none
AADSTS90122: User identifier is not present while doing AcquireTokenAsync

    Question


  • I am new to this forum so please redirect me if this is not the correct forum to ask this question

    I have a .NET Core web application whose Startup.cs is configured with a JWT middleware for authentication

    It was working till last Friday on my machine and suddenly I started getting the following error (no code change to the middleware):

    Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS90122: User identifier is not present
    Trace ID: 37f5f077-c20f-45b3-8043-dce454be0a00
    Correlation ID: 60801a0d-792e-42de-82d4-fffa7e1223d7
    Timestamp: 2017-04-12 05:19:55Z ---> System.Net.Http.HttpRequestException:  Response status code does not indicate success: 400 (BadRequest). ---> System.Exception: {"error":"invalid_request","error_description":"AADSTS90122: User identifier is not present\r\nTrace ID: 37f5f077-c20f-45b3-8043-dce454be0a00\r\nCorrelation ID: 60801a0d-792e-42de-82d4-fffa7e1223d7\r\nTimestamp: 2017-04-12 05:19:55Z","error_codes":[90122],"timestamp":"2017-04-12 05:19:55Z","trace_id":"37f5f077-c20f-45b3-8043-dce454be0a00","correlation_id":"60801a0d-792e-42de-82d4-fffa7e1223d7"}
       --- End of inner exception stack trace ---
       at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpClientWrapper.<GetResponseAsync>d__29.MoveNext()
       --- End of inner exception stack trace ---
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AdalHttpClient.<GetResponseAsync>d__21`1.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AdalHttpClient.<GetResponseAsync>d__20`1.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.<SendHttpMessageAsync>d__67.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.<SendTokenRequestAsync>d__64.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenOnBehalfHandler.<SendTokenRequestAsync>d__2.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AcquireTokenHandlerBase.<RunAsync>d__55.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenOnBehalfCommonAsync>d__50.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.<AcquireTokenAsync>d__35.MoveNext()
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
       at Cloud.Platform.Global.Portal.DevOps.Web.Startup.<>c.<<Configure>b__23_2>d.MoveNext() in C:\sent\devopsOld\portal\src\Production\Portal\Cloud.Platform.Global.Portal.DevOps.Web\Startup.cs:line 240
    --- End of stack trace from previous location where exception was thrown ---
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
       at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.<HandleAuthenticateAsync>d__1.MoveNext()
    	ErrorCode: invalid_request
    	StatusCode: 400

    The code works when deployed to Azure but fails only on my local machine. I verified that the user credential is getting passed, but I still get the error. Is this an Azure AD issue? If no, is there any way I can debug this issue to arrive at the root cause?

    [UPDATE] now it throws the same error everywhere

    [UPDATE]Here is the code

    app.UseJwtBearerAuthentication(new JwtBearerOptions
                {
                    AuthenticationScheme = "Bearer",
                    AutomaticAuthenticate = false,
                    AutomaticChallenge = false,
                    Authority = Authority,
                    Audience = ClientId,
                    Events = new JwtBearerEvents()
                    {
    
                        OnTokenValidated = async tokenValidatedContext =>
                        {
                            var clientCred = new ClientCredential(ClientId, ClientSecret);
    
                            var jwtToken = tokenValidatedContext.SecurityToken as JwtSecurityToken;
    
                            if (jwtToken != null)
                            {
                                var userAccessToken = jwtToken.RawData;
                                var userAssertion = new UserAssertion(userAccessToken);
    
                                var authContext = new AuthenticationContext(Authority, new TokenCache());
                                //FAILS HERE
                                var result = await authContext.AcquireTokenAsync(resourceId, clientCred, userAssertion);
                                var accessToken = result.AccessToken;
                                var claimsIdentity = tokenValidatedContext.Ticket.Principal.Identity as ClaimsIdentity;
    
                                claimsIdentity?.AddClaim(new Claim("access_token", accessToken, tokenValidatedContext.SecurityToken.Issuer));
    
                            }
                        }
                    }
                });
    This is an angular 2 + .NET Core app that sends http requests along with a user ID token which is then used by the JWT handler to generate an access token




    • Edited by Raghav_S Wednesday, April 12, 2017 6:48 PM
    Wednesday, April 12, 2017 5:46 AM

All replies

  • Same problem here,

    it started yesterday to give the exception AADSTS90122: User identifier is not present while calling:

    authContext.AcquireTokenAsync(resourceId, clientCred, userAssertion)


     


    CIGNUM

    Wednesday, April 12, 2017 12:42 PM
  • Was it working before. If yes, could you let us know since when it started giving error. Were there any changes made in your code or environment?

    Wednesday, April 12, 2017 6:22 PM
    Moderator
  • I have been using the same code for weeks together. It suddenly stopped working on 7th March probably around 11:30 - 12:30 AM UTC. From CIGNUM's question in stackoverflow: (http://stackoverflow.com/questions/43370145/adalexception-aadsts90122-user-identifier-is-not-present)  I understand that his code has been working for months. So there is no code change that may have caused this issue I believe

    • Edited by Raghav_S Thursday, April 13, 2017 4:10 AM
    Wednesday, April 12, 2017 6:46 PM
  • The issue is being inspected by microsoft support.

    As now the functionality got back working, so the issue loooks like being resolved.


    CIGNUM

    Friday, April 14, 2017 8:53 AM
  • The fix is out and other customers report it's working now.
    Refer to -
    http://stackoverflow.com/questions/43370145/adalexception-aadsts90122-user-identifier-is-not-present

    Friday, April 14, 2017 10:45 AM
    Moderator