add token acquisition options

src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApi.cs

@@ -74,7 +74,9 @@ public async Task<HttpResponseMessage> CallWebApiForUserAsync(
             string accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(
                 effectiveOptions.GetScopes(),
                 effectiveOptions.Tenant,
-                userflow)
+                userflow,
+                user,
+                effectiveOptions.TokenAcquisitionOptions)
                 .ConfigureAwait(false);
 
             HttpResponseMessage response;
@@ -175,7 +177,8 @@ public async Task<HttpResponseMessage> CallWebApiForAppAsync(
 
             string accessToken = await _tokenAcquisition.GetAccessTokenForAppAsync(
                 effectiveOptions.Scopes,
-                effectiveOptions.Tenant)
+                effectiveOptions.Tenant,
+                effectiveOptions.TokenAcquisitionOptions)
                 .ConfigureAwait(false);
 
             HttpResponseMessage response;

src/Microsoft.Identity.Web/DownstreamWebApiSupport/DownstreamWebApiOptions.cs

@@ -46,6 +46,11 @@ public class DownstreamWebApiOptions
         /// </summary>
         public HttpMethod HttpMethod { get; set; } = HttpMethod.Get;
 
+        /// <summary>
+        ///  Options passed-in to create the token acquisition object which calls into MSAL .NET.
+        /// </summary>
+        public TokenAcquisitionOptions TokenAcquisitionOptions { get; set; } = new TokenAcquisitionOptions();
+
         /// <summary>
         /// Clone the options (to be able to override them).
         /// </summary>
@@ -60,6 +65,7 @@ public DownstreamWebApiOptions Clone()
                 Tenant = Tenant,
                 UserFlow = UserFlow,
                 HttpMethod = HttpMethod,
+                TokenAcquisitionOptions = TokenAcquisitionOptions.Clone(),
             };
         }
 

src/Microsoft.Identity.Web/ITokenAcquisition.cs

@@ -26,12 +26,14 @@ public interface ITokenAcquisition
         /// <param name="user">Optional claims principal representing the user. If not provided, will use the signed-in
         /// user (in a web app), or the user for which the token was received (in a web API)
         /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in.</param>
+        /// <param name="tokenAcquisitionOptions">Options passed-in to create the token acquisition object which calls into MSAL .NET.</param>
         /// <returns>An access token to call on behalf of the user, the downstream API characterized by its scopes.</returns>
         Task<string> GetAccessTokenForUserAsync(
             IEnumerable<string> scopes,
             string? tenantId = null,
             string? userFlow = null,
-            ClaimsPrincipal? user = null);
+            ClaimsPrincipal? user = null,
+            TokenAcquisitionOptions? tokenAcquisitionOptions = null);
 
         /// <summary>
         /// Typically used from an ASP.NET Core web app or web API controller, this method gets an access token
@@ -45,12 +47,14 @@ Task<string> GetAccessTokenForUserAsync(
         /// <param name="user">Optional claims principal representing the user. If not provided, will use the signed-in
         /// user (in a web app), or the user for which the token was received (in a web API)
         /// cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in.</param>
+        /// <param name="tokenAcquisitionOptions">Options passed-in to create the token acquisition object which calls into MSAL .NET.</param>
         /// <returns>An <see cref="AuthenticationResult"/> to call on behalf of the user, the downstream API characterized by its scopes.</returns>
         Task<AuthenticationResult> GetAuthenticationResultForUserAsync(
             IEnumerable<string> scopes,
             string? tenantId = null,
             string? userFlow = null,
-            ClaimsPrincipal? user = null);
+            ClaimsPrincipal? user = null,
+            TokenAcquisitionOptions? tokenAcquisitionOptions = null);
 
         /// <summary>
         /// Acquires a token from the authority configured in the app, for the confidential client itself (not on behalf of a user)
@@ -63,8 +67,12 @@ Task<AuthenticationResult> GetAuthenticationResultForUserAsync(
         /// several calls to get tokens for other resources).</param>
         /// <param name="tenant">Enables overriding of the tenant/account for the same identity. This is useful in the
         /// cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant.</param>
+        /// <param name="tokenAcquisitionOptions">Options passed-in to create the token acquisition object which calls into MSAL .NET.</param>
         /// <returns>An access token for the app itself, based on its scopes.</returns>
-        Task<string> GetAccessTokenForAppAsync(string scope, string? tenant = null);
+        Task<string> GetAccessTokenForAppAsync(
+            string scope,
+            string? tenant = null,
+            TokenAcquisitionOptions? tokenAcquisitionOptions = null);
 
         /// <summary>
         /// Used in web APIs (which therefore cannot have an interaction with the user).