microsoft-identity-web icon indicating copy to clipboard operation
microsoft-identity-web copied to clipboard
verified publisher icon AzureAD

Add first class IHostedService support for Microsoft.NET.Sdk.Worker projects

Open DavidParks8 opened this issue 1 year ago • 1 comments

Summary

I would like to propose a high level Microsoft.Identity.Worker package which has zero dependencies on aspnetmvc libraries, made specifically for IHostedServices that exist in console apps rather than web apis.

Motivation and goals

I have a need to utilize ITokenAcquisition within an IHostedService of a .net core console app. Existing examples that I could find use TokenAcquirerFactory.GetDefaultInstance(), but this isn't sufficient for my usecase because it hardcodes where it gets the config from (assumes env settings and appSettings.json, rather than other sources as well) and because it won't have knowledge of any of the other dependency injected services that have already been registered within Host.CreateDefaultBuilder.ConfigureServices.

Upon further investigation, various pieces of Microsoft.Identity.Web are tightly coupled to aspnet core namespaces and types, such as IHttpContextAccessor, which are not relevant to console apps. These additional dependencies lead to bloated apps when trimming and utilizing aot compilation.

The Microsoft.Identity.Worker package should be designed for use with the Microsoft.NET.Sdk.Worker project template, taking full advantage of the serviceCollection and IConfiguration provided in the template.

For my usecase, I explicitly need support for the following method carried over to the new package as well:

        tokenAcquisition.GetAccessTokenForUserAsync(
           new[] { $"{url}/.default" },
           tokenAcquisitionOptions: new TokenAcquisitionOptions() { LongRunningWebApiSessionKey = "example" })

In scope

  • Microsoft.Identity.Worker.TokenAcquisition
  • Microsoft.Identity.Worker.DownstreamApi
  • Microsoft.Identity.Worker.Azure

Out of scope

  • Microsoft.Identity.Web.UI

Risks / unknowns

Users may misuse this by attempting to use it in a web api project. This could be mitigated with very clear and abundant docs with working examples and explanations of the differences between packages, as well as good readmes in each nuget package for display on nuget.org.

Examples

// Copyright (c) Microsoft Corporation. All rights reserved.

var host = Host.CreateDefaultBuilder(args)
...
    .ConfigureServices((context, services) =>
    {
        services.AddMicrosoftIdentityWorker(context.Configuration);
        // the intention would be to add nearly the same api surface as Microsoft.Identity.Web minus the web api-specific stuff.
    })
    .Build();

await host.RunAsync();

DavidParks8 avatar Jan 10 '24 20:01 DavidParks8

Hi @DavidParks8

Here is a PR with a sample (and a fix to DownstreamApiExtensions) that shows how to use IdWeb / Downstream Api in a worker: https://github.com/AzureAD/microsoft-identity-web/pull/2645

Would that work for you? Also note that in term of services, given there is no authentication middleware, this does not draw dependencies on ASP.NET Core services, so NativeAoT should not be a problem

jmprieur avatar Jan 18 '24 03:01 jmprieur