-
Notifications
You must be signed in to change notification settings - Fork 339
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow non-GUID client id with PublicClientApplicationBuilder #4686
Comments
What identity provider are you using @eberlekhaufe? |
It is an identity Provider implemented in the acumatica ERP system. It is implemented based on https://identityserver4.readthedocs.io/en/latest/ It supports oauth2/oidc. |
By the way, when attempting to use a generic oidc Identity Provider, it is better to use |
I'll assign to myself for the time being - I think there is value in this being a generic client ID, but likely this will fall a bit lower in the priority stack of things we need to do in the short-term. |
Non-guid client id:s are already supported for ADFS: Lines 380 to 384 in 1107c3e
And if I change that to also allow "Generic" authorities, I was able to use Auth0 and a non-guid client id with PublicClientApplicationBuilder. Is there anything else that needs to be changed? |
Hi @jwikberg , in my setup neither ADFS nor Auth0 is used (see code snippet above in the issue). Using the Builder as above, causes the client id must be guid error. |
My question was directed at Microsoft. |
Feel free to propose a change. There is an |
Hi @bgavrilMS, |
MSAL client type
Public
Problem statement
MSAL.NET: 4.60.0
.NET 8
I use the PublicClientApplicationBuilder to create a msal app to authenticate with a 3rd party identity provider which issues client ids in the form "Some GUID@somesuffix"
Unfortunately PublicClientApplicationBuilder.Build fails on such a client id, as it expects a proper GUID.
Can that be changed to support non-GUID client ids?
Even if validation was changed, would there be down-stream errors with a non-GUID client id?
Here is my code
var clientBuilder = PublicClientApplicationBuilder.Create("my-non-GUID-clientid")
.WithDefaultRedirectUri()
.WithExperimentalFeatures()
.WithOidcAuthority("some url");
var msalClient = clientBuilder.Build(); // throws here
var result = await msalClient.AcquireTokenInteractive(scopes: ["api", "api:concurrent_access", "email", "oidc", "profile"]).ExecuteAsync();
Calling Build throws a Microsoft.Identity.Client.MsalClientException
Message: Error: ClientId is not a GUID.
Stack Trace:
at Microsoft.Identity.Client.PublicClientApplicationBuilder.Validate()
at Microsoft.Identity.Client.AbstractApplicationBuilder`1.BuildConfiguration()
at Microsoft.Identity.Client.PublicClientApplicationBuilder.BuildConcrete()
at Microsoft.Identity.Client.PublicClientApplicationBuilder.Build()
...
Thanks a lot in advance,
Krischan
Proposed solution
PublicClientApplicationBuilder and PublicClientApplication should support non-GUID client ids, if possible.
Alternatives
Any workaround would also be appreciated, if exists :)
The text was updated successfully, but these errors were encountered: