Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update to msal4.30 + pkce support #1152

Merged
merged 2 commits into from
Apr 22, 2021
Merged

update to msal4.30 + pkce support #1152

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9e23990
update to msal4.30 + pkce support
jennyf19 Apr 20, 2021
57943bb
re-add pcke option
jennyf19 Apr 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
<PackageReference Include="Microsoft.Identity.Client" Version="4.29.0" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.30.0" />

<PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.205">
<PrivateAssets>all</PrivateAssets>
Expand Down
5 changes: 4 additions & 1 deletion src/Microsoft.Identity.Web/TokenAcquisition.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
using System.Security.Claims;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication.OAuth;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.AspNetCore.Http;
Expand Down Expand Up @@ -151,12 +152,14 @@ public async Task AddAccountToCacheFromAuthorizationCodeAsync(
{
var application = GetOrBuildConfidentialClientApplication();

context.TokenEndpointRequest.Parameters.TryGetValue(OAuthConstants.CodeVerifierKey, out string? codeVerifier);
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can move this inline, but left for testing.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's clear.

// Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it and will not send the OAuth 2.0 request in
// case a further call to AcquireTokenByAuthorizationCodeAsync in the future is required for incremental consent (getting a code requesting more scopes)
// Share the ID token though
var builder = application
.AcquireTokenByAuthorizationCode(scopes.Except(_scopesRequestedByMsal), context.ProtocolMessage.Code)
.WithSendX5C(_microsoftIdentityOptions.SendX5C);
.WithSendX5C(_microsoftIdentityOptions.SendX5C)
.WithPkceCodeVerifier(codeVerifier);

if (_microsoftIdentityOptions.IsB2C)
{
Expand Down
1 change: 0 additions & 1 deletion src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,6 @@ internal static void WebAppCallsWebApiImplementation(
.Configure<IServiceProvider>((options, serviceProvider) =>
{
options.ResponseType = OpenIdConnectResponseType.Code;
options.UsePkce = false;

// This scope is needed to get a refresh token when users sign-in with their Microsoft personal accounts
// It's required by MSAL.NET and automatically provided when users sign-in with work or school accounts
Expand Down