MicrosoftGraphProvider giving a 401 Unauthorized Error

I am trying to get MicrosoftGraphProvider to work with my organization. I have installed the mvcauth project template, changed the oauth settings in appsettings after creating the application and after I click the Sign In with Microsoft button I get a 401 Unauthorized error. I have set SameSiteCookies to null, true and false and it doesn’t seem to have any effect as well.

https://localhost:5001/auth/microsoftgraph

Message

Response status code does not indicate success: 401 (Unauthorized).

Stack Trace

[Authenticate: 7/22/2022 7:05:58 PM]: [REQUEST: {provider:microsoftgraph,state:5uLhIbCEbE2rFXsyXrPy}] System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized). at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode() at ServiceStack.HttpUtils.SendStringToUrlAsync(HttpClient client, String url, String method, String requestBody, String contentType, String accept, Action1 requestFilter, Action1 responseFilter, CancellationToken token) in /home/runner/work/ServiceStack/ServiceStack/ServiceStack.Text/src/ServiceStack.Text/HttpUtils.HttpClient.cs:line 551 at ServiceStack.Auth.MicrosoftGraphAuthProvider.GetAccessTokenJsonAsync(String code, AuthContext ctx, CancellationToken token) in /home/runner/work/ServiceStack/ServiceStack/ServiceStack/src/ServiceStack/Auth/MicrosoftGraphAuthProvider.cs:line 94 at ServiceStack.Auth.OAuth2Provider.AuthenticateAsync(IServiceBase authService, IAuthSession session, Authenticate request, CancellationToken token) in /home/runner/work/ServiceStack/ServiceStack/ServiceStack/src/ServiceStack/Auth/OAuth2Provider.cs:line 124 at ServiceStack.Auth.AuthenticateService.AuthenticateAsync(Authenticate request, String provider, IAuthSession session, IAuthProvider oAuthConfig, CancellationToken token) in /home/runner/work/ServiceStack/ServiceStack/ServiceStack/src/ServiceStack/Auth/AuthenticateService.cs:line 482 at ServiceStack.Auth.AuthenticateService.PostAsync(Authenticate request) in /home/runner/work/ServiceStack/ServiceStack/ServiceStack/src/ServiceStack/Auth/AuthenticateService.cs:line 286 at ServiceStack.Host.ServiceRunner1.ExecuteAsync(IRequest req, Object instance, TRequest requestDto) in /home/runner/work/ServiceStack/ServiceStack/ServiceStack/src/ServiceStack/Host/ServiceRunner.cs:line 155`

What I am trying to achieve is the following, we have an existing Net Framework application that implements OpenID for AzureAD so internal users are required to re-authenticate and it supports 2 factor authentication. I am wanting to prototype the same with a new SS based web applications so users are automatically required to login whenever they visit this new site. This will allow devs to use the ui and locode features we can easily edit data but user our existing credentials.

As I’m not clear what you’re trying to use it with, MicrosoftGraphAuthProvider works with the Microsoft Graph Auth where you create your OAuth App from apps.dev.microsoft.com.

If that’s what you’re trying to use it with, please post the HTTP Request/Response Headers to see if it helps identify why Authentication is failing.

I think I was confused as well. I was able to mimic my previous setup with oidc. This issue is resolved.

Out of curiosity what did you end up using?

I determined the root cause was the AppId was improperly copied from the Azure portal. You have to use the copy icon next to it rather that copying the text because I missed the first character. A suggestion would be to have this error message bubble up rather than have just a 401 unauthorized error. I used Proxyman on the mac to confirm what was being sent.