Microsoft.Identityj.Web.DownstreamApi should give meaningful error message when identity is specified through configuration with a wrong key #2921
Description
Microsoft.Identity.Web Library
Microsoft.Identity.Web.DownstreamApi
Microsoft.Identity.Web version
2.19.0
Web app
Not Applicable
Web API
Protected web APIs (validating tokens)
Token cache serialization
In-memory caches
Description
Following example "6-Call-OwnApi - ManagedIdentity" from https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2, I accidentally have a wrong configuration in appsettings.json, and when running the application it threw "NullRefernceException".
Reproduction steps
Following example "6-Call-OwnApi - ManagedIdentity" from https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2,
Note, in appsettings.json there is an empty space at the end of the key name: "ManagedIdentity "
{
"MyWebApi": {
"BaseUrl": "<API_URL>",
"RelativePath": "api/<API_Name>",
"RequestAppToken": true,
"Scopes": [ "api://<API_Application_Id>/.default" ],
"AcquireTokenOptions": {
"ManagedIdentity ": {
"UserAssignedClientId ": "<UAMI_ID>"
}
}
}
}
Run the application in Azure VM.
Error message
Run the application in Azure VM, I got this error message:
Unhandled exception. System.NullReferenceException: Object reference not set to an instance of an object.
at Microsoft.Identity.Web.MergedOptions.PrepareAuthorityInstanceForMsal()
at Microsoft.Identity.Web.TokenAcquisition.BuildConfidentialClientApplicationAsync(MergedOptions mergedOptions)
at Microsoft.Identity.Web.TokenAcquisition.GetOrBuildConfidentialClientApplicationAsync(MergedOptions mergedOptions)
at Microsoft.Identity.Web.TokenAcquisition.GetAuthenticationResultForAppAsync(String scope, String authenticationScheme, String tenant, TokenAcquisitionOptions tokenAcquisitionOptions)
at Microsoft.Identity.Web.DefaultAuthorizationHeaderProvider.CreateAuthorizationHeaderForAppAsync(String scopes, AuthorizationHeaderProviderOptions downstreamApiOptions, CancellationToken cancellationToken)
at Microsoft.Identity.Web.DownstreamApi.UpdateRequestAsync(HttpRequestMessage httpRequestMessage, HttpContent content, DownstreamApiOptions effectiveOptions, Boolean appToken, ClaimsPrincipal user, CancellationToken cancellationToken)
at Microsoft.Identity.Web.DownstreamApi.CallApiInternalAsync(String serviceName, DownstreamApiOptions effectiveOptions, Boolean appToken, HttpContent content, ClaimsPrincipal user, CancellationToken cancellationToken)
at Microsoft.Identity.Web.DownstreamApi.GetForAppAsync[TOutput](String serviceName, Action`1 downstreamApiOptionsOverride, CancellationToken cancellationToken)
at Program.<Main>$(String[] args) in C:\Users\<me>\source\repos\active-directory-dotnetcore-daemon-v2\6-Call-OwnApi - ManagedIdentity\daemon-console\Program.cs:line 36
at Program.<Main>(String[] args)
Id Web logs
No response
Relevant code snippets
#
// Extract the downstream API service from the 'tokenAcquirerFactory' service provider.
var api = sp.GetRequiredService<IDownstreamApi>();
// You can use the API service to make direct HTTP calls to your API. Token
// acquisition is handled automatically based on the configurations in your
// appsettings.json file.
var result = await api.GetForAppAsync<IEnumerable<TodoItem>>("MyApi");Regression
No response
Expected behavior
The library does some validation and return meaningful error message rather than an NullReferenceException, it took me for a while to figure out the problem.