Id.Web - Inability to instantiate TokenAcquirerFactory

[jbp182]

Microsoft.Identity.Web Library

Microsoft.Identity.Web.TokenAcquisition

Microsoft.Identity.Web version

3.10.0

Web app

Not Applicable

Web API

Not Applicable

Token cache serialization

Not Applicable

Description

Starting on Id.Web version 3.9.1, in some situations, calling TokenAcquirerFactory.GetDefaultInstance will throw ArgumentNullException for 'basePath' parameter, resulting in impossibility to instantiate TokenAcquirerFactory.

Impact
Inability to instantiate TokenAcquirerFactory.

Version of the libraries
Starts on Id.Web 3.9.1

Reproduction steps

Unable to reproduce the whole flow due to admin configuration, but below I will explain the issue, and provide small instructions to confirm this.

GetDefaultInstance calls ReadConfiguration, which calls DefineConfiguration(builder).
Before version 3.9.1, DefineConfiguration method was implemented as shown below

Assembly.Location returns the full path for the assembly file, including the file in the path.
This means that Path.GetDirectoryName will return the parent directory, and never null.

After 3.9.1, its implementation is:

AppContext.BaseDirectory returns the path for a directory. In case it returns C:\ or / or \server\share, Path.GetDirectoryName will return null, which in turn will set basePath local var value under ReadConfiguration to null, resulting in ArgumentNullException when calling SetBasePath.
Image

This did not happen with Assembly.Location, which returned the path for the dll file, not the directory. Example:
Console.WriteLine($"{Path.GetDirectoryName("C:\\") is null}"); // Output: True (path similar to what we can obtain from AppContext.BaseDirectory)
Console.WriteLine($"{Path.GetDirectoryName("C:\\a.dll")}"); // Output: C:\ (path similar to what we can obtain from Assembly.Location)

Error message

System.ArgumentNullException: Value cannot be null. (Parameter 'basePath')
at System.ThrowHelper.Throw(String paramName)
at Microsoft.Extensions.Configuration.FileConfigurationExtensions.SetBasePath(IConfigurationBuilder builder, String basePath)
at Microsoft.Identity.Web.TokenAcquirerFactory.ReadConfiguration()
at Microsoft.Identity.Web.TokenAcquirerFactory.GetDefaultInstance(String configSection)

Id Web logs

No response

Relevant code snippets

// Unable to reproduce completely because of admin permissions

Console.WriteLine($"{Path.GetDirectoryName("C:\\") is null}"); // Output: True (path similar to what we can obtain from AppContext.BaseDirectory)
Console.WriteLine($"{Path.GetDirectoryName("C:\\a.dll")}"); // Output: C:\ (path similar to what we can obtain from Assembly.Location)

Regression

Id Web 3.9.0

Expected behavior

DefineConfiguration should never return null, otherwise TokenAcquirerFactory instantiation will fail.