microsoft-authentication-library-for-android: Library fails for B2C login when no Access Token is returned
Using msal:0.2.2
After successfully logged in using B2C method, getting the following exception therefore failure at auth callback:
Caused by: java.lang.NullPointerException: Attempt to invoke virtual method 'long java.lang.Long.longValue()' on a null object reference
at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.getExpiresOn(MicrosoftStsAccountCredentialAdapter.java:231)
at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.createAccessToken(MicrosoftStsAccountCredentialAdapter.java:78)
at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.createAccessToken(MicrosoftStsAccountCredentialAdapter.java:45)
at com.microsoft.identity.common.internal.cache.MsalOAuth2TokenCache.save(MsalOAuth2TokenCache.java:112)
...
And here is my raw config file:
{
"client_id" : "XXX",
"authorization_user_agent" : "DEFAULT",
"redirect_uri" : "msalXXX://auth",
"authorities" : [
{
"type": "B2C",
"authority_url": "https://TTT.b2clogin.com/tfp/TTT.onmicrosoft.com/B2C_1_susi/"
}
]
}
where XXX is client id, and TTT is tenant.
It seems like the field “expires_in” in token response happens to be null, so auth fails inside the library although we get successful response from browser.
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 31 (14 by maintainers)
I had similar issue with
com.microsoft.identity.client:msal:1.3.0
version, and managed to fix it. In my case the issue was related to the fact the Azure AD B2C returned only Id token without access token, and theexpires_on
was not presented in the authorisation code exchange JSON response. To get an access token you must provide a valid API scope. To do so, make sure you create the scope under the Expose an API, and also grant permission to that API under the API permissions.I also recommend you to use the Android studio profiler https://developer.android.com/studio/profile/network-profiler, so you can see the request and the response to the token endpoint.
Your response should look like similar to the following one
Please let me know if you need any further explanations,
Yoel
@iambmelt Hello again. So we’ve tried updating the policies with this workaround you gave me. Sadly, when trying to debug all the way down into the LocalMSALController.java, I can see this line:
final TokenResult tokenResult = performTokenRequest(oAuth2Strategy, mAuthorizationRequest, result.getAuthorizationResponse(), parameters);
is giving me a tokenResult that looks like this(in the tokenResponse):
The mClientInfo, mIdToken and mRefreshToken all have data in it, I just removed it for this purpose of the talk.
Hopefully, you can point me in some direction here. 😃
EDIT: I had to set my SCOPES as the client id of the azure b2c project, then it all worked out for me. So this line solved it for me:
val SCOPES = arrayOf("CLIENT_ID")