From 9e23990c1e4e452be26085e2480259618c21cbb7 Mon Sep 17 00:00:00 2001
From: Jennyf19 <jeferrie@microsoft.com>
Date: Tue, 20 Apr 2021 14:27:50 -0700
Subject: [PATCH] update to msal4.30 + pkce support

---
 src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj     | 2 +-
 src/Microsoft.Identity.Web/TokenAcquisition.cs               | 5 ++++-
 .../MicrosoftIdentityWebAppAuthenticationBuilder.cs          | 1 -
 ...MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs | 1 -
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
index 61707c15d..261ba318e 100644
--- a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
+++ b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
@@ -122,7 +122,7 @@
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
-    <PackageReference Include="Microsoft.Identity.Client" Version="4.29.0" />
+    <PackageReference Include="Microsoft.Identity.Client" Version="4.30.0" />
 
     <PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.205">
       <PrivateAssets>all</PrivateAssets>
diff --git a/src/Microsoft.Identity.Web/TokenAcquisition.cs b/src/Microsoft.Identity.Web/TokenAcquisition.cs
index 7c9466c13..9b396a1b5 100644
--- a/src/Microsoft.Identity.Web/TokenAcquisition.cs
+++ b/src/Microsoft.Identity.Web/TokenAcquisition.cs
@@ -11,6 +11,7 @@
 using System.Security.Claims;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.OAuth;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.Http;
@@ -151,12 +152,14 @@ public async Task AddAccountToCacheFromAuthorizationCodeAsync(
             {
                 var application = GetOrBuildConfidentialClientApplication();
 
+                context.TokenEndpointRequest.Parameters.TryGetValue(OAuthConstants.CodeVerifierKey, out string? codeVerifier);
                 // Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it and will not send the OAuth 2.0 request in
                 // case a further call to AcquireTokenByAuthorizationCodeAsync in the future is required for incremental consent (getting a code requesting more scopes)
                 // Share the ID token though
                 var builder = application
                     .AcquireTokenByAuthorizationCode(scopes.Except(_scopesRequestedByMsal), context.ProtocolMessage.Code)
-                    .WithSendX5C(_microsoftIdentityOptions.SendX5C);
+                    .WithSendX5C(_microsoftIdentityOptions.SendX5C)
+                    .WithPkceCodeVerifier(codeVerifier);
 
                 if (_microsoftIdentityOptions.IsB2C)
                 {
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
index f091cb199..e634b105f 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
@@ -110,7 +110,6 @@ internal static void WebAppCallsWebApiImplementation(
                    .Configure<IServiceProvider>((options, serviceProvider) =>
                    {
                        options.ResponseType = OpenIdConnectResponseType.Code;
-                       options.UsePkce = false;
 
                        // This scope is needed to get a refresh token when users sign-in with their Microsoft personal accounts
                        // It's required by MSAL.NET and automatically provided when users sign-in with work or school accounts
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
index f9c8699be..c0c040275 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
@@ -431,7 +431,6 @@ internal static void PopulateOpenIdOptionsFromMicrosoftIdentityOptions(OpenIdCon
             options.SkipUnrecognizedRequests = microsoftIdentityOptions.SkipUnrecognizedRequests;
             options.DisableTelemetry = microsoftIdentityOptions.DisableTelemetry;
             options.NonceCookie = microsoftIdentityOptions.NonceCookie;
-            options.UsePkce = microsoftIdentityOptions.UsePkce;
 #if DOTNET_50_AND_ABOVE
             options.AutomaticRefreshInterval = microsoftIdentityOptions.AutomaticRefreshInterval;
             options.RefreshInterval = microsoftIdentityOptions.RefreshInterval;