From 34b0c4b4a8e1b69c184aaff9f281ffb839cbb18d Mon Sep 17 00:00:00 2001
From: Westin Musser <westinmusser@microsoft.com>
Date: Wed, 19 Apr 2023 11:27:51 -0700
Subject: [PATCH 01/13] make project trimmable

---
 src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
index fcea699e4..98c762fdf 100644
--- a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
+++ b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
@@ -11,6 +11,7 @@
 
   <PropertyGroup>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+    <PublishTrimmed>true</PublishTrimmed>
   </PropertyGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'net6.0' or '$(TargetFramework)' == 'net7.0' or '$(TargetFramework)' == 'netcoreapp3.1'">

From cc78b8234b6d0664568f60f0a3d93cdb501b0f46 Mon Sep 17 00:00:00 2001
From: Westin Musser <westinmusser@microsoft.com>
Date: Mon, 24 Apr 2023 09:12:15 -0700
Subject: [PATCH 02/13] Enable trimming on lower level libraries

---
 .../Microsoft.Identity.Web.Certificate.csproj                | 5 +++++
 .../Microsoft.Identity.Web.Certificateless.csproj            | 2 ++
 .../Microsoft.Identity.Web.Diagnostics.csproj                | 2 ++
 3 files changed, 9 insertions(+)

diff --git a/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj b/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj
index 877b79a5c..643ea7f24 100644
--- a/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj
+++ b/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj
@@ -6,6 +6,11 @@
     <ProjectGuid>{1E0B96CD-FDBF-482C-996A-775F691D984E}</ProjectGuid>
   </PropertyGroup>
 
+  <PropertyGroup>
+    <PublishTrimmed>true</PublishTrimmed>
+    <EnableTrimAnalyzer>true</EnableTrimAnalyzer>
+  </PropertyGroup>
+  
   <ItemGroup>
     <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="$(AzureSecurityKeyVaultSecretsVersion)" />
     <PackageReference Include="Azure.Identity" Version="$(AzureIdentityVersion)" />
diff --git a/src/Microsoft.Identity.Web.Certificateless/Microsoft.Identity.Web.Certificateless.csproj b/src/Microsoft.Identity.Web.Certificateless/Microsoft.Identity.Web.Certificateless.csproj
index e9ade8f95..9369f10f5 100644
--- a/src/Microsoft.Identity.Web.Certificateless/Microsoft.Identity.Web.Certificateless.csproj
+++ b/src/Microsoft.Identity.Web.Certificateless/Microsoft.Identity.Web.Certificateless.csproj
@@ -8,6 +8,8 @@
 
   <PropertyGroup>
     <TargetFrameworks>netstandard2.0</TargetFrameworks>
+    <PublishTrimmed>true</PublishTrimmed>
+    <EnableTrimAnalyzer>true</EnableTrimAnalyzer>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.Identity.Web.Diagnostics/Microsoft.Identity.Web.Diagnostics.csproj b/src/Microsoft.Identity.Web.Diagnostics/Microsoft.Identity.Web.Diagnostics.csproj
index b3258dbe8..1e704cc95 100644
--- a/src/Microsoft.Identity.Web.Diagnostics/Microsoft.Identity.Web.Diagnostics.csproj
+++ b/src/Microsoft.Identity.Web.Diagnostics/Microsoft.Identity.Web.Diagnostics.csproj
@@ -3,5 +3,7 @@
   <PropertyGroup>
     <ImplicitUsings>disable</ImplicitUsings>
     <Nullable>enable</Nullable>
+    <PublishTrimmed>true</PublishTrimmed>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 </Project>

From fb5ce25b198541fe3f26cd6d53056ca708eb8681 Mon Sep 17 00:00:00 2001
From: Westin Musser <westinmusser@microsoft.com>
Date: Mon, 24 Apr 2023 13:48:18 -0700
Subject: [PATCH 03/13] Add attribute to acknowledge unreferenced code

first pass over code to address trim warnings
---
 Directory.Build.props                         |  4 +++
 .../Microsoft.Identity.Web.Certificate.csproj |  5 ----
 .../Microsoft.Identity.Web.Diagnostics.csproj |  2 --
 .../ApplicationBuilderExtensions.cs           |  4 +++
 .../AspNetCore/TokenAcquisition-AspnetCore.cs |  4 +++
 .../ClientInfo.cs                             |  7 +++++
 .../ITokenAcquisitionInternal.cs              |  4 +++
 ...tyAppCallingWebApiAuthenticationBuilder.cs |  4 +++
 ...rosoftIdentityBaseAuthenticationBuilder.cs |  5 ++++
 .../TokenAcquirerFactory.cs                   |  7 +++++
 .../TokenAcquisition.cs                       |  4 +++
 .../WebApiBuilders.cs                         |  4 +++
 .../AuthorizeForScopesAttribute.cs            |  4 +++
 .../DownstreamWebApi.cs                       |  4 +++
 .../DownstreamWebApiExtensions.cs             |  4 +++
 .../DownstreamWebApiGenericExtensions.cs      | 27 +++++++++++++++++--
 .../IDownstreamWebApi.cs                      |  7 +++++
 ...ssageHandlerHttpClientBuilderExtensions.cs |  7 +++++
 .../Microsoft.Identity.Web.csproj             |  1 -
 .../Policy/ScopeAuthorizationHandler.cs       |  4 +++
 ...copeOrAppPermissionAuthorizationHandler.cs |  4 +++
 ...softIdentityWebApiAuthenticationBuilder.cs | 10 +++++++
 ...tyWebApiAuthenticationBuilderExtensions.cs | 11 ++++++++
 ...iAuthenticationBuilderWithConfiguration.cs |  8 ++++++
 ...entityWebApiServiceCollectionExtensions.cs |  5 ++++
 ...softIdentityWebAppAuthenticationBuilder.cs | 15 ++++++++++-
 ...tyWebAppAuthenticationBuilderExtensions.cs |  7 +++++
 ...pAuthenticationBuilderWithConfiguration.cs |  4 +++
 ...entityWebAppServiceCollectionExtensions.cs |  5 ++++
 29 files changed, 170 insertions(+), 11 deletions(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 8b92bac44..9d066124b 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -29,6 +29,10 @@
     <EnforceCodeStyleInBuild>true</EnforceCodeStyleInBuild>
   </PropertyGroup>
 
+  <PropertyGroup Condition="'$(TargetFramework)' == 'net6.0' or '$(TargetFramework)' == 'net7.0'">
+    <EnableTrimAnalyzer>true</EnableTrimAnalyzer>
+  </PropertyGroup>
+
   <PropertyGroup Condition="'$(TF_BUILD)' == 'true'">
     <ContinuousIntegrationBuild>true</ContinuousIntegrationBuild>
   </PropertyGroup>
diff --git a/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj b/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj
index 643ea7f24..0046db8f5 100644
--- a/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj
+++ b/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj
@@ -5,11 +5,6 @@
     <Description>This package brings certificate management for MSAL.NET.</Description>
     <ProjectGuid>{1E0B96CD-FDBF-482C-996A-775F691D984E}</ProjectGuid>
   </PropertyGroup>
-
-  <PropertyGroup>
-    <PublishTrimmed>true</PublishTrimmed>
-    <EnableTrimAnalyzer>true</EnableTrimAnalyzer>
-  </PropertyGroup>
   
   <ItemGroup>
     <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="$(AzureSecurityKeyVaultSecretsVersion)" />
diff --git a/src/Microsoft.Identity.Web.Diagnostics/Microsoft.Identity.Web.Diagnostics.csproj b/src/Microsoft.Identity.Web.Diagnostics/Microsoft.Identity.Web.Diagnostics.csproj
index 1e704cc95..b3258dbe8 100644
--- a/src/Microsoft.Identity.Web.Diagnostics/Microsoft.Identity.Web.Diagnostics.csproj
+++ b/src/Microsoft.Identity.Web.Diagnostics/Microsoft.Identity.Web.Diagnostics.csproj
@@ -3,7 +3,5 @@
   <PropertyGroup>
     <ImplicitUsings>disable</ImplicitUsings>
     <Nullable>enable</Nullable>
-    <PublishTrimmed>true</PublishTrimmed>
-    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 </Project>
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/ApplicationBuilderExtensions.cs b/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/ApplicationBuilderExtensions.cs
index 105aa826d..bc6cf6145 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/ApplicationBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/ApplicationBuilderExtensions.cs
@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.Builder;
 
 namespace Microsoft.Identity.Web
@@ -9,6 +10,9 @@ namespace Microsoft.Identity.Web
     /// Extension class on IApplicationBuilder to initialize the service provider of
     /// the TokenAcquirerFactory in ASP.NET Core.
     /// </summary>
+#if NET6_0_OR_GREATER
+    [RequiresUnreferencedCode("Microsoft.Identity.Web.TokenAcquirerFactory.GetDefaultInstance(String).")]
+#endif
     public static class ApplicationBuilderExtensions
     {
         /// <summary>
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/TokenAcquisition-AspnetCore.cs b/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/TokenAcquisition-AspnetCore.cs
index 1d665e66d..f23b107d5 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/TokenAcquisition-AspnetCore.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/AspNetCore/TokenAcquisition-AspnetCore.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -138,6 +139,9 @@ public void ReplyForbiddenWithWwwAuthenticateHeader(
         /// }
         /// </code>
         /// </example>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.TokenAcquisition.AddAccountToCacheFromAuthorizationCodeAsync(AuthCodeRedemptionParameters)")]
+#endif
         public async Task AddAccountToCacheFromAuthorizationCodeAsync(
             AuthorizationCodeReceivedContext context,
             IEnumerable<string> scopes,
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/ClientInfo.cs b/src/Microsoft.Identity.Web.TokenAcquisition/ClientInfo.cs
index 5596b0773..72c52e76e 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/ClientInfo.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/ClientInfo.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 using Microsoft.Identity.Web.Util;
@@ -16,6 +17,9 @@ internal class ClientInfo
         [JsonPropertyName(ClaimConstants.UniqueTenantIdentifier)]
         public string? UniqueTenantIdentifier { get; set; } = null;
 
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.ClientInfo.DeserializeFromJson(byte[]).")]
+#endif
         public static ClientInfo? CreateFromJson(string? clientInfo)
         {
             if (string.IsNullOrEmpty(clientInfo))
@@ -27,6 +31,9 @@ internal class ClientInfo
             return bytes != null ? DeserializeFromJson(bytes) : null;
         }
 
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Deserialize<TValue>(ReadOnlySpan<Byte>, JsonSerializerOptions).")]
+#endif
         internal static ClientInfo? DeserializeFromJson(byte[]? jsonByteArray)
         {
             if (jsonByteArray == null || jsonByteArray.Length == 0)
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/ITokenAcquisitionInternal.cs b/src/Microsoft.Identity.Web.TokenAcquisition/ITokenAcquisitionInternal.cs
index a93234c55..f43b8ef28 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/ITokenAcquisitionInternal.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/ITokenAcquisitionInternal.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Security.Claims;
 using System.Threading.Tasks;
 #if !NETSTANDARD2_0 && !NET462 && !NET472
@@ -48,6 +49,9 @@ internal interface ITokenAcquisitionInternal : ITokenAcquisition
         /// }
         /// </code>
         /// </example>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.TokenAcquisition.AddAccountToCacheFromAuthorizationCodeAsync(AuthCodeRedemptionParameters)")]
+#endif
         Task AddAccountToCacheFromAuthorizationCodeAsync(
             AuthorizationCodeReceivedContext context,
             IEnumerable<string> scopes,
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs
index ada5f856d..98b92d256 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityAppCallingWebApiAuthenticationBuilder.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.Extensions.Caching.Memory;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -18,6 +19,9 @@ namespace Microsoft.Identity.Web
     /// </summary>
     public class MicrosoftIdentityAppCallsWebApiAuthenticationBuilder : MicrosoftIdentityBaseAuthenticationBuilder
     {
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection)")]
+#endif
         internal MicrosoftIdentityAppCallsWebApiAuthenticationBuilder(
             IServiceCollection services,
             IConfigurationSection? configurationSection = null)
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs
index ed09a745d..4076d9ac1 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs
@@ -8,6 +8,8 @@
 using Microsoft.IdentityModel.Abstractions;
 using Microsoft.IdentityModel.LoggingExtensions;
 using Microsoft.IdentityModel.Logging;
+using System.Diagnostics.CodeAnalysis;
+using System.Net.NetworkInformation;
 
 namespace Microsoft.Identity.Web
 {
@@ -22,6 +24,9 @@ public class MicrosoftIdentityBaseAuthenticationBuilder
         /// </summary>
         /// <param name="services">The services being configured.</param>
         /// <param name="configurationSection">Optional configuration section.</param>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
+#endif
         protected MicrosoftIdentityBaseAuthenticationBuilder(
             IServiceCollection services,
             IConfigurationSection? configurationSection = null)
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquirerFactory.cs b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquirerFactory.cs
index 91bdc36b3..3c2e9c38b 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquirerFactory.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquirerFactory.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.IO;
 using System.Linq;
 using System.Reflection;
@@ -73,6 +74,9 @@ protected TokenAcquirerFactory()
         ///  [!code-csharp[ConvertType](~/../tests/DevApps/aspnet-mvc/OwinWebApp/App_Start/Startup.Auth.cs?highlight=22)]
         /// ]]></format>
         /// </example>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
+#endif
         static public T GetDefaultInstance<T>(string configSection="AzureAd") where T : TokenAcquirerFactory, new()
         {
             T instance;
@@ -108,6 +112,9 @@ protected TokenAcquirerFactory()
         ///  [!code-csharp[ConvertType](~/../tests/DevApps/daemon-app/daemon-console-calling-msgraph/Program.cs?highlight=5)]
         /// ]]></format>
         /// </example>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
+#endif
         static public TokenAcquirerFactory GetDefaultInstance(string configSection = "AzureAd")
         {
             TokenAcquirerFactory instance;
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs
index c812b6482..a18ed4876 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
@@ -102,6 +103,9 @@ public TokenAcquisition(
             _credentialsLoader = credentialsLoader;
         }
 
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.ClientInfo.CreateFromJson(String)")]
+#endif
         public async Task<AcquireTokenResult> AddAccountToCacheFromAuthorizationCodeAsync(
             AuthCodeRedemptionParameters authCodeRedemptionParameters)
         {
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/WebApiBuilders.cs b/src/Microsoft.Identity.Web.TokenAcquisition/WebApiBuilders.cs
index 123484d75..7eb916311 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/WebApiBuilders.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/WebApiBuilders.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Identity.Abstractions;
@@ -25,6 +26,9 @@ public static class WebApiBuilders
         /// <param name="services">The services being configured.</param>
         /// <param name="configuration">IConfigurationSection.</param>
         /// <returns>The authentication builder to chain.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Bind, Configure with Unspecified Configuration and ServiceCollection.")]
+#endif
         public static MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisition(
             Action<ConfidentialClientApplicationOptions> configureConfidentialClientApplicationOptions,
             string authenticationScheme,
diff --git a/src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs b/src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs
index eb1f48456..9be1bd34c 100644
--- a/src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs
+++ b/src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication;
@@ -53,6 +54,9 @@ public class AuthorizeForScopesAttribute : ExceptionFilterAttribute
         /// Handles the <see cref="MsalUiRequiredException"/>.
         /// </summary>
         /// <param name="context">Context provided by ASP.NET Core.</param>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue<T>(String).")]
+#endif
         public override void OnException(ExceptionContext context)
         {
             if (context != null)
diff --git a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApi.cs b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApi.cs
index 48d794f23..faae19acf 100644
--- a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApi.cs
+++ b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApi.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.ComponentModel;
+using System.Diagnostics.CodeAnalysis;
 using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
@@ -107,6 +108,9 @@ public async Task<HttpResponseMessage> CallWebApiForUserAsync(
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions).")]
+#endif
         public async Task<TOutput?> CallWebApiForUserAsync<TInput, TOutput>(
             string serviceName,
             TInput input,
diff --git a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiExtensions.cs b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiExtensions.cs
index 19bff2311..9e4a09634 100644
--- a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiExtensions.cs
+++ b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.ComponentModel;
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 
@@ -24,6 +25,9 @@ public static class DownstreamWebApiExtensions
         [Obsolete("Use AddDownstreamApi in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.DependencyInjection.OptionsConfigurationServiceCollectionExtensions.Configure<TOutput>(IServiceCollection, String, IConfiguration).")]
+#endif
         public static MicrosoftIdentityAppCallsWebApiAuthenticationBuilder AddDownstreamWebApi(
             this MicrosoftIdentityAppCallsWebApiAuthenticationBuilder builder,
             string serviceName,
diff --git a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiGenericExtensions.cs b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiGenericExtensions.cs
index 40fee1efb..eb300a82e 100644
--- a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiGenericExtensions.cs
+++ b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiGenericExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.ComponentModel;
+using System.Diagnostics.CodeAnalysis;
 using System.Net.Http;
 using System.Security.Claims;
 using System.Text;
@@ -37,6 +38,9 @@ public static class DownstreamWebApiGenericExtensions
         [Obsolete("Use IDownstreamApi.GetForUserAsync in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertToOutput<TOutput>(TInput).")]
+#endif
         public static async Task<TOutput?> GetForUserAsync<TOutput>(
             this IDownstreamWebApi downstreamWebApi,
             string serviceName,
@@ -78,6 +82,9 @@ public static class DownstreamWebApiGenericExtensions
         [Obsolete("Use IDownstreamApi.GetForUserAsync in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertFromInput<TInput>(TInput).")]
+#endif
         public static async Task GetForUserAsync<TInput>(
             this IDownstreamWebApi downstreamWebApi,
             string serviceName,
@@ -122,6 +129,9 @@ await downstreamWebApi.CallWebApiForUserAsync(
         [Obsolete("Use IDownstreamApi.PostForUserAsync in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertToOutput<TOutput>(TInput).")]
+#endif
         public static async Task<TOutput?> PostForUserAsync<TOutput, TInput>(
             this IDownstreamWebApi downstreamWebApi,
             string serviceName,
@@ -168,6 +178,9 @@ await downstreamWebApi.CallWebApiForUserAsync(
         [Obsolete("Use IDownstreamApi.PutForUserAsync in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertFromInput<TInput>(TInput).")]
+#endif
         public static async Task PutForUserAsync<TInput>(
             this IDownstreamWebApi downstreamWebApi,
             string serviceName,
@@ -213,6 +226,9 @@ await downstreamWebApi.CallWebApiForUserAsync(
         [Obsolete("Use IDownstreamApi.PutForUserAsync in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertToOutput<TOutput>(TInput).")]
+#endif
         public static async Task<TOutput?> PutForUserAsync<TOutput, TInput>(
             this IDownstreamWebApi downstreamWebApi,
             string serviceName,
@@ -258,6 +274,9 @@ await downstreamWebApi.CallWebApiForUserAsync(
         [Obsolete("Use IDownstreamApi.CallWebApiForUserAsync in Microsoft.Identity.Abstractions, implemented in Microsoft.Identity.Web.DownstreamApi." +
         "See aka.ms/id-web-downstream-api-v2 for migration details.", false)]
         [EditorBrowsable(EditorBrowsableState.Never)]
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamWebApiGenericExtensions.ConvertToOutput<TOutput>(TInput).")]
+#endif
         public static async Task<TOutput?> CallWebApiForUserAsync<TOutput>(
             this IDownstreamWebApi downstreamWebApi,
             string serviceName,
@@ -276,12 +295,16 @@ await downstreamWebApi.CallWebApiForUserAsync(
 
             return await ConvertToOutput<TOutput>(response).ConfigureAwait(false);
         }
-
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions).")]
+#endif
         private static StringContent ConvertFromInput<TInput>(TInput input)
         {
             return new StringContent(JsonSerializer.Serialize(input), Encoding.UTF8, "application/json");
         }
-
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Deserialize<TValue>(String, JsonSerializerOptions).")]
+#endif
         private static async Task<TOutput?> ConvertToOutput<TOutput>(HttpResponseMessage response)
             where TOutput : class
         {
diff --git a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/IDownstreamWebApi.cs b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/IDownstreamWebApi.cs
index d78f756f4..abcbe8de8 100644
--- a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/IDownstreamWebApi.cs
+++ b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/IDownstreamWebApi.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.ComponentModel;
+using System.Diagnostics.CodeAnalysis;
 using System.Net.Http;
 using System.Security.Claims;
 using System.Threading.Tasks;
@@ -118,6 +119,9 @@ Task<HttpResponseMessage> CallWebApiForUserAsync(
         /// }
         /// </code>
         /// </example>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions).")]
+#endif
         public Task<TOutput?> CallWebApiForUserAsync<TInput, TOutput>(
             string serviceName,
             TInput input,
@@ -181,6 +185,9 @@ Task<HttpResponseMessage> CallWebApiForUserAsync(
         /// }
         /// </code>
         /// </example>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions).")]
+#endif
         Task<TOutput?> CallWebApiForUserAsync<TInput, TOutput>(
             string serviceName,
             TInput input,
diff --git a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuilderExtensions.cs b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuilderExtensions.cs
index a086a7f4f..fd16a69bc 100644
--- a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuilderExtensions.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Net.Http;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -21,6 +22,9 @@ public static class MicrosoftIdentityAuthenticationMessageHandlerHttpClientBuild
         /// <param name="serviceName">Name of the configuration for the service.</param>
         /// <param name="configuration">Configuration.</param>
         /// <returns>The builder for chaining.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.DependencyInjection.OptionsConfigurationServiceCollectionExtensions.Configure<TOutput>(IServiceCollection, String, IConfiguration).")]
+#endif
         public static IHttpClientBuilder AddMicrosoftIdentityUserAuthenticationHandler(
             this IHttpClientBuilder builder,
             string serviceName,
@@ -61,6 +65,9 @@ public static IHttpClientBuilder AddMicrosoftIdentityUserAuthenticationHandler(
         /// <param name="serviceName">Name of the configuration for the service.</param>
         /// <param name="configuration">Configuration.</param>
         /// <returns>The builder for chaining.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.DependencyInjection.OptionsConfigurationServiceCollectionExtensions.Configure<TOutput>(IServiceCollection, String, IConfiguration).")]
+#endif
         public static IHttpClientBuilder AddMicrosoftIdentityAppAuthenticationHandler(
             this IHttpClientBuilder builder,
             string serviceName,
diff --git a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
index 98c762fdf..fcea699e4 100644
--- a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
+++ b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
@@ -11,7 +11,6 @@
 
   <PropertyGroup>
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
-    <PublishTrimmed>true</PublishTrimmed>
   </PropertyGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'net6.0' or '$(TargetFramework)' == 'net7.0' or '$(TargetFramework)' == 'netcoreapp3.1'">
diff --git a/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs b/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs
index 8f066d841..0b44627df 100644
--- a/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs
+++ b/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
@@ -35,6 +36,9 @@ public ScopeAuthorizationHandler(IConfiguration configuration)
         /// <param name="context">AuthorizationHandlerContext.</param>
         /// <param name="requirement">Scope authorization requirement.</param>
         /// <returns>Task.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue<T>(String).")]
+#endif
         protected override Task HandleRequirementAsync(
             AuthorizationHandlerContext context,
             ScopeAuthorizationRequirement requirement)
diff --git a/src/Microsoft.Identity.Web/Policy/ScopeOrAppPermissionAuthorizationHandler.cs b/src/Microsoft.Identity.Web/Policy/ScopeOrAppPermissionAuthorizationHandler.cs
index 551fab883..3c1ea9fc9 100644
--- a/src/Microsoft.Identity.Web/Policy/ScopeOrAppPermissionAuthorizationHandler.cs
+++ b/src/Microsoft.Identity.Web/Policy/ScopeOrAppPermissionAuthorizationHandler.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
@@ -36,6 +37,9 @@ public ScopeOrAppPermissionAuthorizationHandler(IConfiguration configuration)
         /// <param name="context">AuthorizationHandlerContext.</param>
         /// <param name="requirement">Scope authorization requirement.</param>
         /// <returns>Task.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue<T>(String).")]
+#endif
         protected override Task HandleRequirementAsync(
             AuthorizationHandlerContext context,
             ScopeOrAppPermissionAuthorizationRequirement requirement)
diff --git a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilder.cs b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilder.cs
index 7df685320..8297ee94e 100644
--- a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilder.cs
+++ b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilder.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.IdentityModel.Tokens.Jwt;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.Extensions.Configuration;
@@ -26,6 +27,9 @@ public class MicrosoftIdentityWebApiAuthenticationBuilder : MicrosoftIdentityBas
         /// the <see cref="MicrosoftIdentityOptions"/>Microsoft identity options.</param>
         /// <param name="configurationSection">Configuration section from which to
         /// get parameters.</param>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection).")]
+#endif
         internal MicrosoftIdentityWebApiAuthenticationBuilder(
             IServiceCollection services,
             string jwtBearerAuthenticationScheme,
@@ -48,6 +52,9 @@ internal MicrosoftIdentityWebApiAuthenticationBuilder(
         /// </summary>
         /// <param name="configureConfidentialClientApplicationOptions">The action to configure <see cref="ConfidentialClientApplicationOptions"/>.</param>
         /// <returns>The authentication builder to chain.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.Internal.WebApiBuilders.EnableTokenAcquisition(IServiceCollection, string, Action<ConfidentialClientApplicationOptions>, IConfigurationSection).")]
+#endif
         public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisitionToCallDownstreamApi(
             Action<ConfidentialClientApplicationOptions> configureConfidentialClientApplicationOptions)
         {
@@ -64,6 +71,9 @@ public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisiti
                 ConfigurationSection);
         }
 
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.Internal.WebApiBuilders.EnableTokenAcquisition(Action<ConfidentialClientApplicationOptions>, String, IServiceCollection, IConfigurationSection).")]
+#endif
         internal static void CallsWebApiImplementation(
             IServiceCollection services,
             string jwtBearerAuthenticationScheme,
diff --git a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
index 4c65e7f3e..e8c74daf9 100644
--- a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
@@ -3,8 +3,10 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Linq;
+using System.Net.NetworkInformation;
 using System.Security.Cryptography.X509Certificates;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
@@ -34,6 +36,9 @@ public static class MicrosoftIdentityWebApiAuthenticationBuilderExtensions
         /// Set to true if you want to debug, or just understand the JWT bearer events.
         /// </param>
         /// <returns>The authentication builder to chain.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthneticationBuilderExtensions.AddMicrosoftIdentityWebApi(AuthenticationBuilder, IConfigurationSection, string, bool).")]
+#endif
         public static MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebApi(
         this AuthenticationBuilder builder,
         IConfiguration configuration,
@@ -63,6 +68,9 @@ public static MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration AddM
         /// Set to true if you want to debug, or just understand the JWT bearer events.
         /// </param>
         /// <returns>The authentication builder to chain.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
+#endif
         public static MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebApi(
             this AuthenticationBuilder builder,
             IConfigurationSection configurationSection,
@@ -97,6 +105,9 @@ public static MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration AddM
         /// <param name="subscribeToJwtBearerMiddlewareDiagnosticsEvents">
         /// Set to true if you want to debug, or just understand the JWT bearer events.</param>
         /// <returns>The authentication builder to chain.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilder.MicrosoftIdentityWebApiAuthenticationBuilder(IServiceCollection, String, Action<JwtBearerOptions>, Action<MicrosoftIdentityOptions>, IConfigurationSection).")]
+#endif
         public static MicrosoftIdentityWebApiAuthenticationBuilder AddMicrosoftIdentityWebApi(
             this AuthenticationBuilder builder,
             Action<JwtBearerOptions> configureJwtBearerOptions,
diff --git a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.cs b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.cs
index 55ec24238..eb6bf5e21 100644
--- a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.cs
+++ b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.cs
@@ -2,6 +2,8 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
+using System.Net.NetworkInformation;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -11,6 +13,9 @@ namespace Microsoft.Identity.Web
     /// <summary>
     /// Builder for web API authentication with configuration.
     /// </summary>
+#if NET6_0_OR_GREATER
+    [RequiresUnreferencedCode("Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilder.MicrosoftIdentityWebApiAuthenticationBuilder(IServiceCollection, String, Action<JwtBearerOptions>, Action<MicrosoftIdentityOptions>, IConfigurationSection).")]
+#endif
     public class MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration : MicrosoftIdentityWebApiAuthenticationBuilder
     {
         internal MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration(
@@ -29,6 +34,9 @@ internal MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration(
         /// This method expects the configuration file will have a section, named "AzureAd" as default, with the necessary settings to initialize authentication options.
         /// </summary>
         /// <returns>The authentication builder to chain.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
+#endif
         public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisitionToCallDownstreamApi()
         {
             return EnableTokenAcquisitionToCallDownstreamApi(options => ConfigurationSection?.Bind(options));
diff --git a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiServiceCollectionExtensions.cs b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiServiceCollectionExtensions.cs
index 1f8c4236a..53ed701a7 100644
--- a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiServiceCollectionExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiServiceCollectionExtensions.cs
@@ -1,6 +1,8 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System.Diagnostics.CodeAnalysis;
+using System.Net.NetworkInformation;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.Extensions.Configuration;
@@ -24,6 +26,9 @@ public static partial class MicrosoftIdentityWebApiServiceCollectionExtensions
         /// <param name="subscribeToJwtBearerMiddlewareDiagnosticsEvents">
         /// Set to true if you want to debug, or just understand the JwtBearer events.</param>
         /// <returns>The authentication builder to chain extension methods.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApi(AuthenticationBuilder, IConfiguration, String, String, Boolean).")]
+#endif
         public static MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebApiAuthentication(
             this IServiceCollection services,
             IConfiguration configuration,
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
index 0ed1174e8..178063089 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilder.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
@@ -28,6 +29,9 @@ public class MicrosoftIdentityWebAppAuthenticationBuilder : MicrosoftIdentityBas
         /// <param name="configureMicrosoftIdentityOptions">Action called to configure
         /// the <see cref="MicrosoftIdentityOptions"/>Microsoft identity options.</param>
         /// <param name="configurationSection">Optional configuration section.</param>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection).")]
+#endif
         internal MicrosoftIdentityWebAppAuthenticationBuilder(
             IServiceCollection services,
             string openIdConnectScheme,
@@ -48,6 +52,9 @@ internal MicrosoftIdentityWebAppAuthenticationBuilder(
         /// </summary>
         /// <param name="initialScopes">Initial scopes.</param>
         /// <returns>The builder itself for chaining.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection).")]
+#endif
         public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisitionToCallDownstreamApi(
             IEnumerable<string>? initialScopes = null)
         {
@@ -62,6 +69,9 @@ public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisiti
         /// MSAL.NET confidential client application options.</param>
         /// <param name="initialScopes">Initial scopes.</param>
         /// <returns>The builder itself for chaining.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.WebAppCallsWebApiImplementation(IServiceCollection, IEnumerable<string>, Action<MicrosoftIdentityOptions>, string, Action<ConfidentialClientApplicationOptions>.")]
+#endif
         public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisitionToCallDownstreamApi(
             Action<ConfidentialClientApplicationOptions>? configureConfidentialClientApplicationOptions,
             IEnumerable<string>? initialScopes = null)
@@ -77,6 +87,9 @@ public MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisiti
                 ConfigurationSection);
         }
 
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.ClientInfo.CreateFromJson(string).")]
+#endif
         internal static void WebAppCallsWebApiImplementation(
             IServiceCollection services,
             IEnumerable<string>? initialScopes,
@@ -105,7 +118,7 @@ internal static void WebAppCallsWebApiImplementation(
             {
                 services.AddTokenAcquisition();
 
-                services.AddOptions<OpenIdConnectOptions>(openIdConnectScheme)
+                _ = services.AddOptions<OpenIdConnectOptions>(openIdConnectScheme)
                    .Configure<IMergedOptionsStore, IOptionsMonitor<ConfidentialClientApplicationOptions>, IOptions<ConfidentialClientApplicationOptions>>((
                        options,
                        mergedOptionsMonitor,
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
index f3932d70a..cf9a9c20a 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
@@ -15,6 +15,7 @@
 using Microsoft.Identity.Web.Resource;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using System.Linq;
+using System.Diagnostics.CodeAnalysis;
 
 namespace Microsoft.Identity.Web
 {
@@ -36,6 +37,9 @@ public static class MicrosoftIdentityWebAppAuthenticationBuilderExtensions
         /// <param name="subscribeToOpenIdConnectMiddlewareDiagnosticsEvents">Set to true if you want to debug, or just understand the OpenID Connect events.</param>
         /// <param name="displayName">A display name for the authentication handler.</param>
         /// <returns>The <see cref="MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration"/> builder for chaining.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls a trim-incompatible AddMicrosoftIdentityWebApp.")]
+#endif
         public static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebApp(
             this AuthenticationBuilder builder,
             IConfiguration configuration,
@@ -76,6 +80,9 @@ public static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration AddM
         /// <param name="subscribeToOpenIdConnectMiddlewareDiagnosticsEvents">Set to true if you want to debug, or just understand the OpenID Connect events.</param>
         /// <param name="displayName">A display name for the authentication handler.</param>
         /// <returns>The authentication builder for chaining.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
+#endif
         public static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebApp(
             this AuthenticationBuilder builder,
             IConfigurationSection configurationSection,
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.cs
index 46d9d5a34..9fd32f31c 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 
@@ -37,6 +38,9 @@ internal MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration(
         /// </summary>
         /// <param name="initialScopes">Optional initial scopes to request.</param>
         /// <returns>The authentication builder for chaining.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
+#endif
         public new MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisitionToCallDownstreamApi(
             IEnumerable<string>? initialScopes = null)
         {
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppServiceCollectionExtensions.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppServiceCollectionExtensions.cs
index 0038e3969..8a1d1bb9b 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppServiceCollectionExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppServiceCollectionExtensions.cs
@@ -1,6 +1,7 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
@@ -31,6 +32,10 @@ public static partial class MicrosoftIdentityWebAppServiceCollectionExtensions
         /// <param name="subscribeToOpenIdConnectMiddlewareDiagnosticsEvents">Set to true if you want to debug, or just understand the OpenIdConnect events.</param>
         /// <param name="displayName">A display name for the authentication handler.</param>
         /// <returns>The authentication builder to chain extension methods.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApp(AuthenticationBuilder, IConfiguration, String, String, String, Boolean, String).")]
+#endif
+
         public static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebAppAuthentication(
             this IServiceCollection services,
             IConfiguration configuration,

From 66c3e0c97110af01ed8149aa358ce530c4797e69 Mon Sep 17 00:00:00 2001
From: Westin Musser <westinmusser@microsoft.com>
Date: Wed, 26 Apr 2023 11:19:01 -0700
Subject: [PATCH 04/13] Additional pass of adding unreferenced code attribute

---
 .../DownstreamApi.cs                          |  7 ++++
 .../DownstreamApiExtensions.cs                | 13 +++++--
 .../MicrosoftGraphExtensions.cs               |  4 +++
 ...tyWebAppAuthenticationBuilderExtensions.cs | 34 ++++++++++++-------
 ...pAuthenticationBuilderWithConfiguration.cs |  3 ++
 5 files changed, 45 insertions(+), 16 deletions(-)

diff --git a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
index 24b680786..06eff0428 100644
--- a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
+++ b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Net.Http;
 using System.Runtime.CompilerServices;
@@ -217,6 +218,9 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
             return clonedOptions;
         }
 
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions)")]
+#endif
         private static HttpContent? SerializeInput<TInput>(TInput input, DownstreamApiOptions effectiveOptions)
         {
             HttpContent? effectiveInput;
@@ -238,6 +242,9 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
             return effectiveInput;
         }
 
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Deserialize<TValue>(String, JsonSerializerOptions)")]
+#endif
         private static async Task<TOutput?> DeserializeOutput<TOutput>(HttpResponseMessage response, DownstreamApiOptions effectiveOptions)
              where TOutput : class
         {
diff --git a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApiExtensions.cs b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApiExtensions.cs
index 21c45de48..b1bca34de 100644
--- a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApiExtensions.cs
+++ b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApiExtensions.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Identity.Abstractions;
@@ -21,6 +22,9 @@ public static class DownstreamApiExtensions
         /// This is the name used when calling the service from controller/pages.</param>
         /// <param name="configuration">Configuration.</param>
         /// <returns>The builder for chaining.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Microsoft.Extensions.DependencyInjection.OptionsConfigurationServiceCollectionExtensions.Configure<TOptions>(IServiceCollection, String, IConfiguration).")]
+#endif
         public static IServiceCollection AddDownstreamApi(
             this IServiceCollection services,
             string serviceName,
@@ -65,10 +69,13 @@ public static IServiceCollection AddDownstreamApi(
         /// This is the name used when calling the service from controller/pages.</param>
         /// <param name="configuration">Configuration.</param>
         /// <returns>The builder for chaining.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Microsoft.Identity.Web.DownstreamApiExtensions.AddDownstreamApi(IServiceCollection, String, IConfiguration).")]
+#endif
         public static MicrosoftIdentityAppCallsWebApiAuthenticationBuilder AddDownstreamApi(
-            this MicrosoftIdentityAppCallsWebApiAuthenticationBuilder builder,
-            string serviceName,
-            IConfiguration configuration)
+        this MicrosoftIdentityAppCallsWebApiAuthenticationBuilder builder,
+        string serviceName,
+        IConfiguration configuration)
         {
             _ = Throws.IfNull(builder);
 
diff --git a/src/Microsoft.Identity.Web.MicrosoftGraph/MicrosoftGraphExtensions.cs b/src/Microsoft.Identity.Web.MicrosoftGraph/MicrosoftGraphExtensions.cs
index 3f407309b..77ef6a48d 100644
--- a/src/Microsoft.Identity.Web.MicrosoftGraph/MicrosoftGraphExtensions.cs
+++ b/src/Microsoft.Identity.Web.MicrosoftGraph/MicrosoftGraphExtensions.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -24,6 +25,9 @@ public static class MicrosoftGraphExtensions
         /// <param name="builder">Builder.</param>
         /// <param name="configurationSection">Configuration section.</param>
         /// <returns>The builder to chain.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object).")]
+#endif
         public static MicrosoftIdentityAppCallsWebApiAuthenticationBuilder AddMicrosoftGraph(
             this MicrosoftIdentityAppCallsWebApiAuthenticationBuilder builder,
             IConfigurationSection configurationSection)
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
index cf9a9c20a..4c2d7e64d 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
@@ -115,23 +115,25 @@ public static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration AddM
         /// <param name="subscribeToOpenIdConnectMiddlewareDiagnosticsEvents">Set to true if you want to debug, or just understand the OpenID Connect events.</param>
         /// <param name="displayName">A display name for the authentication handler.</param>
         /// <returns>The authentication builder for chaining.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderExtensions.AddMicrosoftWebAppWithoutConfiguration(AuthenticationBuilder, Action<MicrosoftIdentityOptions>, Action<CookieAuthenticationOptions>, String, String, Boolean, String).")]
+#endif
         public static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftIdentityWebApp(
-            this AuthenticationBuilder builder,
-            Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
-            Action<CookieAuthenticationOptions>? configureCookieAuthenticationOptions = null,
-            string openIdConnectScheme = OpenIdConnectDefaults.AuthenticationScheme,
-            string? cookieScheme = CookieAuthenticationDefaults.AuthenticationScheme,
-            bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents = false,
-            string? displayName = null)
+        this AuthenticationBuilder builder,
+        Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
+        Action<CookieAuthenticationOptions>? configureCookieAuthenticationOptions = null,
+        string openIdConnectScheme = OpenIdConnectDefaults.AuthenticationScheme,
+        string? cookieScheme = CookieAuthenticationDefaults.AuthenticationScheme,
+        bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents = false,
+        string? displayName = null)
         {
             _ = Throws.IfNull(builder);
-
             return builder.AddMicrosoftWebAppWithoutConfiguration(
-                configureMicrosoftIdentityOptions,
-                configureCookieAuthenticationOptions,
-                openIdConnectScheme,
-                cookieScheme,
-                subscribeToOpenIdConnectMiddlewareDiagnosticsEvents,
+            configureMicrosoftIdentityOptions,
+            configureCookieAuthenticationOptions,
+            openIdConnectScheme,
+            cookieScheme,
+            subscribeToOpenIdConnectMiddlewareDiagnosticsEvents,
                 displayName);
         }
 
@@ -147,6 +149,9 @@ public static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftIdentityW
         /// <param name="displayName">A display name for the authentication handler.</param>
         /// <param name="configurationSection">Configuration section.</param>
         /// <returns>The authentication builder for chaining.</returns>
+#if NET6_0_OR_GREATER        
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration(IServiceCollection, String, Action<MicrosoftIdentityOptions>, IConfigurationSection)")]
+#endif
         private static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration AddMicrosoftIdentityWebAppWithConfiguration(
                 this AuthenticationBuilder builder,
                 Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
@@ -184,6 +189,9 @@ private static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration Add
         /// <param name="subscribeToOpenIdConnectMiddlewareDiagnosticsEvents">Set to true if you want to debug, or just understand the OpenID Connect events.</param>
         /// <param name="displayName">A display name for the authentication handler.</param>
         /// <returns>The authentication builder for chaining.</returns>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.MicrosoftIdentityWebAppAuthenticationBuilder(IServiceCollection, String, Action<MicrosoftIdentityOptions>, IConfigurationSection)")]
+#endif
         private static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftWebAppWithoutConfiguration(
         this AuthenticationBuilder builder,
         Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.cs
index 9fd32f31c..3ba3c9fd5 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration.cs
@@ -23,6 +23,9 @@ public class MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration : Mic
         /// <param name="configureMicrosoftIdentityOptions">Action called to configure
         /// the <see cref="MicrosoftIdentityOptions"/>Microsoft identity options.</param>
         /// <param name="configurationSection">Optional configuration section.</param>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilder.MicrosoftIdentityWebAppAuthenticationBuilder(IServiceCollection, String, Action<MicrosoftIdentityOptions>, IConfigurationSection)")]
+#endif
         internal MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration(
             IServiceCollection services,
             string openIdConnectScheme,

From a65c8c61c239e7af73c1ca6c8c1bd5c9cecc7c73 Mon Sep 17 00:00:00 2001
From: Westin Musser <westinmusser@microsoft.com>
Date: Wed, 26 Apr 2023 13:06:27 -0700
Subject: [PATCH 05/13] fix typos/unused imports

---
 .../Microsoft.Identity.Web.Certificate.csproj |  2 +-
 ...rosoft.Identity.Web.Certificateless.csproj |  2 --
 .../DownstreamApiExtensions.cs                |  6 ++---
 ...rosoftIdentityBaseAuthenticationBuilder.cs |  1 -
 ...tyWebApiAuthenticationBuilderExtensions.cs |  1 -
 ...iAuthenticationBuilderWithConfiguration.cs |  1 -
 ...entityWebApiServiceCollectionExtensions.cs |  1 -
 ...tyWebAppAuthenticationBuilderExtensions.cs | 24 +++++++++----------
 8 files changed, 16 insertions(+), 22 deletions(-)

diff --git a/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj b/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj
index 0046db8f5..877b79a5c 100644
--- a/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj
+++ b/src/Microsoft.Identity.Web.Certificate/Microsoft.Identity.Web.Certificate.csproj
@@ -5,7 +5,7 @@
     <Description>This package brings certificate management for MSAL.NET.</Description>
     <ProjectGuid>{1E0B96CD-FDBF-482C-996A-775F691D984E}</ProjectGuid>
   </PropertyGroup>
-  
+
   <ItemGroup>
     <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="$(AzureSecurityKeyVaultSecretsVersion)" />
     <PackageReference Include="Azure.Identity" Version="$(AzureIdentityVersion)" />
diff --git a/src/Microsoft.Identity.Web.Certificateless/Microsoft.Identity.Web.Certificateless.csproj b/src/Microsoft.Identity.Web.Certificateless/Microsoft.Identity.Web.Certificateless.csproj
index 9369f10f5..e9ade8f95 100644
--- a/src/Microsoft.Identity.Web.Certificateless/Microsoft.Identity.Web.Certificateless.csproj
+++ b/src/Microsoft.Identity.Web.Certificateless/Microsoft.Identity.Web.Certificateless.csproj
@@ -8,8 +8,6 @@
 
   <PropertyGroup>
     <TargetFrameworks>netstandard2.0</TargetFrameworks>
-    <PublishTrimmed>true</PublishTrimmed>
-    <EnableTrimAnalyzer>true</EnableTrimAnalyzer>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApiExtensions.cs b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApiExtensions.cs
index b1bca34de..ae5e08196 100644
--- a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApiExtensions.cs
+++ b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApiExtensions.cs
@@ -73,9 +73,9 @@ public static IServiceCollection AddDownstreamApi(
         [RequiresUnreferencedCode("Microsoft.Identity.Web.DownstreamApiExtensions.AddDownstreamApi(IServiceCollection, String, IConfiguration).")]
 #endif
         public static MicrosoftIdentityAppCallsWebApiAuthenticationBuilder AddDownstreamApi(
-        this MicrosoftIdentityAppCallsWebApiAuthenticationBuilder builder,
-        string serviceName,
-        IConfiguration configuration)
+            this MicrosoftIdentityAppCallsWebApiAuthenticationBuilder builder,
+            string serviceName,
+            IConfiguration configuration)
         {
             _ = Throws.IfNull(builder);
 
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs
index 4076d9ac1..da3819e20 100644
--- a/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs
+++ b/src/Microsoft.Identity.Web.TokenAcquisition/MicrosoftIdentityBaseAuthenticationBuilder.cs
@@ -9,7 +9,6 @@
 using Microsoft.IdentityModel.LoggingExtensions;
 using Microsoft.IdentityModel.Logging;
 using System.Diagnostics.CodeAnalysis;
-using System.Net.NetworkInformation;
 
 namespace Microsoft.Identity.Web
 {
diff --git a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
index e8c74daf9..2a2821b67 100644
--- a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
@@ -6,7 +6,6 @@
 using System.Diagnostics.CodeAnalysis;
 using System.Globalization;
 using System.Linq;
-using System.Net.NetworkInformation;
 using System.Security.Cryptography.X509Certificates;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
diff --git a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.cs b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.cs
index eb6bf5e21..f9b55d71f 100644
--- a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.cs
+++ b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Diagnostics.CodeAnalysis;
-using System.Net.NetworkInformation;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
diff --git a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiServiceCollectionExtensions.cs b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiServiceCollectionExtensions.cs
index 53ed701a7..e9c75867c 100644
--- a/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiServiceCollectionExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiServiceCollectionExtensions.cs
@@ -2,7 +2,6 @@
 // Licensed under the MIT License.
 
 using System.Diagnostics.CodeAnalysis;
-using System.Net.NetworkInformation;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.Extensions.Configuration;
diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
index 4c2d7e64d..563830f15 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
@@ -119,21 +119,21 @@ public static MicrosoftIdentityWebAppAuthenticationBuilderWithConfiguration AddM
         [RequiresUnreferencedCode("Microsoft.Identity.Web.MicrosoftIdentityWebAppAuthenticationBuilderExtensions.AddMicrosoftWebAppWithoutConfiguration(AuthenticationBuilder, Action<MicrosoftIdentityOptions>, Action<CookieAuthenticationOptions>, String, String, Boolean, String).")]
 #endif
         public static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftIdentityWebApp(
-        this AuthenticationBuilder builder,
-        Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
-        Action<CookieAuthenticationOptions>? configureCookieAuthenticationOptions = null,
-        string openIdConnectScheme = OpenIdConnectDefaults.AuthenticationScheme,
-        string? cookieScheme = CookieAuthenticationDefaults.AuthenticationScheme,
-        bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents = false,
-        string? displayName = null)
+            this AuthenticationBuilder builder,
+            Action<MicrosoftIdentityOptions> configureMicrosoftIdentityOptions,
+            Action<CookieAuthenticationOptions>? configureCookieAuthenticationOptions = null,
+            string openIdConnectScheme = OpenIdConnectDefaults.AuthenticationScheme,
+            string? cookieScheme = CookieAuthenticationDefaults.AuthenticationScheme,
+            bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents = false,
+            string? displayName = null)
         {
             _ = Throws.IfNull(builder);
             return builder.AddMicrosoftWebAppWithoutConfiguration(
-            configureMicrosoftIdentityOptions,
-            configureCookieAuthenticationOptions,
-            openIdConnectScheme,
-            cookieScheme,
-            subscribeToOpenIdConnectMiddlewareDiagnosticsEvents,
+                configureMicrosoftIdentityOptions,
+                configureCookieAuthenticationOptions,
+                openIdConnectScheme,
+                cookieScheme,
+                subscribeToOpenIdConnectMiddlewareDiagnosticsEvents,
                 displayName);
         }
 

From 898be085c4ca65c0c9227f7b28b7761c1037009e Mon Sep 17 00:00:00 2001
From: Westin Musser <westinmusser@microsoft.com>
Date: Wed, 26 Apr 2023 13:08:55 -0700
Subject: [PATCH 06/13] fix typo

---
 .../MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
index 563830f15..34c850d7b 100644
--- a/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
+++ b/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
@@ -128,6 +128,7 @@ public static MicrosoftIdentityWebAppAuthenticationBuilder AddMicrosoftIdentityW
             string? displayName = null)
         {
             _ = Throws.IfNull(builder);
+
             return builder.AddMicrosoftWebAppWithoutConfiguration(
                 configureMicrosoftIdentityOptions,
                 configureCookieAuthenticationOptions,

From d24a544f092b493df1b386a93f2ad57895eafab6 Mon Sep 17 00:00:00 2001
From: Westin Musser <127992899+westin-m@users.noreply.github.com>
Date: Thu, 27 Apr 2023 12:34:53 -0700
Subject: [PATCH 07/13] Update Directory.Build.props

---
 Directory.Build.props | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Directory.Build.props b/Directory.Build.props
index 9d066124b..d88e0cdcf 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -31,6 +31,7 @@
 
   <PropertyGroup Condition="'$(TargetFramework)' == 'net6.0' or '$(TargetFramework)' == 'net7.0'">
     <EnableTrimAnalyzer>true</EnableTrimAnalyzer>
+    <PublishTrimmed>true</PublishTrimmed>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(TF_BUILD)' == 'true'">

From 144d99c5f8e3f3cf0fb47b5f3b792105cdbfeb91 Mon Sep 17 00:00:00 2001
From: Westin Musser <westinmusser@microsoft.com>
Date: Thu, 27 Apr 2023 13:18:50 -0700
Subject: [PATCH 08/13] update build props

---
 Directory.Build.props | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Directory.Build.props b/Directory.Build.props
index 9d066124b..381f63ac2 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -31,6 +31,8 @@
 
   <PropertyGroup Condition="'$(TargetFramework)' == 'net6.0' or '$(TargetFramework)' == 'net7.0'">
     <EnableTrimAnalyzer>true</EnableTrimAnalyzer>
+    <PublishTrimmed>true</PublishTrimmed>
+    <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(TF_BUILD)' == 'true'">

From 56742493be7d048ba1bbe96ce764d0e0fce4c815 Mon Sep 17 00:00:00 2001
From: Westin Musser <westinmusser@microsoft.com>
Date: Wed, 3 May 2023 11:40:53 -0700
Subject: [PATCH 09/13] remove unneeded properties, trim-friendly edits

---
 Directory.Build.props                                       | 2 --
 src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs   | 5 +----
 .../Policy/ScopeAuthorizationHandler.cs                     | 6 ++----
 .../Policy/ScopeOrAppPermissionAuthorizationHandler.cs      | 5 +----
 4 files changed, 4 insertions(+), 14 deletions(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 381f63ac2..167f2b9ff 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -30,8 +30,6 @@
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(TargetFramework)' == 'net6.0' or '$(TargetFramework)' == 'net7.0'">
-    <EnableTrimAnalyzer>true</EnableTrimAnalyzer>
-    <PublishTrimmed>true</PublishTrimmed>
     <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
 
diff --git a/src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs b/src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs
index 9be1bd34c..540768a73 100644
--- a/src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs
+++ b/src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs
@@ -54,9 +54,6 @@ public class AuthorizeForScopesAttribute : ExceptionFilterAttribute
         /// Handles the <see cref="MsalUiRequiredException"/>.
         /// </summary>
         /// <param name="context">Context provided by ASP.NET Core.</param>
-#if NET6_0_OR_GREATER
-        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue<T>(String).")]
-#endif
         public override void OnException(ExceptionContext context)
         {
             if (context != null)
@@ -93,7 +90,7 @@ public override void OnException(ExceptionContext context)
                                     IDWebErrorMessage.ScopeKeySectionIsProvidedButNotPresentInTheServicesCollection,
                                     nameof(ScopeKeySection)));
                         }
-                        string? scopeKeySectionValue = configuration.GetValue<string>(ScopeKeySection);
+                        string? scopeKeySectionValue = configuration[ScopeKeySection];
 
                         if (!string.IsNullOrEmpty(scopeKeySectionValue))
                         {
diff --git a/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs b/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs
index 0b44627df..f4a9eeb1c 100644
--- a/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs
+++ b/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs
@@ -36,9 +36,7 @@ public ScopeAuthorizationHandler(IConfiguration configuration)
         /// <param name="context">AuthorizationHandlerContext.</param>
         /// <param name="requirement">Scope authorization requirement.</param>
         /// <returns>Task.</returns>
-#if NET6_0_OR_GREATER
-        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue<T>(String).")]
-#endif
+
         protected override Task HandleRequirementAsync(
             AuthorizationHandlerContext context,
             ScopeAuthorizationRequirement requirement)
@@ -64,7 +62,7 @@ protected override Task HandleRequirementAsync(
 
             if (configurationKey != null)
             {
-                scopes = _configuration.GetValue<string>(configurationKey)?.Split(' ');
+                scopes = _configuration[configurationKey]?.Split(' ');
             }
 
             if (scopes is null)
diff --git a/src/Microsoft.Identity.Web/Policy/ScopeOrAppPermissionAuthorizationHandler.cs b/src/Microsoft.Identity.Web/Policy/ScopeOrAppPermissionAuthorizationHandler.cs
index 3c1ea9fc9..ae3dd9e64 100644
--- a/src/Microsoft.Identity.Web/Policy/ScopeOrAppPermissionAuthorizationHandler.cs
+++ b/src/Microsoft.Identity.Web/Policy/ScopeOrAppPermissionAuthorizationHandler.cs
@@ -37,9 +37,6 @@ public ScopeOrAppPermissionAuthorizationHandler(IConfiguration configuration)
         /// <param name="context">AuthorizationHandlerContext.</param>
         /// <param name="requirement">Scope authorization requirement.</param>
         /// <returns>Task.</returns>
-#if NET6_0_OR_GREATER
-        [RequiresUnreferencedCode("Calls Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue<T>(String).")]
-#endif
         protected override Task HandleRequirementAsync(
             AuthorizationHandlerContext context,
             ScopeOrAppPermissionAuthorizationRequirement requirement)
@@ -66,7 +63,7 @@ protected override Task HandleRequirementAsync(
 
             if (scopeConfigurationKey != null)
             {
-                scopes = _configuration.GetValue<string>(scopeConfigurationKey)?.Split(' ');
+                scopes = _configuration[scopeConfigurationKey]?.Split(' ');
             }
 
             if (scopes is null)

From c0fbbed3172911e308b511743aa1843481f69ad6 Mon Sep 17 00:00:00 2001
From: Westin Musser <westinmusser@microsoft.com>
Date: Wed, 10 May 2023 10:14:26 -0700
Subject: [PATCH 10/13] source generation for (de)serialization

---
 Directory.Build.props                         | 10 ++++----
 .../DownstreamApi.cs                          | 24 ++++++++++++++-----
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/Directory.Build.props b/Directory.Build.props
index 90099a798..c6beba0e2 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -32,7 +32,7 @@
   <PropertyGroup Condition="'$(TargetFramework)' == 'net6.0' or '$(TargetFramework)' == 'net7.0'">
     <IsTrimmable>true</IsTrimmable>
   </PropertyGroup>
-
+  
   <PropertyGroup Condition="'$(TF_BUILD)' == 'true'">
     <ContinuousIntegrationBuild>true</ContinuousIntegrationBuild>
   </PropertyGroup>
@@ -109,17 +109,17 @@
     <MicrosoftAspNetCoreAuthenticationJwtBearerVersion>5.0.12-*</MicrosoftAspNetCoreAuthenticationJwtBearerVersion>
     <MicrosoftAspNetCoreAuthenticationOpenIdConnectVersion>5.0.12-*</MicrosoftAspNetCoreAuthenticationOpenIdConnectVersion>
     <MicrosoftExtensionsCachingMemoryVersion>5.0.0</MicrosoftExtensionsCachingMemoryVersion>
-    <!-- Microsoft.Extensions.Hosting 5.* are obsoleted -->    
+    <!-- Microsoft.Extensions.Hosting 5.* are obsoleted -->
     <MicrosoftExtensionsHostingVersion>6.0.0</MicrosoftExtensionsHostingVersion>
     <MicrosoftAspNetCoreDataProtectionVersion>5.0.8</MicrosoftAspNetCoreDataProtectionVersion>
     <SystemSecurityCryptographyXmlVersion>6.0.1</SystemSecurityCryptographyXmlVersion>
-    
+
     <!-- CVE-2022-34716 due to DataProtection 5.0.8 -->
     <MicrosoftExtensionsLoggingVersion>5.0.0</MicrosoftExtensionsLoggingVersion>
     <SystemTextEncodingsWebVersion>6.0.0</SystemTextEncodingsWebVersion>
-    
+
     <!-- Microsoft.Extensions.Configuration.Binder 6.* are obsoleted -->
-    <MicrosoftExtensionsConfigurationBinderVersion>6.0.0</MicrosoftExtensionsConfigurationBinderVersion>    
+    <MicrosoftExtensionsConfigurationBinderVersion>6.0.0</MicrosoftExtensionsConfigurationBinderVersion>
     <MicrosoftExtensionsDependencyInjectionVersion>2.1.0</MicrosoftExtensionsDependencyInjectionVersion>
   </PropertyGroup>
 
diff --git a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
index 06eff0428..118835f2e 100644
--- a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
+++ b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
@@ -2,13 +2,13 @@
 // Licensed under the MIT License.
 
 using System;
-using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Net.Http;
 using System.Runtime.CompilerServices;
 using System.Security.Claims;
 using System.Text;
 using System.Text.Json;
+using System.Text.Json.Serialization;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
@@ -219,8 +219,14 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
         }
 
 #if NET6_0_OR_GREATER
-        [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions)")]
+        [JsonSourceGenerationOptions(WriteIndented = true)]
+        [JsonSerializable(typeof(HttpContent))]
+        [JsonSerializable(typeof(string))]
+        internal partial class SourceGenerationContext : JsonSerializerContext
+        {
+        }
 #endif
+
         private static HttpContent? SerializeInput<TInput>(TInput input, DownstreamApiOptions effectiveOptions)
         {
             HttpContent? effectiveInput;
@@ -235,16 +241,18 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
             else
             {
 #pragma warning disable CA2000 // Dispose objects before losing scope
+#if NET6_0_OR_GREATER
+                effectiveInput = new StringContent(JsonSerializer.Serialize(input, typeof(TInput), SourceGenerationContext.Default), Encoding.UTF8, "application/json");
+#else
                 effectiveInput = new StringContent(JsonSerializer.Serialize(input), Encoding.UTF8, "application/json");
+#endif
 #pragma warning restore CA2000 // Dispose objects before losing scope
             }
 
             return effectiveInput;
         }
 
-#if NET6_0_OR_GREATER
-        [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Deserialize<TValue>(String, JsonSerializerOptions)")]
-#endif
+
         private static async Task<TOutput?> DeserializeOutput<TOutput>(HttpResponseMessage response, DownstreamApiOptions effectiveOptions)
              where TOutput : class
         {
@@ -277,8 +285,12 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
             else
             {
                 string stringContent = await content.ReadAsStringAsync();
+#if NET6_0_OR_GREATER
+                return (TOutput?)JsonSerializer.Deserialize(stringContent, typeof(TOutput), SourceGenerationContext.Default);
+#else
                 return JsonSerializer.Deserialize<TOutput>(stringContent, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
-            }
+#endif
+                }
         }
 
         private async Task<HttpResponseMessage> CallApiInternalAsync(

From c4bfd38e828ae83c1a3eb4fcec00d316800878d9 Mon Sep 17 00:00:00 2001
From: Westin Musser <westinmusser@microsoft.com>
Date: Wed, 10 May 2023 15:57:00 -0700
Subject: [PATCH 11/13] return to attributes; source generation will not work

---
 .../DownstreamApi.HttpMethods.cs              | 61 +++++++++++++++++++
 .../DownstreamApi.HttpMethods.tt              |  4 ++
 .../DownstreamApi.cs                          | 36 +++++------
 3 files changed, 84 insertions(+), 17 deletions(-)

diff --git a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.HttpMethods.cs b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.HttpMethods.cs
index a4b50175f..16fbde98d 100644
--- a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.HttpMethods.cs
+++ b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.HttpMethods.cs
@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Net.Http;
 using System.Security.Claims;
 using System.Threading;
@@ -14,6 +15,9 @@ namespace Microsoft.Identity.Web
     internal partial class DownstreamApi : IDownstreamApi
     {
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task<TOutput?> GetForUserAsync<TOutput>(
             string? serviceName,
             Action<DownstreamApiOptionsReadOnlyHttpMethod>? downstreamApiOptionsOverride = null,
@@ -41,6 +45,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task<TOutput?> GetForUserAsync<TInput, TOutput>(
             string? serviceName,
             TInput input,
@@ -76,6 +83,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task<TOutput?> GetForAppAsync<TOutput>(
             string? serviceName,
             Action<DownstreamApiOptionsReadOnlyHttpMethod>? downstreamApiOptionsOverride = null,
@@ -102,6 +112,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task<TOutput?> GetForAppAsync<TInput, TOutput>(
             string? serviceName,
             TInput input,
@@ -136,6 +149,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task PostForUserAsync<TInput>(
             string? serviceName,
             TInput input,
@@ -169,6 +185,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task<TOutput?> PostForUserAsync<TInput, TOutput>(
             string? serviceName,
             TInput input,
@@ -204,6 +223,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task PostForAppAsync<TInput>(
             string? serviceName,
             TInput input,
@@ -236,6 +258,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task<TOutput?> PostForAppAsync<TInput, TOutput>(
             string? serviceName,
             TInput input,
@@ -270,6 +295,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task PutForUserAsync<TInput>(
             string? serviceName,
             TInput input,
@@ -303,6 +331,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task<TOutput?> PutForUserAsync<TInput, TOutput>(
             string? serviceName,
             TInput input,
@@ -338,6 +369,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task PutForAppAsync<TInput>(
             string? serviceName,
             TInput input,
@@ -370,6 +404,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task<TOutput?> PutForAppAsync<TInput, TOutput>(
             string? serviceName,
             TInput input,
@@ -406,6 +443,9 @@ ex is InvalidOperationException
 #if !NETFRAMEWORK && !NETSTANDARD2_0
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task PatchForUserAsync<TInput>(
             string? serviceName,
             TInput input,
@@ -439,6 +479,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task<TOutput?> PatchForUserAsync<TInput, TOutput>(
             string? serviceName,
             TInput input,
@@ -474,6 +517,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task PatchForAppAsync<TInput>(
             string? serviceName,
             TInput input,
@@ -506,6 +552,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task<TOutput?> PatchForAppAsync<TInput, TOutput>(
             string? serviceName,
             TInput input,
@@ -542,6 +591,9 @@ ex is InvalidOperationException
 #endif // !NETFRAMEWORK && !NETSTANDARD2_0
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task DeleteForUserAsync<TInput>(
             string? serviceName,
             TInput input,
@@ -575,6 +627,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task<TOutput?> DeleteForUserAsync<TInput, TOutput>(
             string? serviceName,
             TInput input,
@@ -610,6 +665,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task DeleteForAppAsync<TInput>(
             string? serviceName,
             TInput input,
@@ -642,6 +700,9 @@ ex is InvalidOperationException
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async Task<TOutput?> DeleteForAppAsync<TInput, TOutput>(
             string? serviceName,
             TInput input,
diff --git a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.HttpMethods.tt b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.HttpMethods.tt
index 5207d97c0..053d7330a 100644
--- a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.HttpMethods.tt
+++ b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.HttpMethods.tt
@@ -8,6 +8,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Net.Http;
 using System.Security.Claims;
 using System.Threading;
@@ -55,6 +56,9 @@ namespace Microsoft.Identity.Web
      firstMethod = false; 
 #>
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(response, effectiveOptions)")]
+#endif
         public async <#= returnType #> <#= httpMethod #>For<#= token #>Async<#= template #>(
             string? serviceName,
 <# if (hasInput){ #>
diff --git a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
index 118835f2e..71d17fc16 100644
--- a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
+++ b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
@@ -2,13 +2,13 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Net.Http;
 using System.Runtime.CompilerServices;
 using System.Security.Claims;
 using System.Text;
 using System.Text.Json;
-using System.Text.Json.Serialization;
 using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Extensions.Logging;
@@ -97,6 +97,9 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER               
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.SerializeInput<TInput>(TInput, DownstreamApiOptions)")] 
+#endif
         public async Task<TOutput?> CallApiForUserAsync<TInput, TOutput>(
             string? serviceName,
             TInput input,
@@ -121,6 +124,9 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
 
         /// <inheritdoc/>
         [MethodImpl(MethodImplOptions.AggressiveInlining)]
+#if NET6_0_OR_GREATER               
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.SerializeInput<TInput>(TInput, DownstreamApiOptions)")] 
+#endif
         public async Task<TOutput?> CallApiForAppAsync<TInput, TOutput>(
             string? serviceName,
             TInput input,
@@ -143,6 +149,9 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
 
         /// <inheritdoc/>
         [MethodImpl(MethodImplOptions.AggressiveInlining)]
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(HttpResponseMessage, DownstreamApiOptions)")] 
+#endif
         public async Task<TOutput?> CallApiForAppAsync<TOutput>(string serviceName,
             Action<DownstreamApiOptions>? downstreamApiOptionsOverride = null,
             CancellationToken cancellationToken = default) where TOutput : class
@@ -155,6 +164,9 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
         }
 
         /// <inheritdoc/>
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls Microsoft.Identity.Web.DownstreamApi.DeserializeOutput<TOutput>(HttpResponseMessage, DownstreamApiOptions)")]
+#endif
         public async Task<TOutput?> CallApiForUserAsync<TOutput>(
             string? serviceName,
             Action<DownstreamApiOptions>? downstreamApiOptionsOverride = null,
@@ -218,15 +230,11 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
             return clonedOptions;
         }
 
+
+
 #if NET6_0_OR_GREATER
-        [JsonSourceGenerationOptions(WriteIndented = true)]
-        [JsonSerializable(typeof(HttpContent))]
-        [JsonSerializable(typeof(string))]
-        internal partial class SourceGenerationContext : JsonSerializerContext
-        {
-        }
+        [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions)")]
 #endif
-
         private static HttpContent? SerializeInput<TInput>(TInput input, DownstreamApiOptions effectiveOptions)
         {
             HttpContent? effectiveInput;
@@ -241,18 +249,16 @@ internal partial class SourceGenerationContext : JsonSerializerContext
             else
             {
 #pragma warning disable CA2000 // Dispose objects before losing scope
-#if NET6_0_OR_GREATER
-                effectiveInput = new StringContent(JsonSerializer.Serialize(input, typeof(TInput), SourceGenerationContext.Default), Encoding.UTF8, "application/json");
-#else
                 effectiveInput = new StringContent(JsonSerializer.Serialize(input), Encoding.UTF8, "application/json");
-#endif
 #pragma warning restore CA2000 // Dispose objects before losing scope
             }
 
             return effectiveInput;
         }
 
-
+#if NET6_0_OR_GREATER
+        [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Deserialize<TValue>(String, JsonSerializerOptions)")]
+#endif
         private static async Task<TOutput?> DeserializeOutput<TOutput>(HttpResponseMessage response, DownstreamApiOptions effectiveOptions)
              where TOutput : class
         {
@@ -285,11 +291,7 @@ internal partial class SourceGenerationContext : JsonSerializerContext
             else
             {
                 string stringContent = await content.ReadAsStringAsync();
-#if NET6_0_OR_GREATER
-                return (TOutput?)JsonSerializer.Deserialize(stringContent, typeof(TOutput), SourceGenerationContext.Default);
-#else
                 return JsonSerializer.Deserialize<TOutput>(stringContent, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
-#endif
                 }
         }
 

From 96ba4fbae2d001d806d4b893c9189dc822ef2161 Mon Sep 17 00:00:00 2001
From: Westin Musser <westinmusser@microsoft.com>
Date: Fri, 12 May 2023 15:44:04 -0700
Subject: [PATCH 12/13] Clean up whitespace

---
 src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs     | 4 +---
 .../Policy/ScopeAuthorizationHandler.cs                       | 2 --
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
index 71d17fc16..aeaac078c 100644
--- a/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
+++ b/src/Microsoft.Identity.Web.DownstreamApi/DownstreamApi.cs
@@ -230,8 +230,6 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
             return clonedOptions;
         }
 
-
-
 #if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions)")]
 #endif
@@ -292,7 +290,7 @@ public Task<HttpResponseMessage> CallApiForAppAsync(
             {
                 string stringContent = await content.ReadAsStringAsync();
                 return JsonSerializer.Deserialize<TOutput>(stringContent, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
-                }
+            }
         }
 
         private async Task<HttpResponseMessage> CallApiInternalAsync(
diff --git a/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs b/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs
index f4a9eeb1c..af8d416a2 100644
--- a/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs
+++ b/src/Microsoft.Identity.Web/Policy/ScopeAuthorizationHandler.cs
@@ -3,7 +3,6 @@
 
 using System;
 using System.Collections.Generic;
-using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
@@ -36,7 +35,6 @@ public ScopeAuthorizationHandler(IConfiguration configuration)
         /// <param name="context">AuthorizationHandlerContext.</param>
         /// <param name="requirement">Scope authorization requirement.</param>
         /// <returns>Task.</returns>
-
         protected override Task HandleRequirementAsync(
             AuthorizationHandlerContext context,
             ScopeAuthorizationRequirement requirement)

From 561d4a52b5d2d27eac1e68a399b400f435511eea Mon Sep 17 00:00:00 2001
From: Westin Musser <westinmusser@microsoft.com>
Date: Fri, 12 May 2023 15:52:18 -0700
Subject: [PATCH 13/13] add newlines

---
 .../DownstreamWebApiGenericExtensions.cs                        | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiGenericExtensions.cs b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiGenericExtensions.cs
index eb300a82e..141c8b788 100644
--- a/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiGenericExtensions.cs
+++ b/src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiGenericExtensions.cs
@@ -295,6 +295,7 @@ await downstreamWebApi.CallWebApiForUserAsync(
 
             return await ConvertToOutput<TOutput>(response).ConfigureAwait(false);
         }
+
 #if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Serialize<TValue>(TValue, JsonSerializerOptions).")]
 #endif
@@ -302,6 +303,7 @@ private static StringContent ConvertFromInput<TInput>(TInput input)
         {
             return new StringContent(JsonSerializer.Serialize(input), Encoding.UTF8, "application/json");
         }
+
 #if NET6_0_OR_GREATER
         [RequiresUnreferencedCode("Calls System.Text.Json.JsonSerializer.Deserialize<TValue>(String, JsonSerializerOptions).")]
 #endif