OIDC with id_token token Results in 500 Error

Product: PowerShell Universal
Version: 3.2.8

Trying to setup token auth but whenever I try to log in it results in a 500 error. I know the error lists HTTP but I am using HTTPS and have that set in all URLs in the app manifest.

If I leave everything else the same can change “id_token token” to “id_token code” I am able to log in, just no $Session or $accesstoken is available.

I have followed the guide but all still results int he same error.

Any clues to the root cause under wwwroot/logs ? Have you enabled ID token in Azure app registration?

Im using the built in web service, but nothing showing up in logs.
Yes , I have the option for tokens enabled in the App Registration.


Just double checking that you looked in the logs in %ProgramData%\PowerShellUniversal. You should be able to search for [ERR] to find the culprit of the 500 error.

I was looking at those logs and didn’t see anything.
I changed over to using appsettings.json and i can get logins to work.

I am still unable to access the $AccessToken or $Session.
My goal to to setup AZ.KeyVault using the Token.

Are you trying to use the token in dashboards?

Trying to use it in a script to with connect-azaccount to register an Azure keyvault.

The example in the documentation would result in an error that it couldn’t connect when using connect-azaccount.
I am using a onprem hosted version of PSU.

I’m in the same boat, as usual.

Configuring OPEN ID Connect to azure using GUI, i get this informative error when saving:


No errors are recorded in the log file.
The information seems to be saved regardless, but visiting a page with authentication results in Error 500.

after instead configuring through appsettings, i’m not able to enable it

"Authentication" : {
    "OIDC": {
      "Enabled": "true",
      "CallbackPath": "/auth/signin-oidc",
      "ClientID": "52ce8e91fghjfghj90ed8",
      "ClientSecret": "0fghjfghj0",
      "Resource": "https://graph.microsoft.com/",
      "Authority": "https://login.microsoftonline.com/a6230a1c-393a-4c9e-99fghjfghj9",
      "ResponseType": "id_token token",
      "SaveTokens": "true",
      "UseTokenLifetime": true

Edit: gotta remember to remove the entry in authentication.ps1 bore the appsettings one stick.