Replies: 1 comment
-
thanks @TLevitt I opened an issue with this so we can investigate. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is it possible to set a discovery URI for API token acquisition?
var accessToken = await _tokenAcquisition.GetAccessTokenForAppAsync(scopesToAccessDownstreamApi);
With WebApps, setting the authority along with the tenant, client, and secret configs will send you to the authority for discovery ex:
https://myCustomAuthority/myTenantId/oauth2/v2.0/.well-known/openid-configuration
TokenAcquisition is using:
var builder = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(_applicationOptions) .WithHttpClientFactory(_httpClientFactory)
microsoft-identity-web/src/Microsoft.Identity.Web/TokenAcquisition.cs
Line 583 in b106d9a
Which then creates a new ConfidentialClientApplicationBuilder with an empty ApplicationConfiguration object so the CustomInstanceDiscovery is always null
var config = new ApplicationConfiguration(); var builder = new ConfidentialClientApplicationBuilder(config).WithOptions(options);
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/ac7541c1aa1c7bdbb20df5c7e72628161f826f44/src/client/Microsoft.Identity.Client/AppConfig/ConfidentialClientApplicationBuilder.cs#L42
This causes GetAccessTokenForAppAsync to always request:
https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=.......%2Fauthorize
Instead of a cached or custom discovery endpoint.
Is this possible or would it be a feature request?
Beta Was this translation helpful? Give feedback.
All reactions