update to msal4.30 + pkce support

AzureAD · Apr 20, 2021 · 9e23990 · 9e23990
1 parent 65c99a3
commit 9e23990
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 4 deletions.
diff --git a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
@@ -122,7 +122,7 @@
  <PrivateAssets>all</PrivateAssets>
  <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
  </PackageReference>
- <PackageReference Include="Microsoft.Identity.Client" Version="4.29.0" />
+ <PackageReference Include="Microsoft.Identity.Client" Version="4.30.0" />
 
  <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.205">
  <PrivateAssets>all</PrivateAssets>

diff --git a/src/Microsoft.Identity.Web/TokenAcquisition.cs b/src/Microsoft.Identity.Web/TokenAcquisition.cs
@@ -11,6 +11,7 @@
 using System.Security.Claims;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.Http;
@@ -151,12 +152,14 @@ public async Task AddAccountToCacheFromAuthorizationCodeAsync(
  {
  var application = GetOrBuildConfidentialClientApplication();
 
+ context.TokenEndpointRequest.Parameters.TryGetValue(OAuthConstants.CodeVerifierKey, out string? codeVerifier);
  // Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it and will not send the OAuth 2.0 request in
  // case a further call to AcquireTokenByAuthorizationCodeAsync in the future is required for incremental consent (getting a code requesting more scopes)
  // Share the ID token though
  var builder = application
  .AcquireTokenByAuthorizationCode(scopes.Except(_scopesRequestedByMsal), context.ProtocolMessage.Code)
- .WithSendX5C(_microsoftIdentityOptions.SendX5C);
+ .WithSendX5C(_microsoftIdentityOptions.SendX5C)
+ .WithPkceCodeVerifier(codeVerifier);
 
  if (_microsoftIdentityOptions.IsB2C)
  {

diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
@@ -110,7 +110,6 @@ internal static void WebAppCallsWebApiImplementation(
  .Configure<IServiceProvider>((options, serviceProvider) =>
  {
  options.ResponseType = OpenIdConnectResponseType.Code;
- options.UsePkce = false;
 
  // This scope is needed to get a refresh token when users sign-in with their Microsoft personal accounts
  // It's required by MSAL.NET and automatically provided when users sign-in with work or school accounts

diff --git a/...t.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs b/...t.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
@@ -431,7 +431,6 @@ internal static void PopulateOpenIdOptionsFromMicrosoftIdentityOptions(OpenIdCon
  options.SkipUnrecognizedRequests = microsoftIdentityOptions.SkipUnrecognizedRequests;
  options.DisableTelemetry = microsoftIdentityOptions.DisableTelemetry;
  options.NonceCookie = microsoftIdentityOptions.NonceCookie;
- options.UsePkce = microsoftIdentityOptions.UsePkce;
 #if DOTNET_50_AND_ABOVE
  options.AutomaticRefreshInterval = microsoftIdentityOptions.AutomaticRefreshInterval;
  options.RefreshInterval = microsoftIdentityOptions.RefreshInterval;