AcquireTokenSilent always Failed to acquire token silently

azure oauth azure-active-directory azure-webjobs adal
Ricardo Polo Jaramillo picture Ricardo Polo Jaramillo · Apr 20, 2015 · Viewed 24.7k times · Source

Using ADAL I have two AuthenticationContext using a Token Cache persisted in SQL.

Using AcquireTokenByAuthorizationCode it writes the Token in database, but when using AcquireTokenSilent I always get

Failed to acquire token silently. Call method AcquireToken

Here are the details for replication the issue:

I create a Context

AuthenticationContext authContext = new AuthenticationContext(_authority, new AzureAdalCache(companyId, _entries, _unitOfWork));

Then I AcquireToken By Authorization

authContext.AcquireTokenByAuthorizationCode(authorizationCode, new Uri(redirectUri), _clientCredential);

At this point, it saves an entry in the database

Then if I call this I get an exception.

authContext.AcquireTokenSilent(_authority, _clientCredential, new UserIdentifier(companyId.ToString(), UserIdentifierType.UniqueId)).AccessToken;

I also tried with the same result:

authContext.AcquireTokenSilent(_authority, _clientId).AccessToken;
authContext.AcquireTokenSilent(_authority, _clientCredential, UserIdentifier.AnyUser).AccessToken;

I Post my AzureAdalCache implementation in this Gist.

Each entry of the Cache is like this.

What Am I missing?

Update

Based on answer of comments of @vibronet I have this

AuthenticationContext authContext = new AuthenticationContext(_authority, new AzureAdalCache(companyId, _entries, _unitOfWork));
authContext.AcquireTokenByAuthorizationCode(authorizationCode, new Uri(redirectUri), _clientCredential, _eWSResource);
string result = authContext.AcquireTokenSilent(_eWSResource, _clientId, UserIdentifier.AnyUser).AccessToken;

Answer

Ricardo Polo Jaramillo picture Ricardo Polo Jaramillo · Apr 21, 2015

The issue was that basically I was using Common Authority https://login.windows.net/common/oauth2/authorize in my App. It works for AcquireTokenByAuthorizationCode() but not for AcquireTokenSilent().

So I needed it to save the TenantId when call AcquireTokenByAuthorizationCode() and an authority use an authority like https://login.windows.net/<tenant ID>/oauth2/authorizewhen call AcquireTokenSilent(). This way the same code above works.

Related questions

How to validate Azure AD security token?

The following code gives me Azure AD security token, I need to validate that token is valid or not. How to achieve this? // Get OAuth token using client credentials string tenantName = "mytest.onmicrosoft.com"; string authString = "https://login.microsoftonline.com/" + …

Read More
Why does AcquireToken with ClientCredential fail with invalid_client (ACS50012)?

Why won't my Azure AD application allow an oauth client_credentials grant? I want to use the Azure Graph API, but first I need an oauth token. To get the token, I am trying to use Microsoft.IdentityModel.Clients.ActiveDirectory …

Read More
What is the Resource parameter in Windows Azure AD tenant application oAuth 2.0 specification

I'm trying to invoke an authentication process with a windows Azure AD tenant application using oAuth 2.0 by using curl. But I couldn't figure out what is the parameter "resource' in below sample code: curl -X POST https://login.windows.net/&…

Read More