AzureAD
AddMicrosoftGraphAppOnly should add singleton service instead of scoped service
Microsoft.Identity.Web Library
Microsoft.Identity.Web
Microsoft.Identity.Web version
3.6.2
Web app
Not Applicable
Web API
Not Applicable
Token cache serialization
Not Applicable
Description
Unlike AddMicrosoftGraph, AddMicrosoftGraphAppOnly uses app permission instead of user permission. So, GraphServiceClient should be added as singleton service in this context.
Reproduction steps
- Add GraphServiceClient via AddMicrosoftGraphAppOnly.
- Get GraphServiceClient from service provider.
Error message
No response
Id Web logs
No response
Relevant code snippets
builder.Services.AddAuthentication().AddMicrosoftIdentityWebApi(builder.Configuration).AddMicrosoftGraphAppOnly();
var app = builder.Build();
var graphServiceClient = app.Services.GetRequiredService<GraphServiceClient>();
Regression
No response
Expected behavior
GraphServiceClient could be retrieved as singleton service.
If you choose to have token acquisition as a singleton, then Graph will also be a singleton
builder.Services.AddAuthentication().
AddMicrosoftIdentityWebApi(builder.Configuration);
builder.Services.AddTokenAcquisition(true); // singleton
buildr.Services.AddMicrosoftGraphAppOnly();
var app = builder.Build();
var graphServiceClient = app.Services.GetRequiredService<GraphServiceClient>();
If you choose to have token acquisition as a singleton, then Graph will also be a singleton
I meant this method
https://github.com/AzureAD/microsoft-identity-web/blob/ae4211e22efa51b7ce544d80f097ee63792e09e7/src/Microsoft.Identity.Web.MicrosoftGraph/MicrosoftGraphExtensions.cs#L99-L120