microsoft-identity-web icon indicating copy to clipboard operation
microsoft-identity-web copied to clipboard
verified publisher icon AzureAD

A daemon or OWIN app should only reference Microsoft.Identity.Web.TokenAcquisition and use ITokenAcquirer

Open jmprieur opened this issue 3 years ago • 2 comments

Why? ITokenAcquirer is the new interface to acquire tokens. This is the interface to use for SDK and OWIN. It will also be available in ASP.NET Core. but we'll also keep ITokenAcquisition for backward compatibility.

What? A daemon app or an OWIN app should only reference Microsoft.Identity.Web.TokenAcquisition (not Microsoft.Identity.Web), and use ITokenAcquirerFactory and ITokenAcquirer (Not ITokenAcquisition)

using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Graph;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.TokenCacheProviders.Distributed;

namespace daemon_console
{
    /// <summary>
    /// This sample shows how to query the Microsoft Graph from a daemon application
    /// which uses application permissions.
    /// For more information see https://aka.ms/msal-net-client-credentials
    /// </summary>
    class Program
    {
        static async Task Main(string[] args)
        {
            TokenAcquirerFactory tokenAcquirerFactory = TokenAcquirerFactory.GetDefaultInstance();
            IConfiguration configuration = tokenAcquirerFactory.Configuration;
            IServiceCollection services = tokenAcquirerFactory.Services;

// That's what needs to be done today, and that we don't want to have any longer
//            services.Configure<MicrosoftIdentityOptions>(option => configuration.Bind(option));

// That's what we want to have
            services.Configure<MicrosoftAuthenticationOptions>(option => configuration.Bind(option));
            services.AddMicrosoftGraph();

            // Add a cache
            services.AddDistributedTokenCaches();

            var serviceProvider = tokenAcquirerFactory.Build();

            GraphServiceClient graphServiceClient = serviceProvider.GetRequiredService<GraphServiceClient>();
            var users = await graphServiceClient.Users
                .Request()
                .WithAppOnly()
                .GetAsync();
            Console.WriteLine($"{users.Count} users");
        }
    }
}

Work

  • [x] Enable TokenAcquisition to work out of MicrosoftAuthenticationOptions. This means that MergedOptions needs to also support MicrosoftAuthenticationOptions.
  • [ ] Do no longer provide MicrosoftIdentityOptions on net472 and net462, only MicrosoftAuthenticationOptions.
  • [ ] We might want to obsolete MicrosoftIdentityOptions in ASP.NET Core with a soft obsolete attribute?

jmprieur avatar Jul 26 '22 02:07 jmprieur

See also " Item statusDraft Obsolete MicrosoftIdentityOptions and recommend MicrosoftAuthenticationOptions"

jmprieur avatar Jul 26 '22 02:07 jmprieur

PR https://github.com/AzureAD/microsoft-identity-web/pull/1824

jmprieur avatar Jul 26 '22 03:07 jmprieur

Fixed in Rel/v2

jmprieur avatar Dec 28 '22 04:12 jmprieur