Related to:

- #248 - #38
AzureAD · Jul 15, 2020 · 12fc385 · 12fc385
1 parent 2f133d1
commit 12fc385
Showing 1 changed file with 21 additions and 9 deletions.
diff --git a/src/Microsoft.Identity.Web/TokenAcquisition.cs b/src/Microsoft.Identity.Web/TokenAcquisition.cs
@@ -180,6 +180,8 @@ public async Task<string> GetAccessTokenOnBehalfOfUserAsync(
         /// </summary>
         /// <param name="scopes">Scopes to request for the downstream API to call.</param>
         /// <param name="tenant">Enables overriding of the tenant/account for the same identity. This is useful in the
+        /// <paramref name="user"/>Optional claims principal representing the user. If not provided, will use the signed-in
+        /// user (in a Web app), or the user for which the token was received (in a Web API)</param>
         /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in.</param>
         /// <returns>An access token to call the downstream API and populated with this downstream API's scopes.</returns>
         /// <remarks>Calling this method from a Web API supposes that you have previously called,
@@ -189,7 +191,8 @@ public async Task<string> GetAccessTokenOnBehalfOfUserAsync(
         /// OpenIdConnectOptions.Events.OnAuthorizationCodeReceived.</remarks>
         public async Task<string> GetAccessTokenForUserAsync(
             IEnumerable<string> scopes,
-            string? tenant = null)
+            string? tenant = null,
+            ClaimsPrincipal? user = null)
         {
             if (scopes == null)
             {
@@ -202,7 +205,7 @@ public async Task<string> GetAccessTokenForUserAsync(
 
             try
             {
-                accessToken = await GetAccessTokenOnBehalfOfUserFromCacheAsync(_application, CurrentHttpContext.User, scopes, tenant)
+                accessToken = await GetAccessTokenOnBehalfOfUserFromCacheAsync(_application, user ?? CurrentHttpContext.User, scopes, tenant)
                     .ConfigureAwait(false);
             }
             catch (MsalUiRequiredException ex)
@@ -326,12 +329,16 @@ private async Task<IConfidentialClientApplication> GetOrBuildConfidentialClientA
         /// </summary>
         private async Task<IConfidentialClientApplication> BuildConfidentialClientApplicationAsync()
         {
-            var request = CurrentHttpContext.Request;
-            string currentUri = UriHelper.BuildAbsolute(
-                request.Scheme,
-                request.Host,
-                request.PathBase,
-                _microsoftIdentityOptions.CallbackPath.Value ?? string.Empty);
+            var request = CurrentHttpContext?.Request;
+            string currentUri = null;
+            if (request != null)
+            {
+                currentUri = UriHelper.BuildAbsolute(
+                    request.Scheme,
+                    request.Host,
+                    request.PathBase,
+                    _microsoftIdentityOptions.CallbackPath.Value ?? string.Empty);
+            }
 
             if (!_applicationOptions.Instance.EndsWith("/", StringComparison.InvariantCulture))
             {
@@ -346,9 +353,14 @@ private async Task<IConfidentialClientApplication> BuildConfidentialClientApplic
             {
                 var builder = ConfidentialClientApplicationBuilder
                         .CreateWithApplicationOptions(_applicationOptions)
-                        .WithRedirectUri(currentUri)
                         .WithHttpClientFactory(_httpClientFactory);
 
+                // The redirect URI is not needed for OBO
+                if (currentUri != null)
+                {
+                    builder.WithRedirectUri(currentUri);
+                }
+
                 string authority;
 
                 if (_microsoftIdentityOptions.IsB2C)