AddMicrosoftIdentityWebApi ignores missing configuration

[andreas-valtech]

Microsoft.Identity.Web Library

Microsoft.Identity.Web

Microsoft.Identity.Web version

3.0.1

Web app

Sign-in users and call web APIs

Web API

Protected web APIs call downstream web APIs

Token cache serialization

In-memory caches

Description

When using the AddMicrosoftIdentityWebApi with the following code:

services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
                .AddMicrosoftIdentityWebApi(configuration, "AzureAdB2C", JwtBearerDefaults.AuthenticationScheme, false)
                .EnableTokenAcquisitionToCallDownstreamApi();

The call succeeds even if the config section is empty. We are using dotnet user-secrets and had not added a "AzureAdB2C" section in one of our developers secrets stores. The result was a misbehaving app since authentication was not setup but no other error happened right away.

Reproduction steps

1. Add a new mvc app with dotnet new mvc -n ExampleApp
2. Add the package Microsoft.Identity.Web 3.0.1
3. Add the following to the Porgram.cs:

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApi(builder.Configuration, "AzureAdB2C", JwtBearerDefaults.AuthenticationScheme, false)
    .EnableTokenAcquisitionToCallDownstreamApi()
    .AddInMemoryTokenCaches();

and run the application. No Exception is thrown even though no configuration section for "AzureAdB2C" exists.

Error message

No response

Id Web logs

No response

Relevant code snippets

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApi(builder.Configuration, "AzureAdB2C", JwtBearerDefaults.AuthenticationScheme, false)
    .EnableTokenAcquisitionToCallDownstreamApi()
    .AddInMemoryTokenCaches();

Regression

No response

Expected behavior

When the "AzureAdB2C" section is missing it should crash with an exception right away.