I am getting the following error stack in my app which is based on the WebApp-graph-user sample. I am just trying to login and get a token for User.ReadBasic.All graph permissions. I checked all the parameters going into AcquireTokenByAuthorizationCode and it all looked good (no null values). App is MVC web app using .net core 3.1.
stack:
NullReferenceException: Object reference not set to an instance of an object. Microsoft.Identity.Client.Internal.ClientCredentialWrapper.get_Thumbprint() Microsoft.Identity.Client.Internal.JsonWebToken+JWTHeaderWithCertificate..ctor(ClientCredentialWrapper credential, bool sendCertificate) Microsoft.Identity.Client.Internal.JsonWebToken.EncodeHeaderToJson(ClientCredentialWrapper credential, bool sendCertificate) Microsoft.Identity.Client.Internal.JsonWebToken.Encode(ClientCredentialWrapper credential, bool sendCertificate) Microsoft.Identity.Client.Internal.JsonWebToken.Sign(ClientCredentialWrapper credential, bool sendCertificate) Microsoft.Identity.Client.Internal.Requests.ClientCredentialHelper.CreateClientCredentialBodyParameters(ICoreLogger logger, ICryptographyManager cryptographyManager, ClientCredentialWrapper clientCredential, string clientId, AuthorityEndpoints endpoints, bool sendX5C) Microsoft.Identity.Client.OAuth2.TokenClient.SendTokenRequestAsync(IDictionary additionalBodyParameters, string scopeOverride, string tokenEndpointOverride, CancellationToken cancellationToken) Microsoft.Identity.Client.Internal.Requests.RequestBase.SendTokenRequestAsync(string tokenEndpoint, IDictionary additionalBodyParameters, CancellationToken cancellationToken) Microsoft.Identity.Client.Internal.Requests.ConfidentialAuthCodeRequest.ExecuteAsync(CancellationToken cancellationToken) Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken) Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenByAuthorizationCodeParameters authorizationCodeParameters, CancellationToken cancellationToken) Microsoft.Identity.Web.TokenAcquisition.AddAccountToCacheFromAuthorizationCodeAsync(AuthorizationCodeReceivedContext context, IEnumerable scopes) in TokenAcquisition.cs + var result = await application Microsoft.Identity.Web.WebAppServiceCollectionExtensions+<>c__DisplayClass2_1+<b__3>d.MoveNext() in WebAppServiceCollectionExtensions.cs + await tokenAcquisition.AddAccountToCacheFromAuthorizationCodeAsync(context, options.Scope).ConfigureAwait(false); Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage authorizationResponse, ClaimsPrincipal user, AuthenticationProperties properties, JwtSecurityToken jwt) Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
Code: From TokenAcquisition.cs - line 127
// Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it and will not send the OAuth 2.0 request in
// case a further call to AcquireTokenByAuthorizationCodeAsync in the future is required for incremental consent (getting a code requesting more scopes)
// Share the ID Token though
var result = await application
.AcquireTokenByAuthorizationCode(scopes.Except(_scopesRequestedByMsal), context.ProtocolMessage.Code)
.ExecuteAsync()
.ConfigureAwait(false);
context.HandleCodeRedemption(null, result.IdToken);
