaytak pmaytak mentioned this issue Apr 9, 2024
Open
@pmaytak
Copy link
Contributor

pmaytak commented Apr 9, 2024

Closing - this was released in 4.60.0. Added an issue in the docs repo for the related updates: MicrosoftDocs/microsoft-authentication-library-dotnet#393

@pmaytak pmaytak closed this as completed Apr 9, 2024
@github-project-automation github-project-automation bot moved this from Blocked/Waiting for reply to Done in MSAL Customer Trust / QM Apr 9, 2024
@pmaytak pmaytak modified the milestones: 4.61.0, 4.60.0 Apr 12, 2024
@gladjohn gladjohn mentioned this issue Jul 9, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@trwalke trwalke

Labels
bug ICM This issue has a corresponding ICM, either for our team or another. P2 public-client scenario:WebApi Supportability
Projects
MSAL Customer Trust / QM
Archived in project
Milestone
4.60.0
4 participants
@bgavrilMS @trwalke @pmaytak @neha-bhargava