jennyf19

@brentschmaltz this needs to be merged into rel/v2, not master.

@GeorgeTTD you found the right page, and more is explained [here](https://github.com/AzureAD/microsoft-identity-web/blob/bba91c4298411e780c9f082e8e3843eacd8e543c/tests/AjaxCallActionsWithDynamicConsent/Views/Home/AjaxAction.cshtml). let us know if this is enough and you're able to resolve your issue.

@creativebrother do you have any thoughts on this one? thanks.

not on my end @GeorgeTTD I hope to have time next week to revisit this.

@jc-msft try moving the condition for validating the token to before it's validated. that should resolve the issue. ```csharp services.Configure(JwtBearerDefaults.AuthenticationScheme, (JwtBearerOptions options) => { // Your code to add extra...

i believe this is resolved. closing, but feel free to reopen

@jpda can you send me a repro? thx.

@jpda thanks so much. [here](https://github.com/jpda/restricted-issuer/blob/main/Program.cs#L15) you need to configure the `OpenIdConnectOptions` not the `MicrosoftIdentityOptions` and just set either `ValidIssuer` or `ValidIssuers` but not both.

@matiasdellea27 have you seen our [documentation](https://github.com/AzureAD/microsoft-identity-web/wiki/multiple-authentication-schemes) on using multiple-auth schemes? You'll need to define a separate cookie scheme for one of the auth schemes.

@matiasdellea27 The first `services.AddAuthentication(Microsoft.Identity.Web.Constants.AzureAd)` needs to define the default scheme. A second issue is you cannot call graph w/B2C, so you would need to move this: ```csharp .EnableTokenAcquisitionToCallDownstreamApi(initialScopes) .AddMicrosoftGraph(graphBaseUrl, userReadScope)...