Skip to content

Commit

Permalink
update to msal4.30 + pkce support (#1152)
Browse files Browse the repository at this point in the history
* update to msal4.30 + pkce support

* re-add pcke option
  • Loading branch information
jennyf19 authored Apr 22, 2021
1 parent bba91c4 commit b93c676
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 3 deletions.
2 changes: 1 addition & 1 deletion src/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
<PackageReference Include="Microsoft.Identity.Client" Version="4.29.0" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.30.0" />

<PackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.205">
<PrivateAssets>all</PrivateAssets>
Expand Down
5 changes: 4 additions & 1 deletion src/Microsoft.Identity.Web/TokenAcquisition.cs
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
using System.Security.Claims;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication.OAuth;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.AspNetCore.Http;
Expand Down Expand Up @@ -151,12 +152,14 @@ public async Task AddAccountToCacheFromAuthorizationCodeAsync(
{
var application = GetOrBuildConfidentialClientApplication();

context.TokenEndpointRequest.Parameters.TryGetValue(OAuthConstants.CodeVerifierKey, out string? codeVerifier);
// Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it and will not send the OAuth 2.0 request in
// case a further call to AcquireTokenByAuthorizationCodeAsync in the future is required for incremental consent (getting a code requesting more scopes)
// Share the ID token though
var builder = application
.AcquireTokenByAuthorizationCode(scopes.Except(_scopesRequestedByMsal), context.ProtocolMessage.Code)
.WithSendX5C(_microsoftIdentityOptions.SendX5C);
.WithSendX5C(_microsoftIdentityOptions.SendX5C)
.WithPkceCodeVerifier(codeVerifier);

if (_microsoftIdentityOptions.IsB2C)
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,6 @@ internal static void WebAppCallsWebApiImplementation(
.Configure<IServiceProvider>((options, serviceProvider) =>
{
options.ResponseType = OpenIdConnectResponseType.Code;
options.UsePkce = false;

// This scope is needed to get a refresh token when users sign-in with their Microsoft personal accounts
// It's required by MSAL.NET and automatically provided when users sign-in with work or school accounts
Expand Down

0 comments on commit b93c676

Please sign in to comment.