microsoft-authentication-library-for-dotnet icon indicating copy to clipboard operation
microsoft-authentication-library-for-dotnet copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

[Feature Request] AcquireTokenByIntegratedWindowsAuthentication + WAM should just log in the default user

Open bgavrilMS opened this issue 3 years ago • 3 comments

AcquireTokenSilent(PublicClientApplication.OperatingSystemAccount)

bgavrilMS avatar Mar 01 '22 23:03 bgavrilMS

Similarly, if I am logged in as [email protected] and I say, app.AcquireTokenSilent(scopes, loginHint: "[email protected]") it should just work. Right now, I have to explicitly compare the loginHint to the current UPN and instead call AcquireTokenSilent(scopes, PublicClientApplication.OperatingSystemAccount)

https://github.com/GitCredentialManager/git-credential-manager/pull/830/files

johnterickson avatar Aug 11 '22 16:08 johnterickson

I see three different ways to login as the current user:

  1. AcquireTokenByIntegratedWindowsAuthentication
  2. AcquireTokenSilent(PublicClientApplication.OperatingSystemAccount)
  3. AcquireTokenSilent( loginHint: currentUser.ToString())

Ideally there would be 1 API that MSAL consumers would call and MSAL would attempt the right ones. #3593 brings the MSAL API closer to this by falling back to #2 when #3 is called and would fail.

johnterickson avatar Aug 15 '22 23:08 johnterickson

It's a good candidate for a higher level API, like in Microsoft.Identity.Web

jmprieur avatar Aug 16 '22 00:08 jmprieur