From 15911d751c629f2ce19961643f942ba009f95e9a Mon Sep 17 00:00:00 2001
From: Jean-Marc Prieur <jmprieur@microsoft.com>
Date: Sun, 17 Jul 2022 20:00:25 -0700
Subject: [PATCH 1/4] - In AuthenticationOptions and
 MicrosoftAuthenticationOptions, move properties were they should have been in
 the first place (when AAD specific) - Move LoggingOptions to
 Ms.Id.Web.TokenAcquisition - MicrosoftIdentityBaseAuthenticationBuilder and
 MicrosoftIdentityAppCallingWebApiAuthenticationBuilder move to
 Ms.Id.Web.TokenAcquisition - Session methods of
 MicrosoftIdentityAppCallingWebApiAuthenticationBuilder move to an extension
 method - TokenAcquisitionAspNetCore inherits from TokenAcquisition instead of
 being a partial class implementation (Could move to another assembly if we
 choose to) - AddTokenAcquisition now register ITokenAcquirer (And only this
 one in the case of framework others than .NET Core)

---
 src/Directory.Build.props                     |  2 +-
 .../Microsoft.Identity.Web.OWIN.csproj        |  1 -
 .../AuthenticationOptions.cs                  | 56 ++++++++--------
 .../MicrosoftAuthenticationOptions.cs         | 32 +++++----
 ...tyAppCallingWebApiAuthenticationBuilder.cs | 43 ------------
 .../AspNetCore/TokenAcquisition-AspnetCore.cs | 11 ++--
 .../LoggingOptions.cs                         |  0
 ...osoft.Identity.Web.TokenAcquisition.csproj |  3 +-
 ...rosoftIdentityBaseAuthenticationBuilder.cs |  0
 .../ServiceCollectionExtensions.cs            | 13 ++--
 .../TokenAcquisition.cs                       | 12 ++--
 .../Microsoft.Identity.Web.csproj             |  4 +-
 ...ppCallingWebApiAuthenticationBuilderExt.cs | 65 +++++++++++++++++++
 .../AcquireTokenForAppIntegrationTests.cs     |  2 +-
 .../ServiceCollectionExtensionsTests.cs       |  2 +-
 .../TokenAcquisitionAuthorityTests.cs         |  2 +-
 16 files changed, 139 insertions(+), 109 deletions(-)
 rename src/{Microsoft.Identity.Web/WebAppExtensions => Microsoft.Identity.Web.TokenAcquisition/AspNetCore}/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs (62%)
 rename src/{Microsoft.Identity.Web => Microsoft.Identity.Web.TokenAcquisition}/LoggingOptions.cs (100%)
 rename src/{Microsoft.Identity.Web => Microsoft.Identity.Web.TokenAcquisition}/MicrosoftIdentityBaseAuthenticationBuilder.cs (100%)
 create mode 100644 src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilderExt.cs

diff --git a/src/Directory.Build.props b/src/Directory.Build.props
index 13d4defd0..8b6fe847e 100644
--- a/src/Directory.Build.props
+++ b/src/Directory.Build.props
@@ -84,7 +84,7 @@
   </PropertyGroup>
 
   <PropertyGroup Label="Common dependency versions">
-    <IdentityModelVersion>6.20.0</IdentityModelVersion>
+    <IdentityModelVersion>6.21.0</IdentityModelVersion>
     <MicrosoftIdentityClientVersion>4.42.0</MicrosoftIdentityClientVersion>
     <FxCopAnalyzersVersion>3.3.0</FxCopAnalyzersVersion>
     <SystemTextEncodingsWebVersion>4.7.2</SystemTextEncodingsWebVersion>
diff --git a/src/Microsoft.Identity.Web.OWIN/Microsoft.Identity.Web.OWIN.csproj b/src/Microsoft.Identity.Web.OWIN/Microsoft.Identity.Web.OWIN.csproj
index b05440501..89f5c4ab7 100644
--- a/src/Microsoft.Identity.Web.OWIN/Microsoft.Identity.Web.OWIN.csproj
+++ b/src/Microsoft.Identity.Web.OWIN/Microsoft.Identity.Web.OWIN.csproj
@@ -24,7 +24,6 @@
     <PackageReleaseNotes>The release notes are available at https://github.com/AzureAD/microsoft-identity-web/releases and the roadmap at https://github.com/AzureAD/microsoft-identity-web/wiki#roadmap </PackageReleaseNotes>
     <PackageTags>Microsoft Identity Web;Microsoft identity platform;Microsoft.Identity.Web;.NET;ASP.NET Core;Web App;Web API;B2C;Azure Active Directory;AAD;Identity;Authentication;Authorization</PackageTags>
     <ProjectGuid>{2467D9A0-045B-4B45-8CCB-1AA229093F9F}</ProjectGuid>
-    <IdentityModelVersion>6.17.0</IdentityModelVersion>
   </PropertyGroup>
   <PropertyGroup Label="Source Link">
     <PublishRepositoryUrl>true</PublishRepositoryUrl>
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/AuthenticationOptions.cs b/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/AuthenticationOptions.cs
index adf770c2a..7ec3ba5ec 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/AuthenticationOptions.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/AuthenticationOptions.cs
@@ -59,6 +59,31 @@ public bool HasClientCredentials
         ///   </example>
         public IEnumerable<CredentialDescription>? ClientCredentials { get; set; }
 
+
+        /// <summary>
+        /// Specifies if the x5c claim (public key of the certificate) should be sent to the STS.
+        /// Sending the x5c enables application developers to achieve easy certificate rollover in Azure AD:
+        /// this method will send the public certificate to Azure AD along with the token request,
+        /// so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
+        /// This saves the application admin from the need to explicitly manage the certificate rollover
+        /// (either via the app registration portal or using PowerShell/CLI). 
+        /// For details see https://aka.ms/msal-net-sni.
+        /// </summary>
+        /// The default is <c>false</c>.
+        public bool SendX5C { get; set; }
+
+        /// <summary>
+        /// If set to <c>true</c>, when the user signs-in in a web app, the application Requests an auth code 
+        /// for the frontend (single page application using MSAL.js for instance). This will allow the front end
+        /// JavaScript code to bypass going to the authoriize endpoint (which requires reloading the page), by 
+        /// directly redeeming the auth code to get access tokens to call APIs.
+        /// See https://aka.ms/msal-net/spa-auth-code for details.
+        /// </summary>
+        /// The default is <c>false.</c>
+        public bool WithSpaAuthCode { get; set; }
+        #endregion
+
+        #region Web API
         /// <summary>
         /// In a web API, audience of the tokens that will be accepted by the web API.
         /// <para>If your web API accepts several audiences, see <see cref="Audiences"/></para>
@@ -88,29 +113,6 @@ public bool HasClientCredentials
         ///   </example>
         public IEnumerable<CredentialDescription>? TokenDecryptionCredentials { get; set; }
 
-        /// <summary>
-        /// Specifies if the x5c claim (public key of the certificate) should be sent to the STS.
-        /// Sending the x5c enables application developers to achieve easy certificate rollover in Azure AD:
-        /// this method will send the public certificate to Azure AD along with the token request,
-        /// so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
-        /// This saves the application admin from the need to explicitly manage the certificate rollover
-        /// (either via the app registration portal or using PowerShell/CLI). 
-        /// For details see https://aka.ms/msal-net-sni.
-        /// </summary>
-        /// The default is <c>false</c>.
-        public bool SendX5C { get; set; }
-
-        /// <summary>
-        /// If set to <c>true</c>, when the user signs-in in a web app, the application Requests an auth code 
-        /// for the frontend (single page application using MSAL.js for instance). This will allow the front end
-        /// JavaScript code to bypass going to the authoriize endpoint (which requires reloading the page), by 
-        /// directly redeeming the auth code to get access tokens to call APIs.
-        /// See https://aka.ms/msal-net/spa-auth-code for details.
-        /// </summary>
-        /// The default is <c>false.</c>
-        public bool WithSpaAuthCode { get; set; }
-        #endregion
-
         /// <summary>
         /// Web APIs called by daemon applications can validate a token based on roles (representing app permissions), 
         /// or using the ACL-based authorization pattern for the client (daemon) to the web API. If using ACL-based authorization,
@@ -119,12 +121,6 @@ public bool HasClientCredentials
         /// </summary>
         /// The default is <c>false.</c>
         public bool AllowWebApiToBeAuthorizedByACL { get; set; }
-
-        /// <summary>
-        /// Sets the Error route path.
-        /// Defaults to the value /MicrosoftIdentity/Account/Error,
-        /// which is the value used by Microsoft.Identity.Web.UI.
-        /// </summary>
-        public string ErrorPath { get; set; } = "/MicrosoftIdentity/Account/Error";
+        #endregion
     }
 }
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/MicrosoftAuthenticationOptions.cs b/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/MicrosoftAuthenticationOptions.cs
index c193a53c1..cf48ce7af 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/MicrosoftAuthenticationOptions.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/MicrosoftAuthenticationOptions.cs
@@ -20,6 +20,17 @@ public class MicrosoftAuthenticationOptions : AuthenticationOptions
         /// </summary>
         public string? TenantId { get; set; }
 
+        /// <summary>
+        /// Gets or sets the Authority to use when making OpenIdConnect calls.
+        /// </summary>
+        public override string? Authority
+        {
+            get { return _authority ?? $"{Instance}{TenantId}/v2.0"; }
+            set { _authority = value; }
+        }
+        private string? _authority;
+
+        #region Token acquisition
         /// <summary>
         /// Specifies the Azure region. See https://aka.ms/azure-region. By default
         /// the app attempts to detect the Azure region automatically (the default
@@ -32,23 +43,14 @@ public class MicrosoftAuthenticationOptions : AuthenticationOptions
         /// useful to express that the Client is capable of handling claims challenge.
         /// </summary>
         public IEnumerable<string>? ClientCapabilities { get; set; }
+        #endregion
 
-        /// <summary>
-        /// Gets or sets the Authority to use when making OpenIdConnect calls.
-        /// </summary>
-        public override string? Authority
-        {
-            get { return _authority ?? $"{Instance}{TenantId}/v2.0"; }
-            set { _authority = value; }
-        }
-        private string? _authority;
-
+        #region AADB2C
         /// <summary>
         /// Gets or sets the domain of the Azure Active Directory tenant, e.g. contoso.onmicrosoft.com.
         /// </summary>
         public string? Domain { get; set; }
 
-        #region AADB2C
         /// <summary>
         /// Gets or sets the edit profile user flow name for B2C, e.g. b2c_1_edit_profile.
         /// </summary>
@@ -76,7 +78,9 @@ internal bool IsB2C
         {
             get => !string.IsNullOrWhiteSpace(DefaultUserFlow);
         }
+        #endregion
 
+        #region Web app
         /// <summary>
         /// Sets the ResetPassword route path (from the root of the web site).
         /// Defaults to /MicrosoftIdentity/Account/ResetPassword,
@@ -85,6 +89,12 @@ internal bool IsB2C
         /// </summary>
         public string ResetPasswordPath { get; set; } = "/MicrosoftIdentity/Account/ResetPassword";
 
+        /// <summary>
+        /// Sets the Error route path.
+        /// Defaults to the value /MicrosoftIdentity/Account/Error,
+        /// which is the value used by Microsoft.Identity.Web.UI.
+        /// </summary>
+        public string ErrorPath { get; set; } = "/MicrosoftIdentity/Account/Error";
         #endregion
     }
 }
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs b/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs
similarity index 62%
rename from src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs
rename to src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs
index 94c4c2b06..4f2b687d0 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs
@@ -12,7 +12,6 @@
 using Microsoft.Identity.Web.TokenCacheProviders;
 using Microsoft.Identity.Web.TokenCacheProviders.Distributed;
 using Microsoft.Identity.Web.TokenCacheProviders.InMemory;
-using Microsoft.Identity.Web.TokenCacheProviders.Session;
 
 namespace Microsoft.Identity.Web
 {
@@ -67,47 +66,5 @@ public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder AddDistributedTokenC
             Services.AddDistributedTokenCaches();
             return this;
         }
-
-        /// <summary>
-        /// Add session token caches.
-        /// </summary>
-        /// <returns>the service collection.</returns>
-        public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder AddSessionTokenCaches()
-        {
-            // Add session if you are planning to use session based token cache
-            var sessionStoreService = Services.FirstOrDefault(x => x.ServiceType.Name == Constants.ISessionStore);
-
-            // If not added already
-            if (sessionStoreService == null)
-            {
-                Services.AddSession(option =>
-                {
-                    option.Cookie.IsEssential = true;
-                });
-            }
-            else
-            {
-                // If already added, ensure the options are set to use Cookies
-                Services.Configure<SessionOptions>(option =>
-                {
-                    option.Cookie.IsEssential = true;
-                });
-            }
-
-            Services.AddHttpContextAccessor();
-            Services.AddScoped<IMsalTokenCacheProvider, MsalSessionTokenCacheProvider>();
-            Services.TryAddScoped(provider =>
-            {
-                var httpContext = provider.GetRequiredService<IHttpContextAccessor>().HttpContext;
-                if (httpContext == null)
-                {
-                    throw new InvalidOperationException(IDWebErrorMessage.HttpContextIsNull);
-                }
-
-                return httpContext.Session;
-            });
-
-            return this;
-        }
     }
 }
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/TokenAcquisition-AspnetCore.cs b/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/TokenAcquisition-AspnetCore.cs
index 382653476..0141ba413 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/TokenAcquisition-AspnetCore.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/TokenAcquisition-AspnetCore.cs
@@ -23,7 +23,7 @@
 
 namespace Microsoft.Identity.Web
 {
-    partial class TokenAcquisition
+    internal class TokenAcquisitionAspNetCore : TokenAcquisition, ITokenAcquisition, ITokenAcquisitionInternal
     {
 
         /// <summary>
@@ -36,17 +36,14 @@ partial class TokenAcquisition
         /// <param name="httpClientFactory">HTTP client factory.</param>
         /// <param name="logger">Logger.</param>
         /// <param name="serviceProvider">Service provider.</param>
-        public TokenAcquisition(
+        public TokenAcquisitionAspNetCore(
             IMsalTokenCacheProvider tokenCacheProvider,
             IHttpClientFactory httpClientFactory,
             ILogger<TokenAcquisition> logger,
             ITokenAcquisitionHost tokenAcquisitionHost,
-            IServiceProvider serviceProvider)
+            IServiceProvider serviceProvider) :
+            base(tokenCacheProvider, tokenAcquisitionHost, httpClientFactory, logger, serviceProvider)
         {
-            _tokenCacheProvider = tokenCacheProvider;
-            _httpClientFactory = new MsalAspNetCoreHttpClientFactory(httpClientFactory);
-            _logger = logger;
-            _tokenAcquisitionHost = tokenAcquisitionHost;
         }
 
 
diff --git a/src/Microsoft.Identity.Web/LoggingOptions.cs b/src/Microsoft.Identity.Web.TokenAcquisition/LoggingOptions.cs
similarity index 100%
rename from src/Microsoft.Identity.Web/LoggingOptions.cs
rename to src/Microsoft.Identity.Web.TokenAcquisition/LoggingOptions.cs
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/Microsoft.Identity.Web.TokenAcquisition.csproj b/src/Microsoft.Identity.Web.TokenAcquisition/Microsoft.Identity.Web.TokenAcquisition.csproj
index 7b00c1a73..72d77b4d8 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/Microsoft.Identity.Web.TokenAcquisition.csproj
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/Microsoft.Identity.Web.TokenAcquisition.csproj
@@ -22,7 +22,6 @@
     <RepositoryUrl>https://github.com/AzureAD/microsoft-identity-web</RepositoryUrl>
     <PackageReleaseNotes>The release notes are available at https://github.com/AzureAD/microsoft-identity-web/releases and the roadmap at https://github.com/AzureAD/microsoft-identity-web/wiki#roadmap </PackageReleaseNotes>
     <PackageTags>Microsoft Identity Web;Microsoft identity platform;Microsoft.Identity.Web;.NET;ASP.NET Core;Web App;Web API;B2C;Azure Active Directory;AAD;Identity;Authentication;Authorization</PackageTags>
-    <IdentityModelVersion>6.17.0</IdentityModelVersion>
   </PropertyGroup>
   <PropertyGroup Label="Source Link">
     <PublishRepositoryUrl>true</PublishRepositoryUrl>
@@ -100,10 +99,12 @@
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="3.1.18" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="3.1.18" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelVersion)" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="3.1.3" />
   </ItemGroup>
   
   <ItemGroup>
     <PackageReference Include="Microsoft.IdentityModel.Logging" Version="$(IdentityModelVersion)" />
+    <PackageReference Include="Microsoft.IdentityModel.LoggingExtensions" Version="$(IdentityModelVersion)" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="$(IdentityModelVersion)" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="3.1.3" />
     <PackageReference Include="System.Text.Encodings.Web" Version="5.0.1" />
diff --git a/src/Microsoft.Identity.Web/MicrosoftIdentityBaseAuthenticationBuilder.cs b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs
similarity index 100%
rename from src/Microsoft.Identity.Web/MicrosoftIdentityBaseAuthenticationBuilder.cs
rename to src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/ServiceCollectionExtensions.cs b/src/Microsoft.Identity.Web.TokenAcquisition/ServiceCollectionExtensions.cs
index 7ff5ccbfc..e5b5db92a 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/ServiceCollectionExtensions.cs
@@ -62,26 +62,31 @@ public static IServiceCollection AddTokenAcquisition(
             // Token acquisition service
             if (isTokenAcquisitionSingleton)
             {
-                services.AddSingleton<ITokenAcquisition, TokenAcquisition>();
-                services.AddSingleton(s => (ITokenAcquirer)s.GetRequiredService<ITokenAcquisition>());
 #if !NET472 && !NET462
                 services.AddHttpContextAccessor();
+                services.AddSingleton<ITokenAcquisition, TokenAcquisitionAspNetCore>();
+                services.AddSingleton(s => (ITokenAcquirer)s.GetRequiredService<ITokenAcquisition>());
+
                 services.AddSingleton<ITokenAcquisitionHost, TokenAcquisitionAspnetCoreHost>();
                 services.AddSingleton(s => (ITokenAcquisitionInternal)s.GetRequiredService<ITokenAcquisition>());
 #else
                 services.AddSingleton<ITokenAcquisitionHost, PlainDotNetTokenAcquisitionHost>();
+                services.AddSingleton<ITokenAcquirer, TokenAcquisition>();
 #endif
             }
             else
             {
-                services.AddScoped<ITokenAcquisition, TokenAcquisition>();
-                services.AddScoped(s => (ITokenAcquirer)s.GetRequiredService<ITokenAcquisition>());
 #if !NET472 && !NET462
                 services.AddHttpContextAccessor();
+
+                services.AddScoped<ITokenAcquisition, TokenAcquisitionAspNetCore>();
+                services.AddScoped(s => (ITokenAcquirer)s.GetRequiredService<ITokenAcquisition>());
+
                 services.AddScoped<ITokenAcquisitionHost, TokenAcquisitionAspnetCoreHost>();
                 services.AddScoped(s => (ITokenAcquisitionInternal)s.GetRequiredService<ITokenAcquisition>());
 #else
                 services.AddScoped<ITokenAcquisitionHost, PlainDotNetTokenAcquisitionHost>();
+                services.AddSingleton<ITokenAcquirer, TokenAcquisition>();
 #endif
             }
 
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs
index 4d75e2f0a..c16ea40ba 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs
@@ -28,7 +28,7 @@ namespace Microsoft.Identity.Web
     /// <summary>
     /// Token acquisition service.
     /// </summary>
-    internal partial class TokenAcquisition : ITokenAcquisition, ITokenAcquisitionInternal, ITokenAcquirer
+    internal partial class TokenAcquisition : ITokenAcquirer
     {
 #if NET472 || NET462
         class OAuthConstants
@@ -37,7 +37,7 @@ class OAuthConstants
         }
 #endif
 
-        private readonly IMsalTokenCacheProvider _tokenCacheProvider;
+        protected readonly IMsalTokenCacheProvider _tokenCacheProvider;
 
         private readonly object _applicationSyncObj = new object();
 
@@ -46,10 +46,10 @@ class OAuthConstants
         /// </summary>
         private ConcurrentDictionary<string, IConfidentialClientApplication?> _applicationsByAuthorityClientId = new ConcurrentDictionary<string, IConfidentialClientApplication?>();
         private bool _retryClientCertificate;
-        private readonly IMsalHttpClientFactory _httpClientFactory;
-        private readonly ILogger _logger;
+        protected readonly IMsalHttpClientFactory _httpClientFactory;
+        protected readonly ILogger _logger;
         private readonly IServiceProvider _serviceProvider;
-        private readonly ITokenAcquisitionHost _tokenAcquisitionHost;
+        protected readonly ITokenAcquisitionHost _tokenAcquisitionHost;
 
         /// <summary>
         /// Scopes which are already requested by MSAL.NET. They should not be re-requested;.
@@ -856,7 +856,7 @@ private Task<AuthenticationResult> GetAuthenticationResultForWebAppWithAccountFr
             return builder.ExecuteAsync(tokenAcquisitionOptions != null ? tokenAcquisitionOptions.CancellationToken : CancellationToken.None);
         }
 
-        private static bool AcceptedTokenVersionMismatch(MsalUiRequiredException msalServiceException)
+        protected static bool AcceptedTokenVersionMismatch(MsalUiRequiredException msalServiceException)
         {
             // Normally app developers should not make decisions based on the internal AAD code
             // however until the STS sends sub-error codes for this error, this is the only
diff --git a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
index 13ec1b6e4..90a058c6b 100644
--- a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
+++ b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
@@ -25,8 +25,8 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.IdentityModel.LoggingExtensions" Version="$(IdentityModelVersion)" />
-    <PackageReference Include="Microsoft.IdentityModel.Logging" Version="$(IdentityModelVersion)" />
+    <!--<PackageReference Include="Microsoft.IdentityModel.LoggingExtensions" Version="$(IdentityModelVersion)" />
+    <PackageReference Include="Microsoft.IdentityModel.Logging" Version="$(IdentityModelVersion)" />-->
     <PackageReference Include="Microsoft.IdentityModel.Validators" Version="$(IdentityModelVersion)" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelVersion)" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="$(IdentityModelVersion)" />
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilderExt.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilderExt.cs
new file mode 100644
index 000000000..55dc5c0a6
--- /dev/null
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilderExt.cs
@@ -0,0 +1,65 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Linq;
+using System.Runtime.CompilerServices;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Caching.Memory;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Microsoft.Identity.Web.TokenCacheProviders;
+using Microsoft.Identity.Web.TokenCacheProviders.Distributed;
+using Microsoft.Identity.Web.TokenCacheProviders.InMemory;
+using Microsoft.Identity.Web.TokenCacheProviders.Session;
+
+namespace Microsoft.Identity.Web
+{
+    /// <summary>
+    /// Authentication builder returned by the EnableTokenAcquisitionToCallDownstreamApi methods
+    /// enabling you to decide token cache implementations.
+    /// </summary>
+    public static class MicrosoftIdentityAppCallsWebApiAuthenticationBuilderExtension
+    {
+        /// <returns>the service collection.</returns>
+        public static MicrosoftIdentityAppCallsWebApiAuthenticationBuilder AddSessionTokenCaches(this MicrosoftIdentityAppCallsWebApiAuthenticationBuilder builder)
+        {
+            // Add session if you are planning to use session based token cache
+            var sessionStoreService = builder.Services.FirstOrDefault(x => x.ServiceType.Name == Constants.ISessionStore);
+
+            // If not added already
+            if (sessionStoreService == null)
+            {
+                builder.Services.AddSession(option =>
+                {
+                    option.Cookie.IsEssential = true;
+                });
+            }
+            else
+            {
+                // If already added, ensure the options are set to use Cookies
+                builder.Services.Configure<SessionOptions>(option =>
+                {
+                    option.Cookie.IsEssential = true;
+                });
+            }
+
+            builder.Services.AddHttpContextAccessor();
+            builder.Services.AddScoped<IMsalTokenCacheProvider, MsalSessionTokenCacheProvider>();
+            builder.Services.TryAddScoped(provider =>
+            {
+                var httpContext = provider.GetRequiredService<IHttpContextAccessor>().HttpContext;
+                if (httpContext == null)
+                {
+                    throw new InvalidOperationException(IDWebErrorMessage.HttpContextIsNull);
+                }
+
+                return httpContext.Session;
+            });
+
+            return builder;
+        }
+    }
+}
diff --git a/tests/Microsoft.Identity.Web.Test.Integration/AcquireTokenForAppIntegrationTests.cs b/tests/Microsoft.Identity.Web.Test.Integration/AcquireTokenForAppIntegrationTests.cs
index a1ba2dbc5..a9a18b5f4 100644
--- a/tests/Microsoft.Identity.Web.Test.Integration/AcquireTokenForAppIntegrationTests.cs
+++ b/tests/Microsoft.Identity.Web.Test.Integration/AcquireTokenForAppIntegrationTests.cs
@@ -258,7 +258,7 @@ private void InitializeTokenAcquisitionObjects()
                 _provider.GetService<IOptionsMonitor<MergedOptions>>(),
                 _provider.GetService<ILogger<TokenAcquisition>>(),
                 _provider);
-            _tokenAcquisition = new TokenAcquisition(
+            _tokenAcquisition = new TokenAcquisitionAspNetCore(
                  _msalTestTokenCacheProvider,
                  _provider.GetService<IHttpClientFactory>(),
                  _provider.GetService<ILogger<TokenAcquisition>>(),
diff --git a/tests/Microsoft.Identity.Web.Test/ServiceCollectionExtensionsTests.cs b/tests/Microsoft.Identity.Web.Test/ServiceCollectionExtensionsTests.cs
index bbbe155e8..d1aa040ac 100644
--- a/tests/Microsoft.Identity.Web.Test/ServiceCollectionExtensionsTests.cs
+++ b/tests/Microsoft.Identity.Web.Test/ServiceCollectionExtensionsTests.cs
@@ -40,7 +40,7 @@ public void AddTokenAcquisition_AddsWithCorrectLifetime()
                {
                    Assert.Equal(ServiceLifetime.Scoped, actual.Lifetime);
                    Assert.Equal(typeof(ITokenAcquisition), actual.ServiceType);
-                   Assert.Equal(typeof(TokenAcquisition), actual.ImplementationType);
+                   Assert.Equal(typeof(TokenAcquisitionAspNetCore), actual.ImplementationType);
                    Assert.Null(actual.ImplementationInstance);
                    Assert.Null(actual.ImplementationFactory);
                },
diff --git a/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs b/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs
index ead88a2cd..81395598e 100644
--- a/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs
+++ b/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs
@@ -34,7 +34,7 @@ private void InitializeTokenAcquisitionObjects()
                 _provider.GetService<IOptionsMonitor<MergedOptions>>(),
                 _provider.GetService<ILogger<TokenAcquisition>>(),
                 _provider);
-            _tokenAcquisition = new TokenAcquisition(
+            _tokenAcquisition = new TokenAcquisitionAspNetCore(
                 new MsalTestTokenCacheProvider(
                 _provider.GetService<IMemoryCache>(),
                 _provider.GetService<IOptions<MsalMemoryTokenCacheOptions>>()),

From 62632a4762f4f76124b52f14f0bc448dbcc197c2 Mon Sep 17 00:00:00 2001
From: Jean-Marc Prieur <jmprieur@microsoft.com>
Date: Sun, 17 Jul 2022 20:33:29 -0700
Subject: [PATCH 2/4] - OwinWebApi now is 472 - OwinWebApp updates to
 Web.Config and project - Ms.Id.Web.MicrosoftGraph now references
 Ms.Id.Web.TokenAcquisition (no longer Ms.Id.Web)

---
 ...crosoft.Identity.Web.MicrosoftGraph.csproj |   2 +-
 ...oft.Identity.Web.MicrosoftGraphBeta.csproj |   2 +-
 tests/aspnet-mvc/OwinWebApi/OwinWebApi.csproj |   2 +-
 tests/aspnet-mvc/OwinWebApi/Web.config        | 258 +-----------------
 tests/aspnet-mvc/OwinWebApp/OwinWebApp.csproj |   3 -
 tests/aspnet-mvc/OwinWebApp/Web.config        |  23 +-
 6 files changed, 30 insertions(+), 260 deletions(-)

diff --git a/src/Microsoft.Identity.Web.MicrosoftGraph/Microsoft.Identity.Web.MicrosoftGraph.csproj b/src/Microsoft.Identity.Web.MicrosoftGraph/Microsoft.Identity.Web.MicrosoftGraph.csproj
index 590d25e8f..72686b325 100644
--- a/src/Microsoft.Identity.Web.MicrosoftGraph/Microsoft.Identity.Web.MicrosoftGraph.csproj
+++ b/src/Microsoft.Identity.Web.MicrosoftGraph/Microsoft.Identity.Web.MicrosoftGraph.csproj
@@ -20,7 +20,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <ProjectReference Include="..\Microsoft.Identity.Web\Microsoft.Identity.Web.csproj" />
+    <ProjectReference Include="..\Microsoft.Identity.Web.TokenAcquisition\Microsoft.Identity.Web.TokenAcquisition.csproj" />
   </ItemGroup>
 
   <PropertyGroup>
diff --git a/src/Microsoft.Identity.Web.MicrosoftGraphBeta/Microsoft.Identity.Web.MicrosoftGraphBeta.csproj b/src/Microsoft.Identity.Web.MicrosoftGraphBeta/Microsoft.Identity.Web.MicrosoftGraphBeta.csproj
index 7da03d292..b191ebc9d 100644
--- a/src/Microsoft.Identity.Web.MicrosoftGraphBeta/Microsoft.Identity.Web.MicrosoftGraphBeta.csproj
+++ b/src/Microsoft.Identity.Web.MicrosoftGraphBeta/Microsoft.Identity.Web.MicrosoftGraphBeta.csproj
@@ -28,7 +28,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <ProjectReference Include="..\Microsoft.Identity.Web\Microsoft.Identity.Web.csproj" />
+    <ProjectReference Include="..\Microsoft.Identity.Web.TokenAcquisition\Microsoft.Identity.Web.TokenAcquisition.csproj" />
   </ItemGroup>
 
 </Project>
diff --git a/tests/aspnet-mvc/OwinWebApi/OwinWebApi.csproj b/tests/aspnet-mvc/OwinWebApi/OwinWebApi.csproj
index 660332439..f8694eae4 100644
--- a/tests/aspnet-mvc/OwinWebApi/OwinWebApi.csproj
+++ b/tests/aspnet-mvc/OwinWebApi/OwinWebApi.csproj
@@ -13,7 +13,7 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>OwinWebApi</RootNamespace>
     <AssemblyName>OwinWebApi</AssemblyName>
-    <TargetFrameworkVersion>v4.6.2</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
     <MvcBuildViews>false</MvcBuildViews>
     <UseIISExpress>true</UseIISExpress>
     <Use64BitIISExpress />
diff --git a/tests/aspnet-mvc/OwinWebApi/Web.config b/tests/aspnet-mvc/OwinWebApi/Web.config
index 6f81f8fd6..01e7b9a6d 100644
--- a/tests/aspnet-mvc/OwinWebApi/Web.config
+++ b/tests/aspnet-mvc/OwinWebApi/Web.config
@@ -20,238 +20,6 @@
   </system.webServer>
   <runtime>
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
-			<dependentAssembly>
-				<assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.2.1.0" newVersion="4.2.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="Microsoft.Owin" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.2.1.0" newVersion="4.2.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="Microsoft.IdentityModel.Validators" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-6.19.0.0" newVersion="6.19.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="Microsoft.IdentityModel.JsonWebTokens" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-6.19.0.0" newVersion="6.19.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Security.Cryptography.X509Certificates" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.2.0" newVersion="4.1.2.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Security.Claims" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Xml.XPath.XDocument" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Xml.XmlSerializer" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Xml.XDocument" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Xml.ReaderWriter" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.1.0" newVersion="4.1.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Threading.Timer" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Threading.Tasks.Parallel" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Threading.Tasks" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Threading.Overlapped" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Threading" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Text.RegularExpressions" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.1.0" newVersion="4.1.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Text.Encoding.Extensions" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Text.Encoding" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Security.SecureString" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Security.Principal" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Security.Cryptography.Algorithms" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.3.0.0" newVersion="4.3.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Runtime.Serialization.Xml" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.3.0" newVersion="4.1.3.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Runtime.Serialization.Primitives" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Runtime.Serialization.Json" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Runtime.Numerics" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Runtime.InteropServices" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.2.0" newVersion="4.1.2.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Runtime.Extensions" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.2.0" newVersion="4.1.2.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Runtime" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.2.0" newVersion="4.1.2.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Resources.ResourceManager" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Reflection.Primitives" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Reflection.Extensions" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Reflection" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.2.0" newVersion="4.1.2.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.ObjectModel" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Net.Sockets" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Net.Requests" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Net.Primitives" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Net.NetworkInformation" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.2.0" newVersion="4.1.2.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Net.Http" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Linq.Queryable" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Linq.Parallel" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Linq.Expressions" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.2.0" newVersion="4.1.2.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Linq" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.2.0" newVersion="4.1.2.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.IO" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.2.0" newVersion="4.1.2.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.IO.Compression" publicKeyToken="B77A5C561934E089" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Globalization.Extensions" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Globalization" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Dynamic.Runtime" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Diagnostics.Tracing" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Diagnostics.Tools" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Diagnostics.StackTrace" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Diagnostics.Debug" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Diagnostics.Contracts" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Data.Common" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.2.0.0" newVersion="4.2.0.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.ComponentModel.EventBasedAsync" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.ComponentModel" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.1.0" newVersion="4.0.1.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Collections" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Collections.Concurrent" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.11.0" newVersion="4.0.11.0"/>
-			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="System.Runtime.InteropServices.RuntimeInformation" publicKeyToken="B03F5F7F11D50A3A" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-4.0.2.0" newVersion="4.0.2.0"/>
-			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="WebGrease" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
 				<bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930"/>
@@ -282,7 +50,7 @@
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-6.19.0.0" newVersion="6.19.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-6.21.0.0" newVersion="6.21.0.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="CC7B13FFCD2DDD51" culture="neutral"/>
@@ -296,13 +64,9 @@
 				<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30AD4FE6B2A6AEED" culture="neutral"/>
 				<bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0"/>
 			</dependentAssembly>
-			<dependentAssembly>
-				<assemblyIdentity name="Microsoft.IdentityModel.Validators" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-6.19.0.0" newVersion="6.19.0.0"/>
-			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-6.19.0.0" newVersion="6.19.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-6.21.0.0" newVersion="6.21.0.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.IdentityModel.Protocols.WsFederation" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
@@ -310,15 +74,15 @@
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.IdentityModel.Protocols.OpenIdConnect" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-6.19.0.0" newVersion="6.19.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-6.21.0.0" newVersion="6.21.0.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.IdentityModel.Protocols" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-6.19.0.0" newVersion="6.19.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-6.21.0.0" newVersion="6.21.0.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-6.19.0.0" newVersion="6.19.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-6.21.0.0" newVersion="6.21.0.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0A613F4DD989E8AE" culture="neutral"/>
@@ -342,11 +106,11 @@
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Extensions.FileSystemGlobbing" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-3.1.24.0" newVersion="3.1.24.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Extensions.FileProviders.Physical" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-3.1.24.0" newVersion="3.1.24.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Extensions.FileProviders.Abstractions" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
@@ -358,10 +122,14 @@
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Extensions.Configuration.Json" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-3.1.24.0" newVersion="3.1.24.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Extensions.Configuration.FileExtensions" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
+				<bindingRedirect oldVersion="0.0.0.0-3.1.24.0" newVersion="3.1.24.0"/>
+			</dependentAssembly>
+			<dependentAssembly>
+				<assemblyIdentity name="Microsoft.Extensions.Configuration.Binder" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
 				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
@@ -370,7 +138,7 @@
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Extensions.Configuration" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-3.1.24.0" newVersion="3.1.24.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Bcl.AsyncInterfaces" publicKeyToken="CC7B13FFCD2DDD51" culture="neutral"/>
diff --git a/tests/aspnet-mvc/OwinWebApp/OwinWebApp.csproj b/tests/aspnet-mvc/OwinWebApp/OwinWebApp.csproj
index bc2d26e69..afe76f603 100644
--- a/tests/aspnet-mvc/OwinWebApp/OwinWebApp.csproj
+++ b/tests/aspnet-mvc/OwinWebApp/OwinWebApp.csproj
@@ -166,9 +166,6 @@
     <PackageReference Include="Microsoft.IdentityModel.Protocol.Extensions">
       <Version>1.0.4.403061554</Version>
     </PackageReference>
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect">
-      <Version>6.20.0</Version>
-    </PackageReference>
     <PackageReference Include="Microsoft.jQuery.Unobtrusive.Validation">
       <Version>3.2.11</Version>
     </PackageReference>
diff --git a/tests/aspnet-mvc/OwinWebApp/Web.config b/tests/aspnet-mvc/OwinWebApp/Web.config
index 8cabf277c..2b8fd6ccf 100644
--- a/tests/aspnet-mvc/OwinWebApp/Web.config
+++ b/tests/aspnet-mvc/OwinWebApp/Web.config
@@ -51,7 +51,7 @@
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-6.20.0.0" newVersion="6.20.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-6.21.0.0" newVersion="6.21.0.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="CC7B13FFCD2DDD51" culture="neutral"/>
@@ -67,7 +67,7 @@
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-6.20.0.0" newVersion="6.20.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-6.21.0.0" newVersion="6.21.0.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.IdentityModel.Protocols.WsFederation" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
@@ -75,15 +75,15 @@
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.IdentityModel.Protocols.OpenIdConnect" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-6.20.0.0" newVersion="6.20.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-6.21.0.0" newVersion="6.21.0.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.IdentityModel.Protocols" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-6.20.0.0" newVersion="6.20.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-6.21.0.0" newVersion="6.21.0.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-6.20.0.0" newVersion="6.20.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-6.21.0.0" newVersion="6.21.0.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Identity.Client" publicKeyToken="0A613F4DD989E8AE" culture="neutral"/>
@@ -107,11 +107,11 @@
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Extensions.FileSystemGlobbing" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-3.1.24.0" newVersion="3.1.24.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Extensions.FileProviders.Physical" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-3.1.24.0" newVersion="3.1.24.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Extensions.FileProviders.Abstractions" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
@@ -123,10 +123,14 @@
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Extensions.Configuration.Json" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-3.1.24.0" newVersion="3.1.24.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Extensions.Configuration.FileExtensions" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
+				<bindingRedirect oldVersion="0.0.0.0-3.1.24.0" newVersion="3.1.24.0"/>
+			</dependentAssembly>
+			<dependentAssembly>
+				<assemblyIdentity name="Microsoft.Extensions.Configuration.Binder" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
 				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
@@ -135,7 +139,7 @@
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Extensions.Configuration" publicKeyToken="ADB9793829DDAE60" culture="neutral"/>
-				<bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0"/>
+				<bindingRedirect oldVersion="0.0.0.0-3.1.24.0" newVersion="3.1.24.0"/>
 			</dependentAssembly>
 			<dependentAssembly>
 				<assemblyIdentity name="Microsoft.Bcl.AsyncInterfaces" publicKeyToken="CC7B13FFCD2DDD51" culture="neutral"/>
@@ -150,6 +154,7 @@
 				<bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2"/>
 			</dependentAssembly>
 			
+			
     </assemblyBinding>
   </runtime>
   <system.codedom>

From 1ce3523cddcc9a62cf53e772a0a38bb3a7d35b77 Mon Sep 17 00:00:00 2001
From: Jean-Marc Prieur <jmprieur@microsoft.com>
Date: Mon, 18 Jul 2022 13:59:55 -0700
Subject: [PATCH 3/4] PR review

---
 .../Microsoft.Identity.Web.csproj                  |  7 ++-----
 ...tityAppCallingWebApiAuthenticationBuilderExt.cs | 14 +++++++++++---
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
index 90a058c6b..505231644 100644
--- a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
+++ b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
@@ -25,14 +25,11 @@
   </ItemGroup>
 
   <ItemGroup>
-    <!--<PackageReference Include="Microsoft.IdentityModel.LoggingExtensions" Version="$(IdentityModelVersion)" />
-    <PackageReference Include="Microsoft.IdentityModel.Logging" Version="$(IdentityModelVersion)" />-->
     <PackageReference Include="Microsoft.IdentityModel.Validators" Version="$(IdentityModelVersion)" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="$(IdentityModelVersion)" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="$(IdentityModelVersion)" />
-    <!--<PackageReference Include="System.Text.Encodings.Web" Version="$(SystemTextEncodingsWebVersion)" />-->
-    <PackageReference Include="Microsoft.Extensions.Http" Version="3.1.3" />
-    <PackageReference Include="System.Text.Encodings.Web" Version="5.0.1" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="$(MicrosoftExtensionsHttpVersion)" />
+    <PackageReference Include="System.Text.Encodings.Web" Version="$(SystemTextEncodingsWebVersion)" />
 
   </ItemGroup>
 
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilderExt.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilderExt.cs
index 55dc5c0a6..bffffa04b 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilderExt.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityAppCallingWebApiAuthenticationBuilderExt.cs
@@ -23,9 +23,17 @@ namespace Microsoft.Identity.Web
     /// </summary>
     public static class MicrosoftIdentityAppCallsWebApiAuthenticationBuilderExtension
     {
-        /// <returns>the service collection.</returns>
-        public static MicrosoftIdentityAppCallsWebApiAuthenticationBuilder AddSessionTokenCaches(this MicrosoftIdentityAppCallsWebApiAuthenticationBuilder builder)
+        /// <summary>
+        /// Add a token cache based on session cookies
+        /// </summary>
+        /// <param name="builder"></param>
+        /// <returns>The service collection</returns>
+        public static IServiceCollection AddSessionTokenCaches(this MicrosoftIdentityAppCallsWebApiAuthenticationBuilder builder)
         {
+            if (builder is null)
+            {
+                throw new ArgumentNullException(nameof(builder));
+            }
             // Add session if you are planning to use session based token cache
             var sessionStoreService = builder.Services.FirstOrDefault(x => x.ServiceType.Name == Constants.ISessionStore);
 
@@ -59,7 +67,7 @@ public static MicrosoftIdentityAppCallsWebApiAuthenticationBuilder AddSessionTok
                 return httpContext.Session;
             });
 
-            return builder;
+            return builder.Services;
         }
     }
 }

From eb2d92a5f3aabc7821a9748d5e796fc8fd12c455 Mon Sep 17 00:00:00 2001
From: Jean-Marc Prieur <jmprieur@microsoft.com>
Date: Mon, 18 Jul 2022 14:08:37 -0700
Subject: [PATCH 4/4] Adressing PR comment

---
 .../ApplicationOptions/AuthenticationOptions.cs             | 4 ++--
 .../ApplicationOptions/MicrosoftAuthenticationOptions.cs    | 6 +++---
 .../ServiceCollectionExtensions.cs                          | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/AuthenticationOptions.cs b/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/AuthenticationOptions.cs
index 7ec3ba5ec..a679da9d1 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/AuthenticationOptions.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/AuthenticationOptions.cs
@@ -81,7 +81,7 @@ public bool HasClientCredentials
         /// </summary>
         /// The default is <c>false.</c>
         public bool WithSpaAuthCode { get; set; }
-        #endregion
+        #endregion Token Acquisition
 
         #region Web API
         /// <summary>
@@ -121,6 +121,6 @@ public bool HasClientCredentials
         /// </summary>
         /// The default is <c>false.</c>
         public bool AllowWebApiToBeAuthorizedByACL { get; set; }
-        #endregion
+        #endregion Web API
     }
 }
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/MicrosoftAuthenticationOptions.cs b/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/MicrosoftAuthenticationOptions.cs
index cf48ce7af..f9c194010 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/MicrosoftAuthenticationOptions.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition.Abstractions/ApplicationOptions/MicrosoftAuthenticationOptions.cs
@@ -43,7 +43,7 @@ public override string? Authority
         /// useful to express that the Client is capable of handling claims challenge.
         /// </summary>
         public IEnumerable<string>? ClientCapabilities { get; set; }
-        #endregion
+        #endregion Token acquisition
 
         #region AADB2C
         /// <summary>
@@ -78,7 +78,7 @@ internal bool IsB2C
         {
             get => !string.IsNullOrWhiteSpace(DefaultUserFlow);
         }
-        #endregion
+        #endregion AADB2C
 
         #region Web app
         /// <summary>
@@ -95,6 +95,6 @@ internal bool IsB2C
         /// which is the value used by Microsoft.Identity.Web.UI.
         /// </summary>
         public string ErrorPath { get; set; } = "/MicrosoftIdentity/Account/Error";
-        #endregion
+        #endregion Web app
     }
 }
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/ServiceCollectionExtensions.cs b/src/Microsoft.Identity.Web.TokenAcquisition/ServiceCollectionExtensions.cs
index e5b5db92a..b5d064de0 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/ServiceCollectionExtensions.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/ServiceCollectionExtensions.cs
@@ -86,7 +86,7 @@ public static IServiceCollection AddTokenAcquisition(
                 services.AddScoped(s => (ITokenAcquisitionInternal)s.GetRequiredService<ITokenAcquisition>());
 #else
                 services.AddScoped<ITokenAcquisitionHost, PlainDotNetTokenAcquisitionHost>();
-                services.AddSingleton<ITokenAcquirer, TokenAcquisition>();
+                services.AddScoped<ITokenAcquirer, TokenAcquisition>();
 #endif
             }