Connect-MgGraph : Invalid JWT access token. #2569
Comments
|
Hi @GKMSA, I had the same issue when running MgGraph within Azure Functions. I could fix the problem by deleting the newer package and defining an older version of MgGraph in the requirements.psd1 file. Following version resolved the problem: I hope this helps you as well. |
|
Hi @GKMSA , |
|
This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. |
|
I have been trying to make it work for both personal and business accounts for weeks now. This inconsistency in access tokens is killing me. Why does graph API work with access token and jwt token when creating normal http request and not in the library. This should be somehow standardized or you should support both types of tokens. I should also add that we have implemented several oauth integrations within a week and now we have spent weeks only for this -.- |
Thanks for reporting the bug. Please ensure you've gone through the following checklist before opening an issue:
Describe the bug
To Reproduce
Steps to reproduce the behavior:
`Connect-MgGraph : Invalid JWT access token.
At line:1 char:1
Expected behavior
Debug Output
PS C:\Users\Galya.Serkiova\OneDrive - Met Office\Documents\PowerShellScripts_GS\MSIdentityTools 2.0.52> Connect-MgGraph -Scopes Application.Read.ALL -Debug
DEBUG: InteractiveBrowserCredential.Authenticate invoked. Scopes: [ Application.Read.ALL ] ParentRequestId:
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
DEBUG: Executing interactive authentication workflow inline.
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
DEBUG: InteractiveBrowserCredential.Authenticate was unable to retrieve an access token. Scopes: [ Application.Read.ALL ] ParentRequestId: Exception: Azure.Identity.AuthenticationFailedException (0x80131500): InteractiveBrowserCredential authentication failed:
Persistence check failed. Inspect inner exception for details
---> Microsoft.Identity.Client.Extensions.Msal.MsalCachePersistenceException (0x80131500): Persistence check failed. Inspect inner exception for details
---> System.IO.FileNotFoundException (0x80070002): Could not load file or assembly 'System.Security.Cryptography.ProtectedData, Version=4.0.3.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
DEBUG: InteractiveBrowserCredential.Authenticate invoked. Scopes: [ Application.Read.ALL ] ParentRequestId:
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
DEBUG: Executing interactive authentication workflow inline.
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:06Z - b0653e94-3f06-4816-877a-96f631e54284] MSAL MSAL.Desktop with assembly version '4.56.0.0'. CorrelationId(b0653e94-3f06-4816-877a-96f631e54284)
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"):
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:07Z - b0653e94-3f06-4816-877a-96f631e54284] === InteractiveParameters Data ===
LoginHint provided: False
User provided: False
UseEmbeddedWebView: NotSpecified
ExtraScopesToConsent:
Prompt: select_account
HasCustomWebUi: False
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:08Z - b0653e94-3f06-4816-877a-96f631e54284]
=== Request Data ===
Authority Provided? - True
Scopes - Application.Read.ALL
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenInteractive
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - b0653e94-3f06-4816-877a-96f631e54284
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:09Z - b0653e94-3f06-4816-877a-96f631e54284] === Token Acquisition (InteractiveRequest) started:
Scopes: Application.Read.ALL
Authority Host: login.microsoftonline.com
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:10Z - b0653e94-3f06-4816-877a-96f631e54284] [Instance Discovery] Instance discovery is enabled and will be performed
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:12Z - b0653e94-3f06-4816-877a-96f631e54284] [Region discovery] Not using a regional authority.
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): a
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:20Z - b0653e94-3f06-4816-877a-96f631e54284] Using legacy embedded browser.
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:27Z - b0653e94-3f06-4816-877a-96f631e54284] [Legacy WebView] Redirect URI was reached. Stopping WebView navigation...
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:27Z - b0653e94-3f06-4816-877a-96f631e54284] An authorization code was retrieved from the /authorize endpoint.
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:27Z - b0653e94-3f06-4816-877a-96f631e54284] Exchanging the auth code for tokens.
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:27Z - b0653e94-3f06-4816-877a-96f631e54284] === InteractiveParameters Data ===
LoginHint provided: False
User provided: False
UseEmbeddedWebView: NotSpecified
ExtraScopesToConsent:
Prompt: select_account
HasCustomWebUi: False
DEBUG: Request [48d98cc3-cee3-47d5-97b7-2b4136fefba3] POST https://login.microsoftonline.com/common/oauth2/v2.0/token
x-client-SKU:REDACTED
x-client-Ver:REDACTED
x-client-CPU:REDACTED
x-client-OS:REDACTED
x-anchormailbox:REDACTED
x-client-current-telemetry:REDACTED
x-client-last-telemetry:REDACTED
x-ms-lib-capability:REDACTED
client-request-id:REDACTED
return-client-request-id:REDACTED
x-app-name:REDACTED
x-app-ver:REDACTED
Content-Type:application/x-www-form-urlencoded
x-ms-client-request-id:48d98cc3-cee3-47d5-97b7-2b4136fefba3
x-ms-return-client-request-id:true
User-Agent:azsdk-net-Identity/1.10.3 (.NET Framework 4.8.9195.0; Microsoft Windows 10.0.19045 )
client assembly: Azure.Identity
DEBUG: Response [48d98cc3-cee3-47d5-97b7-2b4136fefba3] 200 OK (00.8s)
Pragma:no-cache
Strict-Transport-Security:REDACTED
X-Content-Type-Options:REDACTED
client-request-id:REDACTED
x-ms-request-id:20d2bc94-542d-424e-89f9-40ea2e06bb00
x-ms-ests-server:REDACTED
x-ms-clitelem:REDACTED
X-XSS-Protection:REDACTED
Cache-Control:no-store, no-cache
Content-Type:application/json; charset=utf-8
Expires:-1
P3P:REDACTED
Set-Cookie:REDACTED
Date:Tue, 06 Feb 2024 13:43:27 GMT
Content-Length:4703
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284] Checking client info returned from the server..
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284] Saving token response to cache..
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284] Looking for scopes for the authority in the cache which intersect with Application.Read.ALL
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284] Intersecting scope entries count - 0
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284] Matching entries after filtering by user - 0
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284] [SaveTokenResponseAsync] Saving Id Token and Account in cache ...
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284] [SaveTokenResponseAsync] Saving RT in cache...
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284] IsLegacyAdalCacheEnabled: yes
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284] [AdalCacheOperations] Serializing token cache with 1 items.
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284]
=== Token Acquisition finished successfully:
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284] AT expiration time: 06/02/2024 15:09:09 +00:00, scopes: Application.Read.All AuditLog.Read.All Directory.Read.All
Directory.ReadWrite.All openid profile RoleManagement.Read.Directory User.Read User.Read.All User.ReadWrite.All email. source: IdentityProvider
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - b0653e94-3f06-4816-877a-96f631e54284] Fetched access token from host login.microsoftonline.com.
DEBUG: InteractiveBrowserCredential.Authenticate succeeded. Scopes: [ Application.Read.ALL ] ParentRequestId: ExpiresOn: 2024-02-06T15:09:09.1559625+00:00
DEBUG: InteractiveBrowserCredential.GetToken invoked. Scopes: [ Application.Read.ALL ] ParentRequestId:
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - 2ef73de5-7e38-41e8-a3c5-df386f0977c3] MSAL MSAL.Desktop with assembly version '4.56.0.0'. CorrelationId(2ef73de5-7e38-41e8-a3c5-df386f0977c3)
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - 2ef73de5-7e38-41e8-a3c5-df386f0977c3] === AcquireTokenSilent Parameters ===
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - 2ef73de5-7e38-41e8-a3c5-df386f0977c3] LoginHint provided: False
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - 2ef73de5-7e38-41e8-a3c5-df386f0977c3] Account provided: True
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - 2ef73de5-7e38-41e8-a3c5-df386f0977c3] ForceRefresh: False
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - 2ef73de5-7e38-41e8-a3c5-df386f0977c3]
=== Request Data ===
Authority Provided? - True
Scopes - Application.Read.ALL
Extra Query Params Keys (space separated) -
ApiId - AcquireTokenSilent
IsConfidentialClient - False
SendX5C - False
LoginHint ? False
IsBrokerConfigured - False
HomeAccountId - False
CorrelationId - 2ef73de5-7e38-41e8-a3c5-df386f0977c3
UserAssertion set: False
LongRunningOboCacheKey set: False
Region configured:
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - 2ef73de5-7e38-41e8-a3c5-df386f0977c3] === Token Acquisition (SilentRequest) started:
Scopes: Application.Read.ALL
Authority Host: login.microsoftonline.com
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - 2ef73de5-7e38-41e8-a3c5-df386f0977c3] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - 2ef73de5-7e38-41e8-a3c5-df386f0977c3] Access token is not expired. Returning the found cache entry. [Current time (02/06/2024 13:43:28) - Expiration Time (02/06/2024
15:09:09 +00:00) - Extended Expiration Time (02/06/2024 15:09:09 +00:00)]
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - 2ef73de5-7e38-41e8-a3c5-df386f0977c3] Returning access token found in cache. RefreshOn exists ? False
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - 2ef73de5-7e38-41e8-a3c5-df386f0977c3] [Region discovery] Not using a regional authority.
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - 2ef73de5-7e38-41e8-a3c5-df386f0977c3]
=== Token Acquisition finished successfully:
DEBUG: False MSAL 4.56.0.0 MSAL.Desktop 4.8 or later Windows 10 Enterprise [2024-02-06 13:43:28Z - 2ef73de5-7e38-41e8-a3c5-df386f0977c3] AT expiration time: 06/02/2024 15:09:09 +00:00, scopes: Application.Read.All AuditLog.Read.All Directory.Read.All
Directory.ReadWrite.All openid profile RoleManagement.Read.Directory User.Read User.Read.All User.ReadWrite.All email. source: Cache
DEBUG: InteractiveBrowserCredential.GetToken succeeded. Scopes: [ Application.Read.ALL ] ParentRequestId: ExpiresOn: 2024-02-06T15:09:09.0000000+00:00
Confirm
Invalid JWT access token.
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): y
Connect-MgGraph : Invalid JWT access token.
At line:1 char:1
Module Version
ModuleType Version Name ExportedCommands
Script 2.11.1 Microsoft.Graph.Authentication {Add-MgEnvironment, Connect-MgGraph, Disconnect-MgGraph, Get-MgContext...}
Environment Data
Screenshots
Additional context
The text was updated successfully, but these errors were encountered: