Trim and AOT-incompatible APIs with .NET 9

[anuchandy]

Microsoft.Identity.Web Library

Microsoft.Identity.Web

Microsoft.Identity.Web version

4.0.0

Web app

Sign-in users and call web APIs

Web API

Protected web APIs call downstream web APIs

Token cache serialization

In-memory caches

Description

While trying to use Microsoft.Identity.Web (4.0.0) with an AOT-compatible application (Azure MCP Server), we encountered trimmer errors summarized in the below table.

Component	Method	Issue	Root Cause
MicrosoftIdentityWebApiAuthenticationBuilderExtensions	<AddMicrosoftIdentityWebApi>b__0(JwtBearerOptions)	IL2026	ConfigurationBinder.Bind(IConfiguration, Object) requires unreferenced code
MicrosoftIdentityWebApiAuthenticationBuilderExtensions	<AddMicrosoftIdentityWebApi>b__1(JwtBearerOptions)	IL2026	ConfigurationBinder.Bind(IConfiguration, Object) requires unreferenced code
MicrosoftIdentityWebApiAuthenticationBuilderExtensions	<AddMicrosoftIdentityWebApi>b__2(MicrosoftIdentityOptions)	IL2026	ConfigurationBinder.Bind(IConfiguration, Object) requires unreferenced code
MicrosoftIdentityWebApiAuthenticationBuilder	EnableTokenAcquisitionToCallDownstreamApi()	IL2026	Constructor chain requires unreferenced code
MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration	<EnableTokenAcquisitionToCallDownstreamApi>b__1_0(ConfidentialClientApplicationOptions)	IL2026	ConfigurationBinder.Bind(IConfiguration, Object) requires unreferenced code
ScopeOrAppPermissionAuthorizationHandler	HandleRequirementAsync()	IL2026	ConfigurationBinder.GetValue<T>() requires unreferenced code
WebApiBuilders	<EnableTokenAcquisition>b__0(MicrosoftIdentityApplicationOptions)	IL2026	ConfigurationBinder.Bind(IConfiguration, Object) requires unreferenced code
WebApiBuilders	<EnableTokenAcquisition>b__1(MicrosoftIdentityOptions)	IL2026	ConfigurationBinder.Bind(IConfiguration, Object) requires unreferenced code
MicrosoftIdentityBaseAuthenticationBuilder	Constructor	IL2026	ConfigurationBinder.Bind(IConfiguration, Object) requires unreferenced code
MicrosoftIdentityBaseAuthenticationBuilder	SetIdentityModelLogger()	IL2026	ConfigurationBinder.GetValue<T>() requires unreferenced code
WebApiBuilders	EnableTokenAcquisition()	IL2026	Constructor chain requires unreferenced code

Affected Methods:

• MicrosoftIdentityWebApiAuthenticationBuilder.EnableTokenAcquisitionToCallDownstreamApi()
• WebApiBuilders.EnableTokenAcquisition()

Reproduction steps

repro-aot-identity-web.zip

Please use attached repro code and build it with

dotnet publish -c Release --self-contained -p:PublishTrimmed=true -p:PublishSingleFile=true --runtime osx-arm64

Error message

The build will report the following trimmer errors

  IdentityWebAotRepro failed with 12 error(s) (28.7s) → bin/Release/net9.0/osx-arm64/IdentityWebAotRepro.dll
    ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.<>c__DisplayClass1_0.<AddMicrosoftIdentityWebApi>b__0(JwtBearerOptions): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed.
    ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.<>c__DisplayClass1_0.<AddMicrosoftIdentityWebApi>b__1(JwtBearerOptions): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed.
    ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.<>c__DisplayClass1_0.<AddMicrosoftIdentityWebApi>b__2(MicrosoftIdentityOptions): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed.
    ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilder.EnableTokenAcquisitionToCallDownstreamApi(Action<ConfidentialClientApplicationOptions>): Using member 'Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder(IServiceCollection, IConfigurationSection)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection).
    ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.<EnableTokenAcquisitionToCallDownstreamApi>b__1_0(ConfidentialClientApplicationOptions): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed.
    ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.ScopeOrAppPermissionAuthorizationHandler.HandleRequirementAsync(AuthorizationHandlerContext, ScopeOrAppPermissionAuthorizationRequirement): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue<T>(IConfiguration, String)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. In case the type is non-primitive, the trimmer cannot statically analyze the object's type so its members may be trimmed.
    ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.Internal.WebApiBuilders.<>c__DisplayClass0_0.<EnableTokenAcquisition>b__0(MicrosoftIdentityApplicationOptions): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed.
    ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.Internal.WebApiBuilders.<>c__DisplayClass0_0.<EnableTokenAcquisition>b__1(MicrosoftIdentityOptions): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed.
    ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed.
    ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.SetIdentityModelLogger(IServiceProvider): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue<T>(IConfiguration, String)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. In case the type is non-primitive, the trimmer cannot statically analyze the object's type so its members may be trimmed.
    ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.Internal.WebApiBuilders.EnableTokenAcquisition(Action<ConfidentialClientApplicationOptions>, String, IServiceCollection, IConfigurationSection): Using member 'Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder(IServiceCollection, IConfigurationSection)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection).
    /Users/anuchandy/.nuget/packages/microsoft.net.illink.tasks/9.0.7/build/Microsoft.NET.ILLink.targets(96,5): error NETSDK1144: Optimizing assemblies for size failed.

Build failed with 12 error(s) in 34.5s

Id Web logs

No response

Relevant code snippets

Please use the ready-to-run attached project — it essentially uses the same following code.

### program.cs

#
using System.Collections.Generic;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.AspNetCore.Routing;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Identity.Web;

var builder = WebApplication.CreateBuilder(args);

// Configure forwarded headers for reverse proxy scenarios
builder.Services.Configure<ForwardedHeadersOptions>(options =>
{
    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
    options.KnownNetworks.Clear();
    options.KnownProxies.Clear();
});

// Add HTTP context accessor
builder.Services.AddHttpContextAccessor();

// Create Azure AD configuration similar to real-world scenarios
var azureAdConfig = CreateAzureAdConfiguration();

// This is where AOT violations likely occur
builder.Services.AddMicrosoftIdentityWebApiAuthentication(azureAdConfig, "AzureAd")
    .EnableTokenAcquisitionToCallDownstreamApi()
    .AddInMemoryTokenCaches();

var app = builder.Build();

// Configure middleware pipeline
app.UseForwardedHeaders();
app.UseAuthentication();
app.UseAuthorization();

// Simple endpoint that requires authentication
app.MapGet("/api/health", () => "OK")
   .RequireAuthorization();

app.Run();

static IConfiguration CreateAzureAdConfiguration()
{
    // Sample configuration that mimics real Azure AD settings
    var configData = new Dictionary<string, string?>
    {
        ["AzureAd:Instance"] = "https://login.microsoftonline.com/",
        ["AzureAd:TenantId"] = "12345678-1234-1234-1234-123456789012",
        ["AzureAd:ClientId"] = "87654321-4321-4321-4321-210987654321", 
        ["AzureAd:Audience"] = "api://my-api",
        ["AzureAd:ClientSecret"] = "fake-client-secret-for-testing"
    };

    return new ConfigurationBuilder()
        .AddInMemoryCollection(configData)
        .Build();
}



### csproj


<Project Sdk="Microsoft.NET.Sdk.Web">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>net9.0</TargetFramework>
    <Nullable>enable</Nullable>
    <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
    <IsAotCompatible>true</IsAotCompatible>
    <PublishSingleFile>false</PublishSingleFile>
    <SelfContained>false</SelfContained>
    <PublishTrimmed>false</PublishTrimmed>
  </PropertyGroup>

  <!-- Enable Trim and AOT Analyzers -->
  <PropertyGroup>
    <EnableAotAnalyzer>true</EnableAotAnalyzer>
    <EnableTrimAnalyzer>true</EnableTrimAnalyzer>
    <EnableSingleFileAnalyzer>true</EnableSingleFileAnalyzer>
    <TrimmerSingleWarn>false</TrimmerSingleWarn>
    <SuppressTrimAnalysisWarnings>false</SuppressTrimAnalysisWarnings>
  </PropertyGroup>

  <ItemGroup>
    <!-- Microsoft Identity Web package that causes AOT violations -->
    <PackageReference Include="Microsoft.Identity.Web" Version="4.0.0" />
  </ItemGroup>

</Project>

Regression

No response

Expected behavior

The library should be AOT-clean. Based on our internal discussion, this appears to be a flow that wasn’t caught by the existing gates.

[jmprieur]

@anuchandy thanks for your feedback We are aware of some issues but don't want to break a lot of people at this time. We'll have a solution with C# 15 (.NET 10) in a few weeks using extension properties. See also this PR: https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/pull/178

Aside, if you are internal, you should be using MISE not JwtBearer.

If you don't / can't use MISE:

• instead of calling EnableTokenAcquisition()
• remove this call and use services.AddTokenAcquisition() which is trimmable

[anuchandy]

Thank you, @jmprieur. This isn’t an internal scenario, so we can’t use MISE.

If we use the trim-compatible AddTokenAcquisition instead of the trim-non-compatible EnableTokenAcquisitionToCallDownstreamApi, will we still be able to use ITokenAcquisition.GetAccessTokenForUserAsync(scopes) or MicrosoftIdentityTokenCredential to perform OBO?

(Tagging @vukelich, who is working on enabling OBO in the Azure MCP Server.)

[jmprieur]

Sure you can use AddTokenAcquisition. This does the same. Ping me if you haver any issue

you don't want to use ITokenAcquisition btw this is the old interface. Use IAuthorizationHeaderProvider, IDownstreamApi or the other helpers. see the docs in this PR: https://github.com/AzureAD/microsoft-identity-web/pull/3558

[vukelich]

Hey @jmprieur, I'll try to break this down in terms of "needs," "helpful for Ignite," and "post-Ignite." I'll also break this down in terms of incoming request auth (e.g., validating Authorization headers for web APIs accepting Entra OAuth 2.0 Bearer tokens) and outgoing request auth (e.g., creating on-behalf-of OAuth 2.0 Bearer tokens for our application's downstream dependencies).

EDIT 2025-10-27 1:46 PM Pacific Time: fixed a minor issue about ScopeOrAppPermissionAuthorizationHandler.

Incoming authentication and authorization

NEED: Setup of Microsoft.AspNetCore.Builder.WebApplicationBuilder using AddMicrosoftIdentityWebApi(...)

Why "need"?

• It's our understand that this is required for setting up incoming HTTP request authentication and authorization for Entra ID-backed web APIs.

We call

• Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApi(...) signature overload at line 43

Internal call-stack

• Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApi(...) signature overload at line 75
  • Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(...) signature overload at line 122
    • HAS RequiresUnreferencedCode
  • Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApiImplementation(...)
    • Microsoft.Identity.Web.RequiredScopeOrAppPermissionExtensions.AddRequiredScopeOrAppPermissionAuthorization(...)
      • Depedency injection generic type reference to Microsoft.Identity.Web.ScopeOrAppPermissionAuthorizationHandler
        • Microsoft.Identity.Web.ScopeOrAppPermissionAuthorizationHandler.HandleRequirementAsync(...)
          • Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue<T>(...) signature overload at line 155
            • HAS RequiresUnreferencedCode
    • MicrosoftIdentityBaseAuthenticationBuilder.SetIdentityModelLogger(...)
      • Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue<T>(...) signature overload at line 155
        • HAS RequiresUnreferencedCode
  • Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.ctor(...)
    • Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilder.ctor(...)
      • Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.ctor(...)
        • Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(...) signature overload at line 122
          • HAS RequiresUnreferencedCode

Compilation errors

Since ConfigurationBinder.Bind(...) is called three times within an overload of MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApi(...), we see three identical AOT-related errors below. @vukelich has created links within each of these errors to point directly to the AOT-incompatible method call.

ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.<>c__DisplayClass1_0.<AddMicrosoftIdentityWebApi>b__0(JwtBearerOptions): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed. [Q:\c\microsoft-mcp\servers\Azure.Mcp.Server\src\Azure.Mcp.Server.csproj]

ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.<>c__DisplayClass1_0.<AddMicrosoftIdentityWebApi>b__1(JwtBearerOptions): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed. [Q:\c\microsoft-mcp\servers\Azure.Mcp.Server\src\Azure.Mcp.Server.csproj]

ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderExtensions.<>c__DisplayClass1_0.<AddMicrosoftIdentityWebApi>b__2(MicrosoftIdentityOptions): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed. [Q:\c\microsoft-mcp\servers\Azure.Mcp.Server\src\Azure.Mcp.Server.csproj]

ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.SetIdentityModelLogger(IServiceProvider): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue<T>(IConfiguration, String)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. In case the type is non-primitive, the trimmer cannot statically analyze the object's type so its members may be trimmed. [Q:\c\microsoft-mcp\servers\Azure.Mcp.Server\src\Azure.Mcp.Server.csproj]

ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed. [Q:\c\microsoft-mcp\servers\Azure.Mcp.Server\src\Azure.Mcp.Server.csproj]

ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.ScopeOrAppPermissionAuthorizationHandler.HandleRequirementAsync(AuthorizationHandlerContext, ScopeOrAppPermissionAuthorizationRequirement): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue<T>(IConfiguration, String)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. In case the type is non-primitive, the trimmer cannot statically analyze the object's type so its members may be trimmed. [Q:\c\microsoft-mcp\servers\Azure.Mcp.Server\src\Azure.Mcp.Server.csproj]

UNSURE: RequireScopeOrAppPermission(...) indirectly requires type ScopeOrAppPermissionAuthorizationHandler

Why "unsure"?

• We can write auth middleware ourselves to look at OAuth claims, but the violation is happening within an indirect dependency.
• This is actually a subset of the above case since MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApi(...)'s dependencies will reference the type Microsoft.Identity.Web.ScopeOrAppPermissionAuthorizationHandler.

We call

• Microsoft.Identity.Web.PolicyBuilderExtensions.RequireScopeOrAppPermission(...)

Internally calls

• No actual direct call-stack issue here. Again, this is called out as a separate ask item because it's a subpath under MicrosoftIdentityWebApiAuthenticationBuilderExtensions.AddMicrosoftIdentityWebApi that we depend on through auth policy handlers.

Compilation errors

See Microsoft.Identity.Web.ScopeOrAppPermissionAuthorizationHandler.HandleRequirementAsync violation above.

Outgoing/downstream authentication

POSSIBLE POST-IGNITE: EnableTokenAcquisitionToCallDownstreamApi to satisfy AddMicrosoftIdentityAzureTokenCredential

Why "post-Ignite"?

• We were calling this because we were using MicrosoftIdentityTokenCredential instructions. The microsoft/mcp code base relies on the Azure SDK's TokenCredential type for calling downstream APIs. MicrosoftIdentityTokenCredential coming from dependency injection looked to be a very easy type to use to make on-behalf-of calls from the remote MCP server because it encapsulates calling Entra's endpoint for token exchange. MicrosoftIdentityTokenCredential and its underlying dependencies will grab the authenticated incoming Authorization Bearer token value as a user-assertion and the configured confidential client ID, client assertions, etc. from IConfiguration that are all needed for Entra's token endpoint.
• We can do most of this ourselves. We can try to find the authenticated Authorization Bearer token (being careful in situations with multiple header values). For client assertions, we can manually support a limited set of confidential client configurations, such as only signed MI. Microsoft.Identity.Web and Microsoft.Identity.Web.Azure usage would save our team development time and provide flexibility for customers hosting the microsoft/mcp Azure MCP server themselves.

Compilation errors

ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilder.EnableTokenAcquisitionToCallDownstreamApi(Action<ConfidentialClientApplicationOptions>): Using member 'Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder(IServiceCollection, IConfigurationSection)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection). [Q:\c\microsoft-mcp\servers\Azure.Mcp.Server\src\Azure.Mcp.Server.csproj]

ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.MicrosoftIdentityWebApiAuthenticationBuilderWithConfiguration.<EnableTokenAcquisitionToCallDownstreamApi>b__1_0(ConfidentialClientApplicationOptions): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed. [Q:\c\microsoft-mcp\servers\Azure.Mcp.Server\src\Azure.Mcp.Server.csproj]

ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.Internal.WebApiBuilders.<>c__DisplayClass0_0.<EnableTokenAcquisition>b__0(MicrosoftIdentityApplicationOptions): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed. [Q:\c\microsoft-mcp\servers\Azure.Mcp.Server\src\Azure.Mcp.Server.csproj]

ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.Internal.WebApiBuilders.<>c__DisplayClass0_0.<EnableTokenAcquisition>b__1(MicrosoftIdentityOptions): Using member 'Microsoft.Extensions.Configuration.ConfigurationBinder.Bind(IConfiguration, Object)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Cannot statically analyze the type of instance so its members may be trimmed. [Q:\c\microsoft-mcp\servers\Azure.Mcp.Server\src\Azure.Mcp.Server.csproj]

ILLink : Trim analysis error IL2026: Microsoft.Identity.Web.Internal.WebApiBuilders.EnableTokenAcquisition(Action<ConfidentialClientApplicationOptions>, String, IServiceCollection, IConfigurationSection): Using member 'Microsoft.Identity.Web.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder.MicrosoftIdentityAppCallsWebApiAuthenticationBuilder(IServiceCollection, IConfigurationSection)' which has 'RequiresUnreferencedCodeAttribute' can break functionality when trimming application code. Calls Microsoft.Identity.Web.MicrosoftIdentityBaseAuthenticationBuilder.MicrosoftIdentityBaseAuthenticationBuilder(IServiceCollection, IConfigurationSection). [Q:\c\microsoft-mcp\servers\Azure.Mcp.Server\src\Azure.Mcp.Server.csproj]