Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Using the SHA2 feature will cause the following errors #4690

Closed
haha1903 opened this issue Mar 29, 2024 · 7 comments · Fixed by #4692
Closed

[Bug] Using the SHA2 feature will cause the following errors #4690

haha1903 opened this issue Mar 29, 2024 · 7 comments · Fixed by #4692
Assignees
@neha-bhargava
Labels
bug confidential-client P1 regression Behavior that worked in a previous release that no longer works in a newer release
Milestone
4.60.1

Comments

@haha1903
Copy link

Library version used

4.46.0

.NET version

Any

Scenario

PublicClient - desktop app

Is this a new or an existing app?

None

Issue description and reproduction steps

When getting a token by certificate

Microsoft.Identity.Client.MsalServiceException: AADSTS5002730: Invalid JWT token. Unsupported key for the signing algorithm. Trace ID: c985e53a-e233-4b56-88f0-bfcd91e20c00 Correlation ID: ef66443e-1b8d-43f8-9d6e-af2a090818ee Timestamp: 2024-03-29 01:38:20Z

Relevant code snippets

var certificate = X509Certificate2.CreateFromPemFile("xxx", "xxx");
var singletonApp = ConfidentialClientApplicationBuilder.Create("aadApp")
    .WithAuthority("https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47")
    .WithCertificate(certificate, true)
    .Build();


var authResult = await singletonApp
    .AcquireTokenForClient(scopes: new[] { "scope" })
    .ExecuteAsync();

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

Downgrade MSAL to version 4.59.0
@haha1903 haha1903 added needs attention Delete label after triage untriaged Do not delete. Needed for Automation labels Mar 29, 2024
@bgavrilMS bgavrilMS added bug P1 regression Behavior that worked in a previous release that no longer works in a newer release and removed untriaged Do not delete. Needed for Automation needs attention Delete label after triage labels Mar 29, 2024
@bgavrilMS
Copy link
Member

bgavrilMS commented Mar 29, 2024
edited

Very strange, as we have integration tests that check this flow. We use pfx based certs. Need to test pem based approach.

@bgavrilMS
Copy link
Member

@neha-bhargava - can you please take a look at this one.

@neha-bhargava
Copy link
Contributor

I just tried a PEM cert and received a token using the latest package. Can you share how you are creating the PEM certificate? Maybe this is an edge case.

@gladjohn
Copy link
Contributor

gladjohn commented Apr 1, 2024

From a preliminary investigation from a partner team this looks like an external issue (AAD) that is affecting MSAL 4.60.0, I will keep you updated here when the issue has been fixed. Please rollback to a previous version of MSAL until then

@lincolnu
Copy link

lincolnu commented Apr 1, 2024

As the bug report indicates, targeting version 4.59.0 of the MSAL assemblies is a sufficient workaround to this issue for now. Note that the "library version used" in the bug has a typo, and this issue applies to 4.60.0 specifically.

@gladjohn gladjohn added this to the 4.60.1 milestone Apr 1, 2024
@gladjohn gladjohn mentioned this issue Apr 1, 2024
Merged
1 task
@gladjohn
Copy link
Contributor

gladjohn commented Apr 2, 2024

Working on releasing MSAL 4.60.1 to NuGet, will update here after the release.

@gladjohn
Copy link
Contributor

gladjohn commented Apr 2, 2024

https://www.nuget.org/packages/Microsoft.Identity.Client/4.60.1

@gladjohn gladjohn mentioned this issue Apr 2, 2024
Closed
@pmaytak pmaytak mentioned this issue Apr 15, 2024
Closed
@gladjohn gladjohn mentioned this issue May 2, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@neha-bhargava neha-bhargava

Labels
bug confidential-client P1 regression Behavior that worked in a previous release that no longer works in a newer release
Projects
MSAL.NET Customer Trust
Archived in project
Milestone
4.60.1
5 participants
@haha1903 @bgavrilMS @lincolnu @neha-bhargava @gladjohn