First API request for data does complete

michael · August 3, 2019, 5:32pm

The first request for data from MsGraph never completes. Subsequent requests complete as expected.

Hello Radzen Team,

I have MsGraph as a data source using Azure AD authorization

here is what I see.

the response to the first request to MsGraph for data is a 401 Unauthorized response with redirect to authentication uri. as expected.
auth service will then initiate authorization, requesting an ID_Token. whereby an ID_Token is received and saved. but the process ends there. the request for data is not resent.
The response to a second request is also a 401 Unauthorized response with redirect to authentication uri.
auth service will then initiate authorization, requesting an Access Token. whereby an Access Token is received and saved.
the request is then resent and the requested data is received successfully

By the way this is not limited to MsGraph. I see the same behavior with my custom API which also uses Azure AD Authentication.

We are able to workaround this by modifying the Auth service and including Access Token in the initial authorization request. but I'm not sure if this is the right solution and I would prefer not having to add the auth service to the code generation ignore list.

thanks for you help,
michael

korchev · August 3, 2019, 7:12pm

Unfortunately I couldn't understand what the problem is. My local tests with MSGraph don't show the described behaviour. Still what is the change that makes it work? We can probably add it to the default auth service. By the way you shouldn't be afraid to exclude files from code generation - this is what this feature was made for

michael · August 3, 2019, 7:37pm

@korchev,

ok. I wonder if you are not seeing the issue because the information you requested does not require an Access Token. maybe the ID_Token is sufficient.

my request using the MS Graph API is for data from a sharepoint list. this requires an Access Token. So I am guessing that is the difference.

in the Auth service, the login() method does not request an Access Token, only an ID token

...&response_type=id_token&nonce=${this.nonce}...

However the refreshToken() method does request an access Token

...&response_type=token&nonce=${this.nonce}....

So the work around is to add access token to the response_type in the login() method

...&response_type=id_token token&nonce=${this.nonce}...

does this make sense?

michael

korchev · August 3, 2019, 8:52pm

The way our Azure AD implementation works is to first request the id_token and then use it to get the access_token. I think this was the officially recommended approach by Microsoft. It seems that it is possible to get the access_token right from the start. I am not 100% it will work in all cases though and will have to test before changing the azure ad service implementation. I recommend using your workaround for the time being.