IConfidentialClientApplication.AcquireTokenForClient returning request timeout exception sometimes

Alexander Carvalho 0 Reputation points
2023-07-19T19:07:28.5566667+00:00

Hi, I'm doing a migration from AuthenticationContext.AcquireTokenAsync to IConfidentialClientApplication.AcquireTokenForClient, because we use the former method to get a token from Azure and access some KeyVault secrets, but recently it started to fail a lot and I saw it was deprecated. I changed as described in this Microsoft's article and it worked, but it sometimes fails with a timeout error and I have no ideia why.

Here's my code:

using BHSAxter.KeyVaultApi.Infra.Token.Services.Definition;
using Microsoft.Azure.KeyVault;
using Microsoft.Identity.Client;
using System;
using System.Threading.Tasks;

namespace BHSAxter.KeyVaultApi.Infra.Token.Services.Implementation
{
    public class TokenService : ITokenService
    {
        //private readonly ClientCredential _appCredentials;
        private readonly string _clientId;
        private readonly string _clientSecret;

        public TokenService(string clientId, string clientSecret)
        {
            _clientId = clientId;
            _clientSecret = clientSecret;
        }

        public KeyVaultClient GetAccessToken()
        {
            var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetTokenAsync));
            return keyVaultClient;
        }

        private async Task<string> GetTokenAsync(string authority, string resource, string scope)
        {
            var app = ConfidentialClientApplicationBuilder.Create(_clientId)
            .WithClientSecret(_clientSecret)
            .WithAuthority(authority)
            .Build();

            var result = await app.AcquireTokenForClient(
            new[] { $"{resource}/.default" })
            // .WithTenantId(specificTenant)
            // See https://aka.ms/msal.net/withTenantId
            .ExecuteAsync();

            if (result == null)
                throw new InvalidOperationException("Failed to obtain the JWT token");

            return result.AccessToken;
        }
    }
}

Details from the error:

Microsoft.Identity.Client.MsalServiceException

HResult=0x80131500

Message=Request to the endpoint timed out.

Source=Microsoft.Identity.Client

StackTrace:

at Microsoft.Identity.Client.Internal.Requests.RequestBase.<HandleTokenRefreshErrorAsync>d__31.MoveNext()

at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.<ExecuteAsync>d__2.MoveNext()

at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__12.MoveNext()

at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.<ExecuteAsync>d__3.MoveNext()

at BHSAxter.KeyVaultApi.Infra.Token.Services.Implementation.TokenService.<GetTokenAsync>d__4.MoveNext() in C:\Users\alexander.carvalho\source\repos\BHS-PortalCliente\BHSAxter.KeyVaultApi\BHSAxter.KeyVaultApi.Infra.Token\Services\Implementation\TokenService.cs:line 38

at Microsoft.Azure.KeyVault.KeyVaultCredential.<PostAuthenticate>d__11.MoveNext()

at Microsoft.Azure.KeyVault.KeyVaultCredential.<ProcessHttpRequestAsync>d__13.MoveNext()

at Microsoft.Azure.KeyVault.KeyVaultClient.<GetSecretWithHttpMessagesAsync>d__65.MoveNext()

at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.<GetSecretAsync>d__13.MoveNext()

at BHSAxter.KeyVaultApi.Service.Implementation.SecretService.<GetSecretAsync>d__5.MoveNext() in C:\Users\alexander.carvalho\source\repos\BHS-PortalCliente\BHSAxter.KeyVaultApi\BHSAxter.KeyVaultApi.Application\Implementation\SecretService.cs:line 35

This exception was originally thrown at this call stack:

[External Code]

Inner Exception 1:

TaskCanceledException: The operation was canceled.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,350 questions