Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should OnBehalfOfCredential refresh token automatically? #2551

Open
MichalLechowski opened this issue Jun 14, 2024 · 2 comments
Open

Should OnBehalfOfCredential refresh token automatically? #2551

MichalLechowski opened this issue Jun 14, 2024 · 2 comments
Labels
Needs: Attention 👋 type:question An issue that's a question

Comments

@MichalLechowski
Copy link

I can't find any documentation for it, the question is if I use OBO flow and initialize graph client like below, should token be automatically refreshed? It does not seem to be or I am missing configuration somewhere. For a long running GraphAPI operation, if token expires, it ends up with: "Assertion is not within its valid time range". Should this work out of the box or if not how should this be implemented? Graph is instantiated only once for my custom graph service class.

OBO flow is used like that:
UI---request+token--->API A---request+token--->API B--->call GraphAPI with OBO token

var scopes = new[] { "https://graph.microsoft.com/.default" };

var options = new OnBehalfOfCredentialOptions
{
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};

var onBehalfOfCredential = new OnBehalfOfCredential(configuration["AzureAd:TenantId"],
                                                    configuration["AzureAd:ClientId"],
                                                    configuration["AzureAd:ClientSecret"],
                                                    httpContext.HttpContext.Request.Headers.Authorization.ToString()["Bearer ".Length..],
                                                    options);

HttpClientHandler httpClientHandler = new HttpClientHandler();
CustomRetryHandler customRetryHandler = new CustomRetryHandler(httpClientHandler);
var handlers = GraphClientFactory.CreateDefaultHandlers();
var httpClient = GraphClientFactory.Create(handlers);
_graphServiceClient = new GraphServiceClient(httpClient, onBehalfOfCredential, scopes);

What I tried?
Adding "offline_access" to scopes, does not seem to make a difference.
@MichalLechowski MichalLechowski added the status:waiting-for-triage An issue that is yet to be reviewed or assigned label Jun 14, 2024
@andrueastman
Copy link
Member

andrueastman commented Jun 18, 2024
edited
Loading

Thanks for raising this @MichalLechowski

I believe the real issue is in this line here as the error suggests that the Assertion pulled from the HttpContext is the expired one. To resolve this, you can probably

httpContext.HttpContext.Request.Headers.Authorization.ToString()["Bearer ".Length..],

@andrueastman andrueastman added status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close type:question An issue that's a question and removed status:waiting-for-triage An issue that is yet to be reviewed or assigned labels Jun 18, 2024
@MichalLechowski
Copy link
Author

MichalLechowski commented Jun 20, 2024
edited
Loading

@andrueastman Thanks for suggestions, I downloaded the sample and connected to my graph to see if it'd work for running a long process (in that case I am creating MS Teams team with many channels and directories), but it doesn't seem to work. It works initially and I can see the resources created in MS Teams, but only as long as initial token is valid and then when it expires, I get the same error about assertion.

The log:


      
      
      Sending HTTP request POST https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.Default.ClientHandler[101]
      Received HTTP response headers after 150.3407ms - 200
info: System.Net.Http.HttpClient.Default.LogicalHandler[101]
      End processing HTTP request after 153.0251ms - 200
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z] Checking client info returned from the server..
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z] Saving token response to cache..
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z] Looking for scopes for the authority in the cache which intersect with user.read
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z] [Internal cache] Total number of cache partitions found while getting access tokens: 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z] Intersecting scope entries count - 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z] Matching entries after filtering by user - 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z] [SaveTokenResponseAsync] Saving Id Token and Account in cache ...
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z]
        === Token Acquisition finished successfully:
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z]  AT expiration time: 20.06.2024 11:53:00 +00:00, scopes: Channel.Create Channel.Delete.All Channel.ReadBasic.All ChannelMember.Read.All ChannelMember.ReadWrite.All ChannelMessage.Edit ChannelMessage.Read.All ChannelMessage.ReadWrite ChannelMessage.Send ChannelSettings.Read.All ChannelSettings.ReadWrite.All Directory.Read.All email Files.Read Files.Read.All Files.ReadWrite Files.ReadWrite.All Group.Read.All openid profile Sites.Manage.All Sites.Read.All Sites.ReadWrite.All Team.Create Team.ReadBasic.All TeamMember.Read.All TeamMember.ReadWrite.All TeamSettings.Read.All TeamSettings.ReadWrite.All User.Read User.Read.All. source: IdentityProvider
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z] Fetched access token from host login.microsoftonline.com. Endpoint: https://login.microsoftonline.com/MY_TENANT_ID/.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z]
      [LogMetricsFromAuthResult] Cache Refresh Reason: Expired
      [LogMetricsFromAuthResult] DurationInCacheInMs: 0
      [LogMetricsFromAuthResult] DurationTotalInMs: 174
      [LogMetricsFromAuthResult] DurationInHttpInMs: 154
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:58Z] [LogMetricsFromAuthResult] TokenEndpoint: https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.GraphServiceClient.LogicalHandler[100]
      Start processing HTTP request POST https://graph.microsoft.com/v1.0/teams/a9f82dce-befe-405b-850d-97f411696aaf/channels
info: System.Net.Http.HttpClient.GraphServiceClient.ClientHandler[100]
      Sending HTTP request POST https://graph.microsoft.com/v1.0/teams/a9f82dce-befe-405b-850d-97f411696aaf/channels
info: System.Net.Http.HttpClient.GraphServiceClient.ClientHandler[101]
      Received HTTP response headers after 509.8862ms - 429
info: System.Net.Http.HttpClient.GraphServiceClient.LogicalHandler[101]
      End processing HTTP request after 512.4345ms - 429
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] MSAL MSAL.NetCore with assembly version '4.61.3.0'. CorrelationId(00000000-0000-0000-0000-000000000000)
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] === OnBehalfOfParameters ===
      SendX5C: False
      ForceRefresh: False
      UserAssertion set: True
      SearchInCacheForLongRunningObo: False
      LongRunningOboCacheKey set: False
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z]
      === Request Data ===
      Authority Provided? - True
      Client Id - MY_CLIENT_ID
      Scopes - user.read
      Redirect Uri - http://localhost:44351/signin-oidc
      Extra Query Params Keys (space separated) -
      ClaimsAndClientCapabilities -
      Authority - https://login.microsoftonline.com/MY_TENANT_ID/
      ApiId - AcquireTokenOnBehalfOf
      IsConfidentialClient - True
      SendX5C - False
      LoginHint -
      IsBrokerConfigured - False
      HomeAccountId -
      CorrelationId - 00000000-0000-0000-0000-000000000000
      UserAssertion set: True
      LongRunningOboCacheKey set: False
      Region configured:

info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] === Token Acquisition (OnBehalfOfRequest) started:
        Authority: https://login.microsoftonline.com/MY_TENANT_ID/
        Scope: user.read
        ClientId: MY_CLIENT_ID

warn: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] Only in-memory caching is used. The cache is not persisted and will be lost if the machine is restarted. It also does not scale for a web app or web API, where the number of users can grow large. In production, web apps and web APIs should use distributed caching like Redis. See https://aka.ms/msal-net-cca-token-cache-serialization
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] [Instance Discovery] Instance discovery is enabled and will be performed
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] [Internal cache] Total number of cache partitions found while getting access tokens: 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] [FindAccessTokenAsync] Discovered 1 access tokens in cache using partition key: bdTl5uSqxuEY23c8fi90aGdQDPW5hDC9rkEr_Io6_eo
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] Access token has expired or about to expire. [Current time (06/20/2024 11:52:59) - Expiration Time (06/20/2024 11:53:00 +00:00) - Extended Expiration Time (06/20/2024 11:53:00 +00:00)]
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] [OBO request] Fetching tokens via normal OBO flow.
info: System.Net.Http.HttpClient.Default.LogicalHandler[100]
      Start processing HTTP request POST https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.Default.ClientHandler[100]
      Sending HTTP request POST https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.Default.ClientHandler[101]
      Received HTTP response headers after 192.4093ms - 200
info: System.Net.Http.HttpClient.Default.LogicalHandler[101]
      End processing HTTP request after 194.8122ms - 200
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] Checking client info returned from the server..
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] Saving token response to cache..
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] Looking for scopes for the authority in the cache which intersect with user.read
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] [Internal cache] Total number of cache partitions found while getting access tokens: 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] Intersecting scope entries count - 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] Matching entries after filtering by user - 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] [SaveTokenResponseAsync] Saving Id Token and Account in cache ...
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z]
        === Token Acquisition finished successfully:
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z]  AT expiration time: 20.06.2024 11:53:00 +00:00, scopes: Channel.Create Channel.Delete.All Channel.ReadBasic.All ChannelMember.Read.All ChannelMember.ReadWrite.All ChannelMessage.Edit ChannelMessage.Read.All ChannelMessage.ReadWrite ChannelMessage.Send ChannelSettings.Read.All ChannelSettings.ReadWrite.All Directory.Read.All email Files.Read Files.Read.All Files.ReadWrite Files.ReadWrite.All Group.Read.All openid profile Sites.Manage.All Sites.Read.All Sites.ReadWrite.All Team.Create Team.ReadBasic.All TeamMember.Read.All TeamMember.ReadWrite.All TeamSettings.Read.All TeamSettings.ReadWrite.All User.Read User.Read.All. source: IdentityProvider
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] Fetched access token from host login.microsoftonline.com. Endpoint: https://login.microsoftonline.com/MY_TENANT_ID/.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z]
      [LogMetricsFromAuthResult] Cache Refresh Reason: Expired
      [LogMetricsFromAuthResult] DurationInCacheInMs: 0
      [LogMetricsFromAuthResult] DurationTotalInMs: 218
      [LogMetricsFromAuthResult] DurationInHttpInMs: 195
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:52:59Z] [LogMetricsFromAuthResult] TokenEndpoint: https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.GraphServiceClient.LogicalHandler[100]
      Start processing HTTP request POST https://graph.microsoft.com/v1.0/teams/a9f82dce-befe-405b-850d-97f411696aaf/channels
info: System.Net.Http.HttpClient.GraphServiceClient.ClientHandler[100]
      Sending HTTP request POST https://graph.microsoft.com/v1.0/teams/a9f82dce-befe-405b-850d-97f411696aaf/channels
info: System.Net.Http.HttpClient.GraphServiceClient.ClientHandler[101]
      Received HTTP response headers after 464.5219ms - 429
info: System.Net.Http.HttpClient.GraphServiceClient.LogicalHandler[101]
      End processing HTTP request after 467.0386ms - 429
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] MSAL MSAL.NetCore with assembly version '4.61.3.0'. CorrelationId(00000000-0000-0000-0000-000000000000)
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] === OnBehalfOfParameters ===
      SendX5C: False
      ForceRefresh: False
      UserAssertion set: True
      SearchInCacheForLongRunningObo: False
      LongRunningOboCacheKey set: False
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z]
      === Request Data ===
      Authority Provided? - True
      Client Id - MY_CLIENT_ID
      Scopes - user.read
      Redirect Uri - http://localhost:44351/signin-oidc
      Extra Query Params Keys (space separated) -
      ClaimsAndClientCapabilities -
      Authority - https://login.microsoftonline.com/MY_TENANT_ID/
      ApiId - AcquireTokenOnBehalfOf
      IsConfidentialClient - True
      SendX5C - False
      LoginHint -
      IsBrokerConfigured - False
      HomeAccountId -
      CorrelationId - 00000000-0000-0000-0000-000000000000
      UserAssertion set: True
      LongRunningOboCacheKey set: False
      Region configured:

info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] === Token Acquisition (OnBehalfOfRequest) started:
        Authority: https://login.microsoftonline.com/MY_TENANT_ID/
        Scope: user.read
        ClientId: MY_CLIENT_ID

warn: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] Only in-memory caching is used. The cache is not persisted and will be lost if the machine is restarted. It also does not scale for a web app or web API, where the number of users can grow large. In production, web apps and web APIs should use distributed caching like Redis. See https://aka.ms/msal-net-cca-token-cache-serialization
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [Instance Discovery] Instance discovery is enabled and will be performed
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [Internal cache] Total number of cache partitions found while getting access tokens: 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [FindAccessTokenAsync] Discovered 1 access tokens in cache using partition key: bdTl5uSqxuEY23c8fi90aGdQDPW5hDC9rkEr_Io6_eo
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] Access token has expired or about to expire. [Current time (06/20/2024 11:53:00) - Expiration Time (06/20/2024 11:53:00 +00:00) - Extended Expiration Time (06/20/2024 11:53:00 +00:00)]
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [OBO request] Fetching tokens via normal OBO flow.
info: System.Net.Http.HttpClient.Default.LogicalHandler[100]
      Start processing HTTP request POST https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.Default.ClientHandler[100]
      Sending HTTP request POST https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.Default.ClientHandler[101]
      Received HTTP response headers after 206.1018ms - 200
info: System.Net.Http.HttpClient.Default.LogicalHandler[101]
      End processing HTTP request after 209.1778ms - 200
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] Checking client info returned from the server..
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] Saving token response to cache..
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] Looking for scopes for the authority in the cache which intersect with user.read
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [Internal cache] Total number of cache partitions found while getting access tokens: 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] Intersecting scope entries count - 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] Matching entries after filtering by user - 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [SaveTokenResponseAsync] Saving Id Token and Account in cache ...
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z]
        === Token Acquisition finished successfully:
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z]  AT expiration time: 20.06.2024 11:53:00 +00:00, scopes: Channel.Create Channel.Delete.All Channel.ReadBasic.All ChannelMember.Read.All ChannelMember.ReadWrite.All ChannelMessage.Edit ChannelMessage.Read.All ChannelMessage.ReadWrite ChannelMessage.Send ChannelSettings.Read.All ChannelSettings.ReadWrite.All Directory.Read.All email Files.Read Files.Read.All Files.ReadWrite Files.ReadWrite.All Group.Read.All openid profile Sites.Manage.All Sites.Read.All Sites.ReadWrite.All Team.Create Team.ReadBasic.All TeamMember.Read.All TeamMember.ReadWrite.All TeamSettings.Read.All TeamSettings.ReadWrite.All User.Read User.Read.All. source: IdentityProvider
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] Fetched access token from host login.microsoftonline.com. Endpoint: https://login.microsoftonline.com/MY_TENANT_ID/.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z]
      [LogMetricsFromAuthResult] Cache Refresh Reason: Expired
      [LogMetricsFromAuthResult] DurationInCacheInMs: 0
      [LogMetricsFromAuthResult] DurationTotalInMs: 233
      [LogMetricsFromAuthResult] DurationInHttpInMs: 210
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [LogMetricsFromAuthResult] TokenEndpoint: https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.GraphServiceClient.LogicalHandler[100]
      Start processing HTTP request POST https://graph.microsoft.com/v1.0/teams/a9f82dce-befe-405b-850d-97f411696aaf/channels
info: System.Net.Http.HttpClient.GraphServiceClient.ClientHandler[100]
      Sending HTTP request POST https://graph.microsoft.com/v1.0/teams/a9f82dce-befe-405b-850d-97f411696aaf/channels
info: System.Net.Http.HttpClient.GraphServiceClient.ClientHandler[101]
      Received HTTP response headers after 430.7409ms - 401
info: System.Net.Http.HttpClient.GraphServiceClient.LogicalHandler[101]
      End processing HTTP request after 433.5766ms - 401
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] MSAL MSAL.NetCore with assembly version '4.61.3.0'. CorrelationId(00000000-0000-0000-0000-000000000000)
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] === OnBehalfOfParameters ===
      SendX5C: False
      ForceRefresh: False
      UserAssertion set: True
      SearchInCacheForLongRunningObo: False
      LongRunningOboCacheKey set: False
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z]
      === Request Data ===
      Authority Provided? - True
      Client Id - MY_CLIENT_ID
      Scopes - user.read
      Redirect Uri - http://localhost:44351/signin-oidc
      Extra Query Params Keys (space separated) -
      ClaimsAndClientCapabilities -
      Authority - https://login.microsoftonline.com/MY_TENANT_ID/
      ApiId - AcquireTokenOnBehalfOf
      IsConfidentialClient - True
      SendX5C - False
      LoginHint -
      IsBrokerConfigured - False
      HomeAccountId -
      CorrelationId - 00000000-0000-0000-0000-000000000000
      UserAssertion set: True
      LongRunningOboCacheKey set: False
      Region configured:

info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] === Token Acquisition (OnBehalfOfRequest) started:
        Authority: https://login.microsoftonline.com/MY_TENANT_ID/
        Scope: user.read
        ClientId: MY_CLIENT_ID

warn: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] Only in-memory caching is used. The cache is not persisted and will be lost if the machine is restarted. It also does not scale for a web app or web API, where the number of users can grow large. In production, web apps and web APIs should use distributed caching like Redis. See https://aka.ms/msal-net-cca-token-cache-serialization
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [Instance Discovery] Instance discovery is enabled and will be performed
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [Internal cache] Total number of cache partitions found while getting access tokens: 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [FindAccessTokenAsync] Discovered 1 access tokens in cache using partition key: bdTl5uSqxuEY23c8fi90aGdQDPW5hDC9rkEr_Io6_eo
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] Access token has expired or about to expire. [Current time (06/20/2024 11:53:00) - Expiration Time (06/20/2024 11:53:00 +00:00) - Extended Expiration Time (06/20/2024 11:53:00 +00:00)]
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:00Z] [OBO request] Fetching tokens via normal OBO flow.
info: System.Net.Http.HttpClient.Default.LogicalHandler[100]
      Start processing HTTP request POST https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.Default.ClientHandler[100]
      Sending HTTP request POST https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.Default.ClientHandler[101]
      Received HTTP response headers after 195.3231ms - 200
info: System.Net.Http.HttpClient.Default.LogicalHandler[101]
      End processing HTTP request after 197.6395ms - 200
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Checking client info returned from the server..
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Saving token response to cache..
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Looking for scopes for the authority in the cache which intersect with user.read
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Internal cache] Total number of cache partitions found while getting access tokens: 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Intersecting scope entries count - 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Matching entries after filtering by user - 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [SaveTokenResponseAsync] Saving Id Token and Account in cache ...
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z]
        === Token Acquisition finished successfully:
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z]  AT expiration time: 20.06.2024 11:53:01 +00:00, scopes: Channel.Create Channel.Delete.All Channel.ReadBasic.All ChannelMember.Read.All ChannelMember.ReadWrite.All ChannelMessage.Edit ChannelMessage.Read.All ChannelMessage.ReadWrite ChannelMessage.Send ChannelSettings.Read.All ChannelSettings.ReadWrite.All Directory.Read.All email Files.Read Files.Read.All Files.ReadWrite Files.ReadWrite.All Group.Read.All openid profile Sites.Manage.All Sites.Read.All Sites.ReadWrite.All Team.Create Team.ReadBasic.All TeamMember.Read.All TeamMember.ReadWrite.All TeamSettings.Read.All TeamSettings.ReadWrite.All User.Read User.Read.All. source: IdentityProvider
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Fetched access token from host login.microsoftonline.com. Endpoint: https://login.microsoftonline.com/MY_TENANT_ID/.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z]
      [LogMetricsFromAuthResult] Cache Refresh Reason: Expired
      [LogMetricsFromAuthResult] DurationInCacheInMs: 0
      [LogMetricsFromAuthResult] DurationTotalInMs: 220
      [LogMetricsFromAuthResult] DurationInHttpInMs: 198
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [LogMetricsFromAuthResult] TokenEndpoint: https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.GraphServiceClient.LogicalHandler[100]
      Start processing HTTP request POST https://graph.microsoft.com/v1.0/teams/a9f82dce-befe-405b-850d-97f411696aaf/channels
info: System.Net.Http.HttpClient.GraphServiceClient.ClientHandler[100]
      Sending HTTP request POST https://graph.microsoft.com/v1.0/teams/a9f82dce-befe-405b-850d-97f411696aaf/channels
info: System.Net.Http.HttpClient.GraphServiceClient.ClientHandler[101]
      Received HTTP response headers after 330.4431ms - 401
info: System.Net.Http.HttpClient.GraphServiceClient.LogicalHandler[101]
      End processing HTTP request after 332.7805ms - 401
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] MSAL MSAL.NetCore with assembly version '4.61.3.0'. CorrelationId(00000000-0000-0000-0000-000000000000)
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] === OnBehalfOfParameters ===
      SendX5C: False
      ForceRefresh: False
      UserAssertion set: True
      SearchInCacheForLongRunningObo: False
      LongRunningOboCacheKey set: False
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z]
      === Request Data ===
      Authority Provided? - True
      Client Id - MY_CLIENT_ID
      Scopes - user.read
      Redirect Uri - http://localhost:44351/signin-oidc
      Extra Query Params Keys (space separated) -
      ClaimsAndClientCapabilities -
      Authority - https://login.microsoftonline.com/MY_TENANT_ID/
      ApiId - AcquireTokenOnBehalfOf
      IsConfidentialClient - True
      SendX5C - False
      LoginHint -
      IsBrokerConfigured - False
      HomeAccountId -
      CorrelationId - 00000000-0000-0000-0000-000000000000
      UserAssertion set: True
      LongRunningOboCacheKey set: False
      Region configured:

info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] === Token Acquisition (OnBehalfOfRequest) started:
        Authority: https://login.microsoftonline.com/MY_TENANT_ID/
        Scope: user.read
        ClientId: MY_CLIENT_ID

warn: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Only in-memory caching is used. The cache is not persisted and will be lost if the machine is restarted. It also does not scale for a web app or web API, where the number of users can grow large. In production, web apps and web APIs should use distributed caching like Redis. See https://aka.ms/msal-net-cca-token-cache-serialization
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Instance Discovery] Instance discovery is enabled and will be performed
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Internal cache] Total number of cache partitions found while getting access tokens: 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [FindAccessTokenAsync] Discovered 1 access tokens in cache using partition key: bdTl5uSqxuEY23c8fi90aGdQDPW5hDC9rkEr_Io6_eo
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Access token has expired or about to expire. [Current time (06/20/2024 11:53:01) - Expiration Time (06/20/2024 11:53:01 +00:00) - Extended Expiration Time (06/20/2024 11:53:01 +00:00)]
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [OBO request] Fetching tokens via normal OBO flow.
info: System.Net.Http.HttpClient.Default.LogicalHandler[100]
      Start processing HTTP request POST https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.Default.ClientHandler[100]
      Sending HTTP request POST https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.Default.ClientHandler[101]
      Received HTTP response headers after 198.3708ms - 200
info: System.Net.Http.HttpClient.Default.LogicalHandler[101]
      End processing HTTP request after 200.9989ms - 200
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Checking client info returned from the server..
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Saving token response to cache..
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Looking for scopes for the authority in the cache which intersect with user.read
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Internal cache] Total number of cache partitions found while getting access tokens: 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Intersecting scope entries count - 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Matching entries after filtering by user - 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [SaveTokenResponseAsync] Saving Id Token and Account in cache ...
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z]
        === Token Acquisition finished successfully:
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z]  AT expiration time: 20.06.2024 11:53:01 +00:00, scopes: Channel.Create Channel.Delete.All Channel.ReadBasic.All ChannelMember.Read.All ChannelMember.ReadWrite.All ChannelMessage.Edit ChannelMessage.Read.All ChannelMessage.ReadWrite ChannelMessage.Send ChannelSettings.Read.All ChannelSettings.ReadWrite.All Directory.Read.All email Files.Read Files.Read.All Files.ReadWrite Files.ReadWrite.All Group.Read.All openid profile Sites.Manage.All Sites.Read.All Sites.ReadWrite.All Team.Create Team.ReadBasic.All TeamMember.Read.All TeamMember.ReadWrite.All TeamSettings.Read.All TeamSettings.ReadWrite.All User.Read User.Read.All. source: IdentityProvider
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Fetched access token from host login.microsoftonline.com. Endpoint: https://login.microsoftonline.com/MY_TENANT_ID/.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z]
      [LogMetricsFromAuthResult] Cache Refresh Reason: Expired
      [LogMetricsFromAuthResult] DurationInCacheInMs: 0
      [LogMetricsFromAuthResult] DurationTotalInMs: 224
      [LogMetricsFromAuthResult] DurationInHttpInMs: 201
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [LogMetricsFromAuthResult] TokenEndpoint: https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.GraphServiceClient.LogicalHandler[100]
      Start processing HTTP request POST https://graph.microsoft.com/v1.0/teams/a9f82dce-befe-405b-850d-97f411696aaf/channels
info: System.Net.Http.HttpClient.GraphServiceClient.ClientHandler[100]
      Sending HTTP request POST https://graph.microsoft.com/v1.0/teams/a9f82dce-befe-405b-850d-97f411696aaf/channels
info: System.Net.Http.HttpClient.GraphServiceClient.ClientHandler[101]
      Received HTTP response headers after 130.0231ms - 401
info: System.Net.Http.HttpClient.GraphServiceClient.LogicalHandler[101]
      End processing HTTP request after 134.5706ms - 401
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] MSAL MSAL.NetCore with assembly version '4.61.3.0'. CorrelationId(00000000-0000-0000-0000-000000000000)
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] === OnBehalfOfParameters ===
      SendX5C: False
      ForceRefresh: False
      UserAssertion set: True
      SearchInCacheForLongRunningObo: False
      LongRunningOboCacheKey set: False
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z]
      === Request Data ===
      Authority Provided? - True
      Client Id - MY_CLIENT_ID
      Scopes - user.read
      Redirect Uri - http://localhost:44351/signin-oidc
      Extra Query Params Keys (space separated) -
      ClaimsAndClientCapabilities -
      Authority - https://login.microsoftonline.com/MY_TENANT_ID/
      ApiId - AcquireTokenOnBehalfOf
      IsConfidentialClient - True
      SendX5C - False
      LoginHint -
      IsBrokerConfigured - False
      HomeAccountId -
      CorrelationId - 00000000-0000-0000-0000-000000000000
      UserAssertion set: True
      LongRunningOboCacheKey set: False
      Region configured:

info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] === Token Acquisition (OnBehalfOfRequest) started:
        Authority: https://login.microsoftonline.com/MY_TENANT_ID/
        Scope: user.read
        ClientId: MY_CLIENT_ID

warn: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Only in-memory caching is used. The cache is not persisted and will be lost if the machine is restarted. It also does not scale for a web app or web API, where the number of users can grow large. In production, web apps and web APIs should use distributed caching like Redis. See https://aka.ms/msal-net-cca-token-cache-serialization
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Instance Discovery] Instance discovery is enabled and will be performed
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Internal cache] Total number of cache partitions found while getting access tokens: 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [FindAccessTokenAsync] Discovered 1 access tokens in cache using partition key: bdTl5uSqxuEY23c8fi90aGdQDPW5hDC9rkEr_Io6_eo
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Access token has expired or about to expire. [Current time (06/20/2024 11:53:01) - Expiration Time (06/20/2024 11:53:01 +00:00) - Extended Expiration Time (06/20/2024 11:53:01 +00:00)]
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [OBO request] Fetching tokens via normal OBO flow.
info: System.Net.Http.HttpClient.Default.LogicalHandler[100]
      Start processing HTTP request POST https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.Default.ClientHandler[100]
      Sending HTTP request POST https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.Default.ClientHandler[101]
      Received HTTP response headers after 179.6955ms - 200
info: System.Net.Http.HttpClient.Default.LogicalHandler[101]
      End processing HTTP request after 182.073ms - 200
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Checking client info returned from the server..
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Saving token response to cache..
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [SaveTokenResponseAsync] Saving AT in cache and removing overlapping ATs...
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Looking for scopes for the authority in the cache which intersect with user.read
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [Internal cache] Total number of cache partitions found while getting access tokens: 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Intersecting scope entries count - 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Matching entries after filtering by user - 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [SaveTokenResponseAsync] Saving Id Token and Account in cache ...
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z]
        === Token Acquisition finished successfully:
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z]  AT expiration time: 20.06.2024 11:53:01 +00:00, scopes: Channel.Create Channel.Delete.All Channel.ReadBasic.All ChannelMember.Read.All ChannelMember.ReadWrite.All ChannelMessage.Edit ChannelMessage.Read.All ChannelMessage.ReadWrite ChannelMessage.Send ChannelSettings.Read.All ChannelSettings.ReadWrite.All Directory.Read.All email Files.Read Files.Read.All Files.ReadWrite Files.ReadWrite.All Group.Read.All openid profile Sites.Manage.All Sites.Read.All Sites.ReadWrite.All Team.Create Team.ReadBasic.All TeamMember.Read.All TeamMember.ReadWrite.All TeamSettings.Read.All TeamSettings.ReadWrite.All User.Read User.Read.All. source: IdentityProvider
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] Fetched access token from host login.microsoftonline.com. Endpoint: https://login.microsoftonline.com/MY_TENANT_ID/.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z]
      [LogMetricsFromAuthResult] Cache Refresh Reason: Expired
      [LogMetricsFromAuthResult] DurationInCacheInMs: 0
      [LogMetricsFromAuthResult] DurationTotalInMs: 203
      [LogMetricsFromAuthResult] DurationInHttpInMs: 183
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:01Z] [LogMetricsFromAuthResult] TokenEndpoint: https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.GraphServiceClient.LogicalHandler[100]
      Start processing HTTP request POST https://graph.microsoft.com/v1.0/teams/a9f82dce-befe-405b-850d-97f411696aaf/channels
info: System.Net.Http.HttpClient.GraphServiceClient.ClientHandler[100]
      Sending HTTP request POST https://graph.microsoft.com/v1.0/teams/a9f82dce-befe-405b-850d-97f411696aaf/channels
info: System.Net.Http.HttpClient.GraphServiceClient.ClientHandler[101]
      Received HTTP response headers after 139.9989ms - 401
info: System.Net.Http.HttpClient.GraphServiceClient.LogicalHandler[101]
      End processing HTTP request after 142.977ms - 401
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] MSAL MSAL.NetCore with assembly version '4.61.3.0'. CorrelationId(00000000-0000-0000-0000-000000000000)
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] === OnBehalfOfParameters ===
      SendX5C: False
      ForceRefresh: False
      UserAssertion set: True
      SearchInCacheForLongRunningObo: False
      LongRunningOboCacheKey set: False
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z]
      === Request Data ===
      Authority Provided? - True
      Client Id - MY_CLIENT_ID
      Scopes - user.read
      Redirect Uri - http://localhost:44351/signin-oidc
      Extra Query Params Keys (space separated) -
      ClaimsAndClientCapabilities -
      Authority - https://login.microsoftonline.com/MY_TENANT_ID/
      ApiId - AcquireTokenOnBehalfOf
      IsConfidentialClient - True
      SendX5C - False
      LoginHint -
      IsBrokerConfigured - False
      HomeAccountId -
      CorrelationId - 00000000-0000-0000-0000-000000000000
      UserAssertion set: True
      LongRunningOboCacheKey set: False
      Region configured:

info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] === Token Acquisition (OnBehalfOfRequest) started:
        Authority: https://login.microsoftonline.com/MY_TENANT_ID/
        Scope: user.read
        ClientId: MY_CLIENT_ID

warn: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] Only in-memory caching is used. The cache is not persisted and will be lost if the machine is restarted. It also does not scale for a web app or web API, where the number of users can grow large. In production, web apps and web APIs should use distributed caching like Redis. See https://aka.ms/msal-net-cca-token-cache-serialization
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] [Instance Discovery] Instance discovery is enabled and will be performed
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] [Internal cache] Total number of cache partitions found while getting access tokens: 1
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] [FindAccessTokenAsync] Discovered 1 access tokens in cache using partition key: bdTl5uSqxuEY23c8fi90aGdQDPW5hDC9rkEr_Io6_eo
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] [Region discovery] Not using a regional authority.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] Access token has expired or about to expire. [Current time (06/20/2024 11:53:02) - Expiration Time (06/20/2024 11:53:01 +00:00) - Extended Expiration Time (06/20/2024 11:53:01 +00:00)]
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] [OBO request] Fetching tokens via normal OBO flow.
info: System.Net.Http.HttpClient.Default.LogicalHandler[100]
      Start processing HTTP request POST https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.Default.ClientHandler[100]
      Sending HTTP request POST https://login.microsoftonline.com/MY_TENANT_ID/oauth2/v2.0/token
info: System.Net.Http.HttpClient.Default.ClientHandler[101]
      Received HTTP response headers after 128.0567ms - 400
info: System.Net.Http.HttpClient.Default.LogicalHandler[101]
      End processing HTTP request after 131.9477ms - 400
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] Response status code does not indicate success: 400 (BadRequest).
warn: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] Request retry failed.
info: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] HttpStatusCode: 400: BadRequest
fail: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] === Token Acquisition (1006) failed:
        Authority: https://login.microsoftonline.com/MY_TENANT_ID/
        ClientId: MY_CLIENT_ID.
fail: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] MSAL.NetCore.4.61.3.0.MsalUiRequiredException:
        ErrorCode: invalid_grant
      Microsoft.Identity.Client.MsalUiRequiredException: AADSTS500133: Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: 2024-06-20T11:53:16.0381024Z, expiry time of assertion 2024-06-20T11:53:16.0000000Z. Trace ID: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00 Correlation ID: 70623480-4a75-4831-828b-631ef847d0b2 Timestamp: 2024-06-20 11:53:16Z
        StatusCode: 400
        ResponseBody: {"error":"invalid_grant","error_description":"AADSTS500133: Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: 2024-06-20T11:53:16.0381024Z, expiry time of assertion 2024-06-20T11:53:16.0000000Z. Trace ID: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00 Correlation ID: 70623480-4a75-4831-828b-631ef847d0b2 Timestamp: 2024-06-20 11:53:16Z","error_codes":[500133],"timestamp":"2024-06-20 11:53:16Z","trace_id":"36ca6b7e-6af2-4b19-835d-42fe2ce61a00","correlation_id":"70623480-4a75-4831-828b-631ef847d0b2","error_uri":"https://login.microsoftonline.com/error?code=500133"}
        Headers: Cache-Control: no-store, no-cache
      Pragma: no-cache
      Strict-Transport-Security: max-age=31536000; includeSubDomains
      X-Content-Type-Options: nosniff
      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
      x-ms-request-id: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00
      x-ms-ests-server: 2.1.18298.5 - SEC ProdSlices
      x-ms-clitelem: 1,500133,0,,
      x-ms-srs: 1.P
      X-XSS-Protection: 0
      Set-Cookie: fpc=AvDTzrc1L31HvvdUKvobXTxi48buFAAAANkOBt4OAAAA; expires=Sat, 20-Jul-2024 11:53:16 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=estsfd; path=/; secure; httponly
      Date: Thu, 20 Jun 2024 11:53:15 GMT

warn: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] Fetching a new AT failed. Is exception retry-able? False. Is there an AT in the cache that is usable? False
warn: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] Either the exception does not indicate a problem with AAD or the token cache does not have an AT that is usable.
fail: Microsoft.Identity.Web.TokenAcquisition[0]
      True MSAL 4.61.3.0 MSAL.NetCore .NET 6.0.31 Microsoft Windows 10.0.22631 [2024-06-20 11:53:02Z] MSAL.NetCore.4.61.3.0.MsalUiRequiredException:
        ErrorCode: invalid_grant
      Microsoft.Identity.Client.MsalUiRequiredException: AADSTS500133: Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: 2024-06-20T11:53:16.0381024Z, expiry time of assertion 2024-06-20T11:53:16.0000000Z. Trace ID: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00 Correlation ID: 70623480-4a75-4831-828b-631ef847d0b2 Timestamp: 2024-06-20 11:53:16Z
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.HandleTokenRefreshErrorAsync(MsalServiceException e, MsalAccessTokenCacheItem cachedAccessTokenItem)
         at Microsoft.Identity.Client.Internal.Requests.OnBehalfOfRequest.ExecuteAsync(CancellationToken cancellationToken)
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
        StatusCode: 400
        ResponseBody: {"error":"invalid_grant","error_description":"AADSTS500133: Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: 2024-06-20T11:53:16.0381024Z, expiry time of assertion 2024-06-20T11:53:16.0000000Z. Trace ID: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00 Correlation ID: 70623480-4a75-4831-828b-631ef847d0b2 Timestamp: 2024-06-20 11:53:16Z","error_codes":[500133],"timestamp":"2024-06-20 11:53:16Z","trace_id":"36ca6b7e-6af2-4b19-835d-42fe2ce61a00","correlation_id":"70623480-4a75-4831-828b-631ef847d0b2","error_uri":"https://login.microsoftonline.com/error?code=500133"}
        Headers: Cache-Control: no-store, no-cache
      Pragma: no-cache
      Strict-Transport-Security: max-age=31536000; includeSubDomains
      X-Content-Type-Options: nosniff
      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
      x-ms-request-id: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00
      x-ms-ests-server: 2.1.18298.5 - SEC ProdSlices
      x-ms-clitelem: 1,500133,0,,
      x-ms-srs: 1.P
      X-XSS-Protection: 0
      Set-Cookie: fpc=AvDTzrc1L31HvvdUKvobXTxi48buFAAAANkOBt4OAAAA; expires=Sat, 20-Jul-2024 11:53:16 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=estsfd; path=/; secure; httponly
      Date: Thu, 20 Jun 2024 11:53:15 GMT

info: Microsoft.Identity.Web.TokenAcquisition[300]
      [MsIdWeb] An error occured during token acquisition: Error acquiring a token for a downstream web API - MsalUiRequiredException message is: AADSTS500133: Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: 2024-06-20T11:53:16.0381024Z, expiry time of assertion 2024-06-20T11:53:16.0000000Z. Trace ID: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00 Correlation ID: 70623480-4a75-4831-828b-631ef847d0b2 Timestamp: 2024-06-20 11:53:16Z
      MSAL.NetCore.4.61.3.0.MsalUiRequiredException:
        ErrorCode: invalid_grant
      Microsoft.Identity.Client.MsalUiRequiredException: AADSTS500133: Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: 2024-06-20T11:53:16.0381024Z, expiry time of assertion 2024-06-20T11:53:16.0000000Z. Trace ID: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00 Correlation ID: 70623480-4a75-4831-828b-631ef847d0b2 Timestamp: 2024-06-20 11:53:16Z
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.HandleTokenRefreshErrorAsync(MsalServiceException e, MsalAccessTokenCacheItem cachedAccessTokenItem)
         at Microsoft.Identity.Client.Internal.Requests.OnBehalfOfRequest.ExecuteAsync(CancellationToken cancellationToken)
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
         at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenOnBehalfOfParameters onBehalfOfParameters, CancellationToken cancellationToken)
         at Microsoft.Identity.Web.TokenAcquisition.GetAuthenticationResultForWebApiToCallDownstreamApiAsync(IConfidentialClientApplication application, String tenantId, IEnumerable`1 scopes, TokenAcquisitionOptions tokenAcquisitionOptions, MergedOptions mergedOptions, ClaimsPrincipal userHint)
        StatusCode: 400
        ResponseBody: {"error":"invalid_grant","error_description":"AADSTS500133: Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: 2024-06-20T11:53:16.0381024Z, expiry time of assertion 2024-06-20T11:53:16.0000000Z. Trace ID: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00 Correlation ID: 70623480-4a75-4831-828b-631ef847d0b2 Timestamp: 2024-06-20 11:53:16Z","error_codes":[500133],"timestamp":"2024-06-20 11:53:16Z","trace_id":"36ca6b7e-6af2-4b19-835d-42fe2ce61a00","correlation_id":"70623480-4a75-4831-828b-631ef847d0b2","error_uri":"https://login.microsoftonline.com/error?code=500133"}
        Headers: Cache-Control: no-store, no-cache
      Pragma: no-cache
      Strict-Transport-Security: max-age=31536000; includeSubDomains
      X-Content-Type-Options: nosniff
      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
      x-ms-request-id: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00
      x-ms-ests-server: 2.1.18298.5 - SEC ProdSlices
      x-ms-clitelem: 1,500133,0,,
      x-ms-srs: 1.P
      X-XSS-Protection: 0
      Set-Cookie: fpc=AvDTzrc1L31HvvdUKvobXTxi48buFAAAANkOBt4OAAAA; expires=Sat, 20-Jul-2024 11:53:16 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=estsfd; path=/; secure; httponly
      Date: Thu, 20 Jun 2024 11:53:15 GMT

info: Microsoft.Identity.Web.TokenAcquisition[300]
      [MsIdWeb] An error occured during token acquisition: AADSTS500133: Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: 2024-06-20T11:53:16.0381024Z, expiry time of assertion 2024-06-20T11:53:16.0000000Z. Trace ID: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00 Correlation ID: 70623480-4a75-4831-828b-631ef847d0b2 Timestamp: 2024-06-20 11:53:16Z
      MSAL.NetCore.4.61.3.0.MsalUiRequiredException:
        ErrorCode: invalid_grant
      Microsoft.Identity.Client.MsalUiRequiredException: AADSTS500133: Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: 2024-06-20T11:53:16.0381024Z, expiry time of assertion 2024-06-20T11:53:16.0000000Z. Trace ID: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00 Correlation ID: 70623480-4a75-4831-828b-631ef847d0b2 Timestamp: 2024-06-20 11:53:16Z
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.HandleTokenRefreshErrorAsync(MsalServiceException e, MsalAccessTokenCacheItem cachedAccessTokenItem)
         at Microsoft.Identity.Client.Internal.Requests.OnBehalfOfRequest.ExecuteAsync(CancellationToken cancellationToken)
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
         at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenOnBehalfOfParameters onBehalfOfParameters, CancellationToken cancellationToken)
         at Microsoft.Identity.Web.TokenAcquisition.GetAuthenticationResultForWebApiToCallDownstreamApiAsync(IConfidentialClientApplication application, String tenantId, IEnumerable`1 scopes, TokenAcquisitionOptions tokenAcquisitionOptions, MergedOptions mergedOptions, ClaimsPrincipal userHint)
         at Microsoft.Identity.Web.TokenAcquisition.GetAuthenticationResultForUserAsync(IEnumerable`1 scopes, String authenticationScheme, String tenantId, String userFlow, ClaimsPrincipal user, TokenAcquisitionOptions tokenAcquisitionOptions)
        StatusCode: 400
        ResponseBody: {"error":"invalid_grant","error_description":"AADSTS500133: Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: 2024-06-20T11:53:16.0381024Z, expiry time of assertion 2024-06-20T11:53:16.0000000Z. Trace ID: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00 Correlation ID: 70623480-4a75-4831-828b-631ef847d0b2 Timestamp: 2024-06-20 11:53:16Z","error_codes":[500133],"timestamp":"2024-06-20 11:53:16Z","trace_id":"36ca6b7e-6af2-4b19-835d-42fe2ce61a00","correlation_id":"70623480-4a75-4831-828b-631ef847d0b2","error_uri":"https://login.microsoftonline.com/error?code=500133"}
        Headers: Cache-Control: no-store, no-cache
      Pragma: no-cache
      Strict-Transport-Security: max-age=31536000; includeSubDomains
      X-Content-Type-Options: nosniff
      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
      x-ms-request-id: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00
      x-ms-ests-server: 2.1.18298.5 - SEC ProdSlices
      x-ms-clitelem: 1,500133,0,,
      x-ms-srs: 1.P
      X-XSS-Protection: 0
      Set-Cookie: fpc=AvDTzrc1L31HvvdUKvobXTxi48buFAAAANkOBt4OAAAA; expires=Sat, 20-Jul-2024 11:53:16 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=estsfd; path=/; secure; httponly
      Date: Thu, 20 Jun 2024 11:53:15 GMT

info: Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker[2]
      Executed action TodoListService.Controllers.TodoListController.Post (TodoListService) in 83787.1715ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
      Executed endpoint 'TodoListService.Controllers.TodoListController.Post (TodoListService)'
fail: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
      An unhandled exception has occurred while executing the request.
      Microsoft.Identity.Web.MicrosoftIdentityWebChallengeUserException: IDW10502: An MsalUiRequiredException was thrown due to a challenge for the user. See https://aka.ms/ms-id-web/ca_incremental-consent.
       ---> MSAL.NetCore.4.61.3.0.MsalUiRequiredException:
        ErrorCode: invalid_grant
      Microsoft.Identity.Client.MsalUiRequiredException: AADSTS500133: Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: 2024-06-20T11:53:16.0381024Z, expiry time of assertion 2024-06-20T11:53:16.0000000Z. Trace ID: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00 Correlation ID: 70623480-4a75-4831-828b-631ef847d0b2 Timestamp: 2024-06-20 11:53:16Z
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.HandleTokenRefreshErrorAsync(MsalServiceException e, MsalAccessTokenCacheItem cachedAccessTokenItem)
         at Microsoft.Identity.Client.Internal.Requests.OnBehalfOfRequest.ExecuteAsync(CancellationToken cancellationToken)
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<<RunAsync>b__1>d.MoveNext()
      --- End of stack trace from previous location ---
         at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
         at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
         at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenOnBehalfOfParameters onBehalfOfParameters, CancellationToken cancellationToken)
         at Microsoft.Identity.Web.TokenAcquisition.GetAuthenticationResultForWebApiToCallDownstreamApiAsync(IConfidentialClientApplication application, String tenantId, IEnumerable`1 scopes, TokenAcquisitionOptions tokenAcquisitionOptions, MergedOptions mergedOptions, ClaimsPrincipal userHint)
         at Microsoft.Identity.Web.TokenAcquisition.GetAuthenticationResultForUserAsync(IEnumerable`1 scopes, String authenticationScheme, String tenantId, String userFlow, ClaimsPrincipal user, TokenAcquisitionOptions tokenAcquisitionOptions)
        StatusCode: 400
        ResponseBody: {"error":"invalid_grant","error_description":"AADSTS500133: Assertion is not within its valid time range. Ensure that the access token is not expired before using it for user assertion, or request a new token. Current time: 2024-06-20T11:53:16.0381024Z, expiry time of assertion 2024-06-20T11:53:16.0000000Z. Trace ID: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00 Correlation ID: 70623480-4a75-4831-828b-631ef847d0b2 Timestamp: 2024-06-20 11:53:16Z","error_codes":[500133],"timestamp":"2024-06-20 11:53:16Z","trace_id":"36ca6b7e-6af2-4b19-835d-42fe2ce61a00","correlation_id":"70623480-4a75-4831-828b-631ef847d0b2","error_uri":"https://login.microsoftonline.com/error?code=500133"}
        Headers: Cache-Control: no-store, no-cache
      Pragma: no-cache
      Strict-Transport-Security: max-age=31536000; includeSubDomains
      X-Content-Type-Options: nosniff
      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
      x-ms-request-id: 36ca6b7e-6af2-4b19-835d-42fe2ce61a00
      x-ms-ests-server: 2.1.18298.5 - SEC ProdSlices
      x-ms-clitelem: 1,500133,0,,
      x-ms-srs: 1.P
      X-XSS-Protection: 0
      Set-Cookie: fpc=AvDTzrc1L31HvvdUKvobXTxi48buFAAAANkOBt4OAAAA; expires=Sat, 20-Jul-2024 11:53:16 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=estsfd; path=/; secure; httponly
      Date: Thu, 20 Jun 2024 11:53:15 GMT

         --- End of inner exception stack trace ---
         at Microsoft.Identity.Web.TokenAcquisition.GetAuthenticationResultForUserAsync(IEnumerable`1 scopes, String authenticationScheme, String tenantId, String userFlow, ClaimsPrincipal user, TokenAcquisitionOptions tokenAcquisitionOptions)
         at Microsoft.Identity.Web.DefaultAuthorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(IEnumerable`1 scopes, AuthorizationHeaderProviderOptions downstreamApiOptions, ClaimsPrincipal claimsPrincipal, CancellationToken cancellationToken)
         at Microsoft.Identity.Web.GraphAuthenticationProvider.AuthenticateRequestAsync(RequestInformation request, Dictionary`2 additionalAuthenticationContext, CancellationToken cancellationToken)
         at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.GetHttpResponseMessage(RequestInformation requestInfo, CancellationToken cancellationToken, Activity activityForAttributes, String claims, Boolean isStreamResponse)
         at Microsoft.Kiota.Http.HttpClientLibrary.HttpClientRequestAdapter.SendAsync[ModelType](RequestInformation requestInfo, ParsableFactory`1 factory, Dictionary`2 errorMapping, CancellationToken cancellationToken)
         at Microsoft.Graph.Teams.Item.Channels.ChannelsRequestBuilder.PostAsync(Channel body, Action`1 requestConfiguration, CancellationToken cancellationToken)
         at Infrastructure.ApiClients.GraphClient.GraphClient.CreateChannelsWithFilesFolderInitializationAsync(String teamId, IEnumerable`1 channelNames) in C:\MY_PATH\Desktop\New folder\active-directory-dotnet-native-aspnetcore-v2\2. Web API now calls Microsoft Graph\TodoListService\GraphClient.cs:line 248
         at Infrastructure.ApiClients.GraphClient.GraphClient.CreateTeamWithChannelsAndDirectoriesAsync(String name, Dictionary`2 channelsWithDirectories) in C:\MY_PATH\Desktop\New folder\active-directory-dotnet-native-aspnetcore-v2\2. Web API now calls Microsoft Graph\TodoListService\GraphClient.cs:line 139
         at TodoListService.Controllers.TodoListController.Post(CreateTeamWithChannelsAndDirectoriesCommand todo) in C:\MY_PATH\Desktop\New folder\active-directory-dotnet-native-aspnetcore-v2\2. Web API now calls Microsoft Graph\TodoListService\Controllers\TodoListController.cs:line 53
         at lambda_method4(Closure , Object )
         at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask`1 actionResultValueTask)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeInnerFilterAsync>g__Awaited|13_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
         at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
         at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
         at Microsoft.AspNetCore.Authorization.Policy.AuthorizationMiddlewareResultHandler.HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult)
         at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
         at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 POST http://localhost:44351/api/todolist application/json 17855 - 500 - text/plain;+charset=utf-8 84088.5023ms

the configuration is:


 public void ConfigureServices(IServiceCollection services)
 {
     services.AddMicrosoftIdentityWebApiAuthentication(Configuration)
             .EnableTokenAcquisitionToCallDownstreamApi()
                 .AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
                 .AddInMemoryTokenCaches();
     services.AddControllers();

     services.AddLogging();
     services.AddScoped<IGraphClient, GraphClient>();
 }

and GraphServiceClient is injected into GraphClient over DI

Version of nugets:


  <ItemGroup>
	  <PackageReference Include="Microsoft.Graph" Version="5.56.0" />
	  <PackageReference Include="Microsoft.Identity.Web" Version="2.19.1" />
	  <PackageReference Include="Microsoft.Identity.Web.GraphServiceClient" Version="2.19.1" />
  </ItemGroup>

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Attention 👋 and removed status:waiting-for-author-feedback Issue that we've responded but needs author feedback to close labels Jun 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Needs: Attention 👋 type:question An issue that's a question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrueastman @MichalLechowski