Hero Banner

Control Panel Vendors (CPVs)

Onboarded as a CPV, ask questions and learn how to keep your platform secure

Level 2 Contributor

AAD Token needs refreshing but no handler was registered

We recently shipped our control panel with updates to use the secure application model. Everything tested perfectly fine in our sandbox. When a customer deployed our changes we see the following error when trying to access GRAPH api with a token obtained from the refresh token:


Partner Exception: Error Category: Unauthorized Service Error Payload: null Context: Request Id: f41cfc3f-4f56-487d-ac66-0a8c2f45a1d7, Correlation Id: b665d93b-4a92-41eb-a714-ae1c98c5737e, Locale: en-US Base Description: Microsoft.Store.PartnerCenter.Exceptions.PartnerException: Refreshing the credentials has failed. ---> Microsoft.Store.PartnerCenter.Exceptions.PartnerException: AAD Token needs refreshing but no handler was registered.


The error occurs when trying to submit a payload like the following:


var contents = new JObject
// Provide your application display name
["displayName"] = provider.ClientDisplayName,

// Provide your application id
["applicationId"] = provider.ClientId,

// Provide your application grants
["applicationGrants"] = new JArray(
JObject.Parse("{\"enterpriseApplicationId\": \"00000002-0000-0000-c000-000000000000\", \"scope\":\"Domain.ReadWrite.All,User.ReadWrite.All,Directory.Read.All\"}"), // for graph api access, Directory.Read.All
JObject.Parse("{\"enterpriseApplicationId\": \"797f4846-ba00-4fd7-ba43-dac1f8f63013\", \"scope\":\"user_impersonation\"}")) 


To endpoint


endpoint = $"https://api.partnercenter.microsoft.com/v1/customers/{customerId}/applicationconsents";


We obtain the token as follows:


POST https://login.microsoftonline.com/REDACTED/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: login.microsoftonline.com
Content-Length: 1361
Expect: 100-continue
Connection: Keep-Alive



Can you advise on what would cause this error. As I said the exact same code works without issue on our partner center sandbox.

Level 2 Contributor

One correction. I said "trying to access GRAPH api" which should be "trying to access the partner center api"