Hero Banner

Control Panel Vendors (CPVs)

Onboarded as a CPV, ask questions and learn how to keep your platform secure

Take the survey
Reply
marksgoff
Level 2 Contributor
‎04-01-2019 04:45 PM
Level 2 Contributor
‎04-01-2019 04:45 PM

AAD Token needs refreshing but no handler was registered

We recently shipped our control panel with updates to use the secure application model. Everything tested perfectly fine in our sandbox. When a customer deployed our changes we see the following error when trying to access GRAPH api with a token obtained from the refresh token:

 

Partner Exception: Error Category: Unauthorized Service Error Payload: null Context: Request Id: f41cfc3f-4f56-487d-ac66-0a8c2f45a1d7, Correlation Id: b665d93b-4a92-41eb-a714-ae1c98c5737e, Locale: en-US Base Description: Microsoft.Store.PartnerCenter.Exceptions.PartnerException: Refreshing the credentials has failed. ---> Microsoft.Store.PartnerCenter.Exceptions.PartnerException: AAD Token needs refreshing but no handler was registered.

 

The error occurs when trying to submit a payload like the following:

 

var contents = new JObject
{
// Provide your application display name
["displayName"] = provider.ClientDisplayName,

// Provide your application id
["applicationId"] = provider.ClientId,

// Provide your application grants
["applicationGrants"] = new JArray(
JObject.Parse("{\"enterpriseApplicationId\": \"00000002-0000-0000-c000-000000000000\", \"scope\":\"Domain.ReadWrite.All,User.ReadWrite.All,Directory.Read.All\"}"), // for graph api access, Directory.Read.All
JObject.Parse("{\"enterpriseApplicationId\": \"797f4846-ba00-4fd7-ba43-dac1f8f63013\", \"scope\":\"user_impersonation\"}")) 
};

 

To endpoint

 

endpoint = $"https://api.partnercenter.microsoft.com/v1/customers/{customerId}/applicationconsents";

 

We obtain the token as follows:

 

POST https://login.microsoftonline.com/REDACTED/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: login.microsoftonline.com
Content-Length: 1361
Expect: 100-continue
Connection: Keep-Alive

resource=https%3a%2f%2fapi.partnercenter.microsoft.com&client_id=1f505836-d9c8-40b6-95ae-48639ab48c3b&client_secret=REDACTED&grant_type=refresh_token&refresh_token=REDACTED&scope=openid

 

Can you advise on what would cause this error. As I said the exact same code works without issue on our partner center sandbox.

Labels:
0 Kudos
1 REPLY 1
marksgoff
Level 2 Contributor
‎04-01-2019 04:46 PM
Level 2 Contributor
‎04-01-2019 04:46 PM

One correction. I said "trying to access GRAPH api" which should be "trying to access the partner center api"

0 Kudos
Follow Us
    Share