Fix #2456

[jmprieur]

Fixes delegate called twice in AddMicrosoftIdentityWebApp (and hence TokenValidated event called twice)

In a web app using the initialization with delegates (not by configuration), and using EnableTokenAcquisitionToCallDownstreamApi, the delegate was called twice. This is because the configuration of the MicrosoftIdentityOptions was needed in the MISE EnableTokenAcquisitionToCallDownstreamApi method, whereas IdWeb AddMicrosoftIdentityWebApp had called it already.

Description

• Fixes the issue
• Adds a regression test in the WebAppCallGraph devapp
• Re add a net7.0 target framework as the first framework, as Visual Studio does no longer display the files in the solution explorer :-(

Fixes #2456

[jennyf19]

Suggested change

	null,
	null, // already initialized

[duanepfeiffer]

Will this fix the issue for .NET 6? Also, when will it be released? I'm running 2.14.0 right now.

[jmprieur]

It's fixed in 2.15.1, @duanepfeiffer

[TejendraPrasad]

@jmprieur I am getting the same error "AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token." after updating Version to 2.15.2.0.. It was fine for 1 month....

09:53:35] [Error] [Microsoft.Identity.Web.TokenAcquisition] False MSAL 4.56.0.0 MSAL.NetCore .NET 6.0.15 Microsoft Windows 10.0.17763 [2023-11-17 09:53:35Z - 77da2591-ddf7-40c0-adf6-c6ccf4c43238] Exception type: Microsoft.Identity.Client.MsalUiRequiredException
, ErrorCode: invalid_grant
HTTP StatusCode 400
CorrelationId 77da2591-ddf7-40c0-adf6-c6ccf4c43238

at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.ExecuteRequestAsync[T](Uri endPoint, HttpMethod method, RequestContext requestContext, Boolean expectErrorsOn200OK, Boolean addCommonHeaders, Func2 onBeforePostRequestData) at Microsoft.Identity.Client.OAuth2.OAuth2Client.GetTokenAsync(Uri endPoint, RequestContext requestContext, Boolean addCommonHeaders, Func2 onBeforePostRequestHandler)
at Microsoft.Identity.Client.OAuth2.TokenClient.SendHttpAndClearTelemetryAsync(String tokenEndpoint, ILoggerAdapter logger)
at Microsoft.Identity.Client.OAuth2.TokenClient.SendHttpAndClearTelemetryAsync(String tokenEndpoint, ILoggerAdapter logger)
at Microsoft.Identity.Client.OAuth2.TokenClient.SendTokenRequestAsync(IDictionary2 additionalBodyParameters, String scopeOverride, String tokenEndpointOverride, CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.RequestBase.SendTokenRequestAsync(IDictionary2 additionalBodyParameters, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.ConfidentialAuthCodeRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
[09:53:35] [Error] [Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler] Exception occurred while processing message.
MSAL.NetCore.4.56.0.0.MsalUiRequiredException:
ErrorCode: invalid_grant
Microsoft.Identity.Client.MsalUiRequiredException: AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: ecd07edb-bb52-4b2b-8c15-ee2f7f4e2600 Correlation ID: 77da2591-ddf7-40c0-adf6-c6ccf4c43238 Timestamp: 2023-11-17 09:53:36Z
at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.ExecuteRequestAsync[T](Uri endPoint, HttpMethod method, RequestContext requestContext, Boolean expectErrorsOn200OK, Boolean addCommonHeaders, Func2 onBeforePostRequestData) at Microsoft.Identity.Client.OAuth2.OAuth2Client.GetTokenAsync(Uri endPoint, RequestContext requestContext, Boolean addCommonHeaders, Func2 onBeforePostRequestHandler)
at Microsoft.Identity.Client.OAuth2.TokenClient.SendHttpAndClearTelemetryAsync(String tokenEndpoint, ILoggerAdapter logger)
at Microsoft.Identity.Client.OAuth2.TokenClient.SendHttpAndClearTelemetryAsync(String tokenEndpoint, ILoggerAdapter logger)
at Microsoft.Identity.Client.OAuth2.TokenClient.SendTokenRequestAsync(IDictionary2 additionalBodyParameters, String scopeOverride, String tokenEndpointOverride, CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.RequestBase.SendTokenRequestAsync(IDictionary2 additionalBodyParameters, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.ConfidentialAuthCodeRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenByAuthorizationCodeParameters authorizationCodeParameters, CancellationToken cancellationToken)
at Microsoft.Identity.Web.TokenAcquisition.AddAccountToCacheFromAuthorizationCodeAsync(AuthCodeRedemptionParameters authCodeRedemptionParameters)
at Microsoft.Identity.Web.TokenAcquisitionAspNetCore.AddAccountToCacheFromAuthorizationCodeAsync(AuthorizationCodeReceivedContext context, IEnumerable`1 scopes, String authenticationScheme)
at Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.<>c__DisplayClass11_1.<b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.<>c__DisplayClass11_1.<b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage authorizationResponse, ClaimsPrincipal user, AuthenticationProperties properties, JwtSecurityToken jwt)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
StatusCode: 400
ResponseBody: {"error":"invalid_grant","error_description":"AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: ecd07edb-bb52-4b2b-8c15-ee2f7f4e2600 Correlation ID: 77da2591-ddf7-40c0-adf6-c6ccf4c43238 Timestamp: 2023-11-17 09:53:36Z","error_codes":[54005],"timestamp":"2023-11-17 09:53:36Z","trace_id":"ecd07edb-bb52-4b2b-8c15-ee2f7f4e2600","correlation_id":"77da2591-ddf7-40c0-adf6-c6ccf4c43238"}
Headers: Cache-Control: no-store, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
client-request-id: 77da2591-ddf7-40c0-adf6-c6ccf4c43238
x-ms-request-id: ecd07edb-bb52-4b2b-8c15-ee2f7f4e2600
x-ms-ests-server: 2.1.16729.8 - NEULR1 ProdSlices
x-ms-clitelem: 1,54005,0,,
X-XSS-Protection: 0
Set-Cookie: fpc=Au0zPikUqa5MqZfs_iUWQWrcAm_7AgAAAB4v6dwOAAAA; expires=Sun, 17-Dec-2023 09:53:36 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=estsfd; path=/; secure; httponly
Date: Fri, 17 Nov 2023 09:53:35 GMT

[09:53:35] [Error] [] OnAuthenticationFailed AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: ecd07edb-bb52-4b2b-8c15-ee2f7f4e2600 Correlation ID: 77da2591-ddf7-40c0-adf6-c6ccf4c43238 Timestamp: 2023-11-17 09:53:36Z
MSAL.NetCore.4.56.0.0.MsalUiRequiredException:
ErrorCode: invalid_grant
Microsoft.Identity.Client.MsalUiRequiredException: AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: ecd07edb-bb52-4b2b-8c15-ee2f7f4e2600 Correlation ID: 77da2591-ddf7-40c0-adf6-c6ccf4c43238 Timestamp: 2023-11-17 09:53:36Z
at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.ExecuteRequestAsync[T](Uri endPoint, HttpMethod method, RequestContext requestContext, Boolean expectErrorsOn200OK, Boolean addCommonHeaders, Func2 onBeforePostRequestData) at Microsoft.Identity.Client.OAuth2.OAuth2Client.GetTokenAsync(Uri endPoint, RequestContext requestContext, Boolean addCommonHeaders, Func2 onBeforePostRequestHandler)
at Microsoft.Identity.Client.OAuth2.TokenClient.SendHttpAndClearTelemetryAsync(String tokenEndpoint, ILoggerAdapter logger)
at Microsoft.Identity.Client.OAuth2.TokenClient.SendHttpAndClearTelemetryAsync(String tokenEndpoint, ILoggerAdapter logger)
at Microsoft.Identity.Client.OAuth2.TokenClient.SendTokenRequestAsync(IDictionary2 additionalBodyParameters, String scopeOverride, String tokenEndpointOverride, CancellationToken cancellationToken) at Microsoft.Identity.Client.Internal.Requests.RequestBase.SendTokenRequestAsync(IDictionary2 additionalBodyParameters, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.ConfidentialAuthCodeRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenByAuthorizationCodeParameters authorizationCodeParameters, CancellationToken cancellationToken)
at Microsoft.Identity.Web.TokenAcquisition.AddAccountToCacheFromAuthorizationCodeAsync(AuthCodeRedemptionParameters authCodeRedemptionParameters)
at Microsoft.Identity.Web.TokenAcquisitionAspNetCore.AddAccountToCacheFromAuthorizationCodeAsync(AuthorizationCodeReceivedContext context, IEnumerable`1 scopes, String authenticationScheme)
at Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.<>c__DisplayClass11_1.<b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.<>c__DisplayClass11_1.<b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RunAuthorizationCodeReceivedEventAsync(OpenIdConnectMessage authorizationResponse, ClaimsPrincipal user, AuthenticationProperties properties, JwtSecurityToken jwt)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleRemoteAuthenticateAsync()
StatusCode: 400
ResponseBody: {"error":"invalid_grant","error_description":"AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: ecd07edb-bb52-4b2b-8c15-ee2f7f4e2600 Correlation ID: 77da2591-ddf7-40c0-adf6-c6ccf4c43238 Timestamp: 2023-11-17 09:53:36Z","error_codes":[54005],"timestamp":"2023-11-17 09:53:36Z","trace_id":"ecd07edb-bb52-4b2b-8c15-ee2f7f4e2600","correlation_id":"77da2591-ddf7-40c0-adf6-c6ccf4c43238"}
Headers: Cache-Control: no-store, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
client-request-id: 77da2591-ddf7-40c0-adf6-c6ccf4c43238
x-ms-request-id: ecd07edb-bb52-4b2b-8c15-ee2f7f4e2600
x-ms-ests-server: 2.1.16729.8 - NEULR1 ProdSlices
x-ms-clitelem: 1,54005,0,,
X-XSS-Protection: 0
Set-Cookie: fpc=Au0zPikUqa5MqZfs_iUWQWrcAm_7AgAAAB4v6dwOAAAA; expires=Sun, 17-Dec-2023 09:53:36 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=estsfd; path=/; secure; httponly
Date: Fri, 17 Nov 2023 09:53:35 GMT