fix build warnings

src/Microsoft.Identity.Web/ITokenAcquisition.cs

@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System.Collections.Generic;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Identity.Client;
@@ -21,8 +22,11 @@ public interface ITokenAcquisition
         /// <param name="scopes">Scopes to request for the downstream API to call.</param>
         /// <param name="tenantId">Enables to override the tenant/account for the same identity. This is useful in the
         /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant.</param>
+        /// <param name="user">Optional claims principal representing the user. If not provided, will use the signed-in
+        /// user (in a web app), or the user for which the token was received (in a web API)
+        /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in.</param>
         /// <returns>An access token to call on behalf of the user, the downstream API characterized by its scopes.</returns>
-        Task<string> GetAccessTokenForUserAsync(IEnumerable<string> scopes, string? tenantId = null);
+        Task<string> GetAccessTokenForUserAsync(IEnumerable<string> scopes, string? tenantId = null, ClaimsPrincipal? user = null);
 
         /// <summary>
         /// Acquires a token from the authority configured in the app, for the confidential client itself (not on behalf of a user)

src/Microsoft.Identity.Web/TokenAcquisition.cs

@@ -180,11 +180,12 @@ public async Task<string> GetAccessTokenOnBehalfOfUserAsync(
         /// </summary>
         /// <param name="scopes">Scopes to request for the downstream API to call.</param>
         /// <param name="tenant">Enables overriding of the tenant/account for the same identity. This is useful in the
-        /// <paramref name="user"/>Optional claims principal representing the user. If not provided, will use the signed-in
-        /// user (in a Web app), or the user for which the token was received (in a Web API)</param>
+        /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in.</param>
+        /// <param name="user">Optional claims principal representing the user. If not provided, will use the signed-in
+        /// user (in a web app), or the user for which the token was received (in a Web API)
         /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in.</param>
         /// <returns>An access token to call the downstream API and populated with this downstream API's scopes.</returns>
-        /// <remarks>Calling this method from a Web API supposes that you have previously called,
+        /// <remarks>Calling this method from a web API supposes that you have previously called,
         /// in a method called by JwtBearerOptions.Events.OnTokenValidated, the HttpContextExtensions.StoreTokenUsedToCallWebAPI method
         /// passing the validated token (as a JwtSecurityToken). Calling it from a Web App supposes that
         /// you have previously called AddAccountToCacheFromAuthorizationCodeAsync from a method called by
@@ -330,7 +331,7 @@ private async Task<IConfidentialClientApplication> GetOrBuildConfidentialClientA
         private async Task<IConfidentialClientApplication> BuildConfidentialClientApplicationAsync()
         {
             var request = CurrentHttpContext?.Request;
-            string currentUri = null;
+            string? currentUri = null;
             if (request != null)
             {
                 currentUri = UriHelper.BuildAbsolute(
@@ -356,7 +357,7 @@ private async Task<IConfidentialClientApplication> BuildConfidentialClientApplic
                         .WithHttpClientFactory(_httpClientFactory);
 
                 // The redirect URI is not needed for OBO
-                if (currentUri != null)
+                if (!string.IsNullOrEmpty(currentUri))
                 {
                     builder.WithRedirectUri(currentUri);
                 }