microsoft-identity-web icon indicating copy to clipboard operation
microsoft-identity-web copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

IDX20804: Unable to retrieve OpenID configuration with DivideByZeroException

Open harshith717 opened this issue 6 months ago • 2 comments
trafficstars

Microsoft.Identity.Web Library

Microsoft.Identity.Web

Microsoft.Identity.Web version

3.8.1

Web app

Sign-in users and call web APIs

Web API

Protected web APIs (validating tokens)

Token cache serialization

In-memory caches

Description

Message: IDX20804: Unable to retrieve document from: 'https://login.microsoftonline.com//v2.0/.well-known/openid-configuration'., InnerException: System.DivideByZeroException.

getting this error

Reproduction steps

1.Configure an ASP.NET Core Web API with Microsoft.Identity.Web using the following code in Program.cs: builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApi(options => { options.Audience = configuration["AzureAd:ClientId"]; options.Authority = $"{configuration["AzureAd:Instance"]}{configuration["AzureAd:TenantId"]}/v2.0"; options.TokenValidationParameters.ValidateIssuer = true; options.TokenValidationParameters.ValidIssuer = $"{configuration["AzureAd:Instance"]}{configuration["AzureAd:TenantId"]}/v2.0"; }, options => { configuration.Bind("AzureAd", options); }); 2.Use the following appsettings.json configuration (anonymized) { "AzureAd": { "Instance": "https://login.microsoftonline.com/", "TenantId": "[your-tenant-id]", "ClientId": "[your-client-id]" } } 3.Deploy the application to [e.g., Azure App Service, IIS, Docker, etc.]. 4.Send a request to an API endpoint protected by the authentication middleware. 5.Observe the error in the logs or response.

Error message

InnerException: System.DivideByZeroException.

Id Web logs

Message: IDX20804: Unable to retrieve document from: 'https://login.microsoftonline.com//v2.0/.well-known/openid-configuration'., InnerException: System.DivideByZeroException.

Relevant code snippets

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApi(options =>
    {
        options.Audience = configuration["AzureAd:ClientId"];
        options.Authority = $"{configuration["AzureAd:Instance"]}{configuration["AzureAd:TenantId"]}/v2.0";
        options.TokenValidationParameters.ValidateIssuer = true;
        options.TokenValidationParameters.ValidIssuer = $"{configuration["AzureAd:Instance"]}{configuration["AzureAd:TenantId"]}/v2.0";
    }, options =>
    {
        configuration.Bind("AzureAd", options);
    });

Regression

No response

Expected behavior

The middleware should successfully retrieve the OpenID Connect configuration from https://login.microsoftonline.com//v2.0/.well-known/openid-configuration and validate incoming JWT tokens without errors.

harshith717 avatar May 22 '25 19:05 harshith717

@harshith717 Does this repro with the latest Microsoft.Identity.Web version 3.9.2?

pmaytak avatar May 23 '25 18:05 pmaytak

+1 to @pmaytak's question. I can't repro that.

also (not related): You don't need to set:

 options.TokenValidationParameters.ValidateIssuer = true;
        options.TokenValidationParameters.ValidIssuer = $"{configuration["AzureAd:Instance"]}{configuration["AzureAd:TenantId"]}/v2.0";

Authority or Instance + TenantId are enough

jmprieur avatar May 30 '25 00:05 jmprieur