nexpected client assertion type #55

lemmycaution · 2017-04-09T13:49:07Z

Hi there,

I'm trying to run client_assertation_certificate_example but stuck with below error. It seems I'm missing something in configuration but cannot find it. Any tip most welcome, thanks a lot.

V, [2017-04-09T14:46:55.995211 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: TokenRequest getting token for client for https://graph.microsoft.com/v1.0.
V, [2017-04-09T14:46:55.995686 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Creating self signed JWT payload. Expires: 2017-04-09 14:56:54 +0100. NotBefore: 2017-04-09 14:46:54 +0100.
V, [2017-04-09T14:46:55.995842 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Creating self signed JWT header with thumbprint: rWHKnQ53WQH79JiMnyGFarbTnSs=.
V, [2017-04-09T14:46:55.998631 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: TokenRequest checking cache #<ADAL::MemoryCache:0x007fdc0f0e9be0> for token.
V, [2017-04-09T14:46:55.998705 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Searching cache for tokens by keys: [:authority, :client_id].
V, [2017-04-09T14:46:55.998781 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Validating 0 possible cache matches.
V, [2017-04-09T14:46:55.998841 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Looking through 0 matching cache entries for resource https://graph.microsoft.com/v1.0.
V, [2017-04-09T14:46:55.998893 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Attempting to obtain access token for https://graph.microsoft.com/v1.0 by refreshing 1 of 0 matching MRRTs.
I, [2017-04-09T14:46:55.998931 #73458]  INFO -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Did not find token in cache.
V, [2017-04-09T14:46:55.999085 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Creating self signed JWT payload. Expires: 2017-04-09 14:56:54 +0100. NotBefore: 2017-04-09 14:46:54 +0100.
V, [2017-04-09T14:46:55.999177 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Creating self signed JWT header with thumbprint: rWHKnQ53WQH79JiMnyGFarbTnSs=.
V, [2017-04-09T14:46:56.001347 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Creating self signed JWT payload. Expires: 2017-04-09 14:56:55 +0100. NotBefore: 2017-04-09 14:46:55 +0100.
V, [2017-04-09T14:46:56.001411 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Creating self signed JWT header with thumbprint: rWHKnQ53WQH79JiMnyGFarbTnSs=.
V, [2017-04-09T14:46:56.003526 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Resorting to OAuth to fulfill token request.
V, [2017-04-09T14:46:56.201593 #73458] VERBOSE -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Attempting to create a TokenResponse from raw response.
E, [2017-04-09T14:46:56.201842 #73458] ERROR -- a2a72bbd-a2f9-4276-baf3-6362e13b3821: Parsed an ErrorResponse with error: invalid_request and error description: AADSTS90023: Unexpected client assertion type.
Trace ID: cffebcfe-402c-48bf-b90b-8a2b765e4200
Correlation ID: a2a72bbd-a2f9-4276-baf3-6362e13b3821
Timestamp: 2017-04-09 13:46:55Z.
Failed to authenticate with client credentials. Received error: invalid_request and error description: AADSTS90023: Unexpected client assertion type.
Trace ID: cffebcfe-402c-48bf-b90b-8a2b765e4200
Correlation ID: a2a72bbd-a2f9-4276-baf3-6362e13b3821
Timestamp: 2017-04-09 13:46:55Z.

The text was updated successfully, but these errors were encountered:

akrulwich · 2017-07-03T14:48:13Z

Seeing the same issue. @lemmycaution did you ever resolve this?

lemmycaution · 2017-07-03T15:36:35Z

No, sorry. I ended up with using some other platform.

…

On Mon, Jul 3, 2017 at 3:48 PM, akrulwich ***@***.***> wrote: Seeing the same issue. @lemmycaution <https://github.com/lemmycaution> did you ever resolve this? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#55 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAVcvXzXXMxzK4RFF5y7Ueq9uOOJk1dvks5sKP8vgaJpZM4M4B70> .

akrulwich · 2017-07-03T15:37:53Z

@lemmycaution Thanks

kule · 2017-08-21T11:36:00Z

I had this it's an easy fix - if you look through the code of the dotnet version, it uses a different JWT_BEARER string:

https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/blob/2e528e99d50ea3176c968ea95820f6c033b48b59/src/Microsoft.IdentityModel.Clients.ActiveDirectory/Internal/OAuthConstants.cs#L73

Someone's already done a pull request too: #39

In the meantime you can monkey patch the gem to fix:

module ADAL
  class TokenRequest
    module GrantType
      JWT_BEARER = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
    end
  end
end

see AzureAD#55 (comment)

edavey added a commit to dxw/azure-activedirectory-library-for-ruby that referenced this issue Feb 19, 2019

(fix) Declare correct 'bearer' token when using PKCS12.

973fbaa

see AzureAD#55 (comment)

edavey mentioned this issue Feb 19, 2019

(fix) declare bearer token correctly for pkcs12 dxw/azure-activedirectory-library-for-ruby#1

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

nexpected client assertion type #55

nexpected client assertion type #55

lemmycaution commented Apr 9, 2017

akrulwich commented Jul 3, 2017

lemmycaution commented Jul 3, 2017 via email

akrulwich commented Jul 3, 2017

kule commented Aug 21, 2017

nexpected client assertion type #55

nexpected client assertion type #55

Comments

lemmycaution commented Apr 9, 2017

akrulwich commented Jul 3, 2017

lemmycaution commented Jul 3, 2017 via email

akrulwich commented Jul 3, 2017

kule commented Aug 21, 2017