6
Views
3
Comments
[MSAL Plugin] Failed to deserialize JSON to MSALAccountList: Could not convert
Forge component by Walter Robins
2
Published on 15 Jan 2021
Application Type
Mobile

Hi All,

I have problem Failed to deserialize JSON to MSALAccountList: Could not convert :

'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6ImtnMkxZczJUMENUaklmajRydDZKSXluZW4zOCJ9.eyJhdWQiOiJiOTdiMjEzZS1kNWRiLTQ1MzktOTEyZi05ZWEwYzY0ZGVmYzciLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vY2U1MzMwZmMtZGE3Ni00ZGIwLThiODMtOWRmZGQ5NjNmMDlhL3YyLjAiLCJpYXQiOjE2MDYyMzM1ODYsIm5iZiI6MTYwNjIzMzU4NiwiZXhwIjoxNjA2MjM3NDg2LCJhaW8iOiJBVlFBcS84UkFBQUFkOGJVSXZKZnMwdVpNSGhyZkJseU50Nll2cmtFVldDTWZ1bUZxcnVyZlZtbnRwejdLbkppY0VGNE5VZy9EM0RYbEw2OTNWbFdPSGMraHFSTUdMTXlvbUo3U1V2d21weFZFMWRnTm9WVFcyND0iLCJhenAiOiJiOTdiMjEzZS1kNWRiLTQ1MzktOTEyZi05ZWEwYzY0ZGVmYzciLCJhenBhY3IiOiIwIiwibmFtZSI6IkJpa3RlbWlyb3ZhLCBMZXlsYSIsIm9pZCI6ImVjYWEyODBhLTE1M2UtNGUzMi05NmVhLTNmNTAzNzEzM2NmNiIsInByZWZlcnJlZF91c2VybmFtZSI6ImxleWxhLmJpa3RlbWlyb3ZhQGJvcmVhbGlzZ3JvdXAuY29tIiwicmgiOiIwLkFRa0FfREJUem5iYXNFMkxnNTM5MldQd21qNGhlN25iMVRsRmtTLWVvTVpONzhjSkFCNC4iLCJzY3AiOiJVc2VyLlJlYWQiLCJzdWIiOiI5enk2MmJUcnlaZU1pV3lZQzVPRnJqY2xlMERkT1dmX1VMWWxSS0NtNVk4IiwidGlkIjoiY2U1MzMwZmMtZGE3Ni00ZGIwLThiODMtOWRmZGQ5NjNmMDlhIiwidXRpIjoiYldzT1V5OElJRWFOOTMxUjdRLWdBQSIsInZlciI6IjIuMCJ9.D0Gczio4_eotIjAu28VE5ilwfI_o9s4jJ_ncjv1nNGN-G64JsCk6a7Igg-3KvhNw93BGJT_JicJGVNW5u0IC3Rn8-tY61mRL37yNpmqDohfs9wGi2d_JU-goNXgvb52T0xoc6zT2i_FG8CVcs4Tr7u9toAPhWhEwO8n_te3gD3Zqp5hsMaGcJIaZNh1jOm8uZNss60VvL7eVxy9GJhEZQdLVdOEffhjqu3gEYekmFJgty5PUCmoVDh1DIPZIKojzk6wBGyQEKULv9L_4vgDhYTtvoV0p4GSMDlusjfXYJ_vzDpvj5oy4ku39M69E6guqNIKFDrM9Tqx5ziT45tELeg' to List 


I guess this is RuntimeError which should be handled, but not sure how it work.

As I understood in this string should be only Id and Username, but it lloks too big.

I look forward to your response,

Kirill

Rank: #6070

Hi Kirill!

That long string you get back from the plugin is actually a JWT (JSON Web Token) and is essentially a hashed signature of the successful authentication. This needs to be validated by Microsoft. I chose to do this for security, although I may revisit this in future versions of the plugin once I understand how the black box of the MSAL library works behind the scenes better. In any case, once you get this string back from SignInUserSilent/SignInUserInteractive, send a GET request to 

https://graph.microsoft.com/v1.0/me

with one header

Authorization: <SignInUserSilent.JWT/SignInUserInteractive.JWT (that string you posted)>

You will get back an object that looks something like this:

{

  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",

  "businessPhones": [

    "+12345678910"

  ],

  "displayName": "Robins, Walter",

  "givenName": "Walter",

  "jobTitle": "Developer",

  "mail": null,

  "mobilePhone": null,

  "officeLocation": null,

  "preferredLanguage": null,

  "surname": "Robins",

  "userPrincipalName": "wrobins@myemailaddr.com",

  "id": "myaccount-guid-1234"

}


You can use that to get your account information. Let me know if that helps you get started or if you have more questions!


Stay safe

Rank: #1926

Hi Walter,


Thank you for answer.

To do GET call I need to understand right place.

I guess that it can be in GetAccount action before deserialization. Because SignInUserSilent/SignInUserInteractive doesn't uses anywhere...

BR, Kirill

Rank: #238

Afaik, proper call order would be:

MSALInit -> GetAccounts -> SignInUser[Interactive|Silent] -> Graph API (with JWT)

In other words, after you have verified user's identity, you can use that identity token to get user's authorizations/other profile info from Graph API.

Not directly related, but a heads-up:

string should be only Id and Username

This is true, but only if you initialize MSAL with accountmode "MULTIPLE". Iif MSAL is initialized with accountmode "SINGLE", return value for GetAccounts.Accounts will be a single item array ["account-guid"], which is serialized to empty list. This is not handled by default and deserialization to MSALAccountList will always return an empty list.

br,

-Mikko(N)