microsoft-identity-web icon indicating copy to clipboard operation
microsoft-identity-web copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

[Feature Request] Support for simple usage of TokenAcquisition

Open qetza opened this issue 3 years ago • 3 comments

Is your feature request related to a problem? Please describe. I want to be able to use ITokenAcquisition in an unauthenticated host (for example a queue triggered azure function) with minimal configuration.

Currently i need to have the following code in my startup:

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApi(
        options => { ... }, // JwtBearerOptions
        options => { ... } // MicrosoftIdentityOptions
        ).EnableTokenAcquisitionToCallDownstreamApi(
            options => { ... } // ConfidentialClientApplicationOptions
        ).AddInMemoryTokenCaches();

This is misleading as it seems i'm adding authentication where it is only there so that it can configure the internal MergedOptions.

Describe the solution you'd like I want to be able to register the ITokenAcquisition service with minimal method calls and not confusion with authentication:

services.AddTokenAcquisition(
    JwtBearerDefaults.AuthenticationScheme // default authentication scheme
    options => { ... }, // MicrosoftIdentityOptions
    options => { ... } // ConfidentialClientApplicationOptions
    ).AddInMemoryTokenCaches();

This would internally do what AddMicrosoftIdentityWebApiImplementation and CallsWebApiImplementation do.

Describe alternatives you've considered Current solution with AddAuthentication works but is misleading and may register services that a not required.

Additional context Add any other context or screenshots about the feature request here.

qetza avatar Jul 27 '21 09:07 qetza

@qetza this is a nice proposal, but we had to get our API approved from ASP.NET Core team, so I don't think we have much flexibility here. Will add it to our considerations for next major version. We also need to pass in the JwtBearerOptions as well. You should be able to write an extension method, if you need help, let us know.

jennyf19 avatar Jul 28 '21 16:07 jennyf19

I'm facing the same problem and did not manage to write an extension method like suggested that does not depend on calling AddAuthentication. @jennyf19 any help?

aKzenT avatar Jul 29 '22 20:07 aKzenT

@qetza @aKzenT : we are working on providing an experience to do that in our next major version of Microsoft.Identity.Web. For a preview see how this would work from a daemon app: https://github.com/AzureAD/microsoft-identity-web/blob/rel/v2/tests/daemon-app/Daemon-app/Program.cs

Disclaimer: things might change a bit.

jmprieur avatar Jul 30 '22 01:07 jmprieur

@qetza @aKzenT In rel/v2 (Microsoft.Identity.Web 2.x, you can now add token acquisition directly and this works for ASP.NET core, ASP.NET MVC and daemon scenarios. https://github.com/AzureAD/microsoft-identity-web/wiki/v2.0

jmprieur avatar Dec 28 '22 04:12 jmprieur