Allow non-GUID client id with PublicClientApplicationBuilder #4686
Comments
eberlekhaufe
added
needs attention
neha-bhargava
added
public-client
and removed
untriaged
|
What identity provider are you using @eberlekhaufe? |
|
It is an identity Provider implemented in the acumatica ERP system. It is implemented based on https://identityserver4.readthedocs.io/en/latest/ It supports oauth2/oidc. |
By the way, when attempting to use a generic oidc Identity Provider, it is better to use |
|
I'll assign to myself for the time being - I think there is value in this being a generic client ID, but likely this will fall a bit lower in the priority stack of things we need to do in the short-term. |
|
Non-guid client id:s are already supported for ADFS: And if I change that to also allow "Generic" authorities, I was able to use Auth0 and a non-guid client id with PublicClientApplicationBuilder. Is there anything else that needs to be changed? |
|
Hi @jwikberg , in my setup neither ADFS nor Auth0 is used (see code snippet above in the issue). Using the Builder as above, causes the client id must be guid error. |
My question was directed at Microsoft. |
Feel free to propose a change. There is an |
|
Hi @bgavrilMS, |
MSAL client type
Public
Problem statement
MSAL.NET: 4.60.0
.NET 8
I use the PublicClientApplicationBuilder to create a msal app to authenticate with a 3rd party identity provider which issues client ids in the form "Some GUID@somesuffix"
Unfortunately PublicClientApplicationBuilder.Build fails on such a client id, as it expects a proper GUID.
Can that be changed to support non-GUID client ids?
Even if validation was changed, would there be down-stream errors with a non-GUID client id?
Here is my code
var clientBuilder = PublicClientApplicationBuilder.Create("my-non-GUID-clientid")
.WithDefaultRedirectUri()
.WithExperimentalFeatures()
.WithOidcAuthority("some url");
var msalClient = clientBuilder.Build(); // throws here
var result = await msalClient.AcquireTokenInteractive(scopes: ["api", "api:concurrent_access", "email", "oidc", "profile"]).ExecuteAsync();
Calling Build throws a Microsoft.Identity.Client.MsalClientException
Message: Error: ClientId is not a GUID.
Stack Trace:
at Microsoft.Identity.Client.PublicClientApplicationBuilder.Validate()
at Microsoft.Identity.Client.AbstractApplicationBuilder`1.BuildConfiguration()
at Microsoft.Identity.Client.PublicClientApplicationBuilder.BuildConcrete()
at Microsoft.Identity.Client.PublicClientApplicationBuilder.Build()
...
Thanks a lot in advance,
Krischan
Proposed solution
PublicClientApplicationBuilder and PublicClientApplication should support non-GUID client ids, if possible.
Alternatives
Any workaround would also be appreciated, if exists :)
The text was updated successfully, but these errors were encountered: