diff --git a/src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs b/src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs
index 5b5fe0e5b..2356b5643 100644
--- a/src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs
+++ b/src/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs
@@ -49,10 +49,7 @@ public override void OnException(ExceptionContext context)
{
if (context != null)
{
- MsalUiRequiredException? msalUiRequiredException =
- (context.Exception as MsalUiRequiredException)
- ?? (context.Exception?.InnerException as MsalUiRequiredException);
-
+ MsalUiRequiredException? msalUiRequiredException = FindMsalUiRequiredExceptionIfAny(context.Exception);
if (msalUiRequiredException != null &&
IncrementalConsentAndConditionalAccessHelper.CanBeSolvedByReSignInOfUser(msalUiRequiredException))
{
@@ -107,5 +104,27 @@ public override void OnException(ExceptionContext context)
base.OnException(context);
}
+
+ ///
+ /// Finds an MsalUiRequiredException in one of the inner exceptions.
+ ///
+ /// Exception from which we look for an MsalUiRequiredException.
+ /// The MsalUiRequiredException if there is one, null, otherwise.
+ private MsalUiRequiredException? FindMsalUiRequiredExceptionIfAny(Exception exception)
+ {
+ MsalUiRequiredException? msalUiRequiredException = exception as MsalUiRequiredException;
+ if (msalUiRequiredException != null)
+ {
+ return msalUiRequiredException;
+ }
+ else if (exception.InnerException != null)
+ {
+ return FindMsalUiRequiredExceptionIfAny(exception.InnerException);
+ }
+ else
+ {
+ return null;
+ }
+ }
}
}