At random intervals, my ASP.NET MVC Core application throws this error while attempting to authenticate users via Azure AD OpenIdConnect:
failed_to_acquire_token_silently
And the workaround has been to truncate ADAL's database table UserTokenCache.
Not sure what I am doing wrong in my OWIN pipeline configuration.
Once user is authenticated, I want to acquire a token for graph api in order to retrieve additional claims from Azure AD.
Exception gets thrown from the catch block
accessToken = authenticationContext.AcquireToken("https://graph.windows.net",
clientCredential).AccessToken;
Here is the complete method:
/// <summary>
/// This method has been adapted from generated code from a new ASP.NET MVC 5 project template
/// when using Organisational Accounts authentication.
/// This method acquires a Token from Azure AD in order to call its Graph API.
/// The token is acquired using the currently logged in User's refresh token.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
private async Task<string> GetTokenForApplicationAsync()
{
ClientCredential clientCredential =
new ClientCredential(
Configuration["Authentication:AzureAd:ClientId"],
Configuration["Authentication:AzureAd:ClientSecret"]);
AuthenticationContext authenticationContext =
new AuthenticationContext(
Configuration["Authentication:AzureAd:AADInstance"] +
Configuration["Authentication:AzureAd:TenantId"],
new ADALTokenCacheService(signedInUserID, Configuration));
string accessToken = null;
try
{
AuthenticationResult authenticationResult = await authenticationContext.AcquireTokenSilentAsync(
Configuration["Authentication:AzureAd:GraphResource"],
clientCredential,
new UserIdentifier(userObjectID, UserIdentifierType.UniqueId));
accessToken = authenticationResult.AccessToken;
}
catch (AdalException e)
{
accessToken = authenticationContext.AcquireToken("https://graph.windows.net",
clientCredential).AccessToken;
}
return accessToken;
}
I have already looked at this post it is not the same issue I am dealing with.
