[Bug] Experimental Feature Oidc Authority #4791
Comments
Hatzman91
added
needs attention
bgavrilMS
added
Feature Request
public-client
and removed
untriaged
|
Which "AcquireToken" method do you use? |
Possibly the username password flow, as it is the only flow in MSAL that may run the user realm discovery code path. Speaking of username password flow, it shall - if it has not already - bypass user realm discovery when running in WithOidcAuthority mode. |
+1 yes, that is the correct fix. ROPC should attempt user realm discovery etc only for AAD authority. All else should implement only OAUTH protocol. |
…#4794) * Fix for #4791 * Fix for #4791 * fix --------- Co-authored-by: Neha Bhargava <[email protected]>
Library version used
4.61.1
.NET version
.NET 7.0
Scenario
PublicClient - mobile app
Is this a new or an existing app?
This is a new app or experiment
Issue description and reproduction steps
For MS Graph access we are using service accounts with delegated permissions.
To access login.microsoft.com we are using an implementation with the HttpClientFactory to route the traffic over the a proxy.
Now we got a security requirement to not directly use the proxy anymore, but we have to use our enterprise service gateway to which we provide a cerrtificate fe: "api-cert.company.ch/application-id/rest/microsoft/auth/v1" which then redirects to login.microsoft.com + our tenantId
I tried to use the new OidcAuthority (which is still in Experimental I know) but it doesn't set an URI for the UserRealmUriPrefix which then tries to make a call to https://loginSMTP/?api-version=1.0 which doesn't make much sense
Is there a way where i can achieve what i want to do?
Relevant code snippets
PublicClientApplicationBuilder .CreateWithApplicationOptions(pcaOptions) .WithExperimentalFeatures(true) .WithOidcAuthority(o365IntegrationOptions.BaseUrl) .WithDefaultRedirectUri() //https://login.microsoftonline.com/common/oauth2/nativeclient .WithHttpClientFactory(serviceProvider.GetRequiredService<IWebProxyMsalClientFactory>()) // new doesn't have the proxy, but adds a certificate to the requests .Build();Expected behavior
The expected behaviour is either to skip the user realm discovery somehow, or that I can manually set the Uri for the OIDC Case.
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
4.61.1
Solution and workarounds
No response
The text was updated successfully, but these errors were encountered: