Skip to content

Register IAuthorizationHeaderProvider2 in DI#3927

Merged
neha-bhargava merged 3 commits into
masterfrom
nebharg/register-iauthorizationheaderprovider2
Jul 7, 2026
Merged

Register IAuthorizationHeaderProvider2 in DI#3927
neha-bhargava merged 3 commits into
masterfrom
nebharg/register-iauthorizationheaderprovider2

Conversation

@neha-bhargava

Copy link
Copy Markdown
Contributor

DefaultAuthorizationHeaderProvider implements both IAuthorizationHeaderProvider and IAuthorizationHeaderProvider2, but AddTokenAcquisition only registered v1. So resolving IAuthorizationHeaderProvider2 directly returned nothing - our own consumers (DownstreamApi, MicrosoftIdentityMessageHandler) only worked because they resolve v1 and cast.

This registers v2 pointing at the same instance, using the same pattern we already use to expose ITokenAcquisitionInternal / IConfidentialClientApplicationProvider off ITokenAcquisition:

  • Added in both the singleton and scoped branches.
  • Captured + removed in the lifetime-mismatch re-registration so it doesn't leak a stale descriptor.

Tests: updated the two service-collection assertions, and added a Registers + a Resolves-to-same-instance test.

DefaultAuthorizationHeaderProvider implements both IAuthorizationHeaderProvider and
IAuthorizationHeaderProvider2, but only v1 was registered - so resolving v2 directly
returned nothing (internal callers only worked because they cast). Register v2 as the
same instance (mirroring how ITokenAcquisitionInternal is exposed off ITokenAcquisition)
in both the singleton and scoped paths, and remove it on the lifetime-mismatch re-registration.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@bgavrilMS
bgavrilMS force-pushed the nebharg/register-iauthorizationheaderprovider2 branch from 62f62ca to e31076a Compare July 7, 2026 11:20
neha-bhargava and others added 2 commits July 7, 2026 09:51
* Register IAuthorizationHeaderProvider2 in DI

DefaultAuthorizationHeaderProvider implements both IAuthorizationHeaderProvider and
IAuthorizationHeaderProvider2, but only v1 was registered - so resolving v2 directly
returned nothing (internal callers only worked because they cast). Register v2 as the
same instance (mirroring how ITokenAcquisitionInternal is exposed off ITokenAcquisition)
in both the singleton and scoped paths, and remove it on the lifetime-mismatch re-registration.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add GetAuthorizationHeaderProvider2() to OWIN controllers

OWIN controllers already get a one-liner for the v1 IAuthorizationHeaderProvider;
this adds the same convenience for IAuthorizationHeaderProvider2 on both ApiController
and ControllerBase, resolving it from the OWIN TokenAcquirerFactory service provider.

Depends on IAuthorizationHeaderProvider2 being registered in DI.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@neha-bhargava
neha-bhargava merged commit 922beec into master Jul 7, 2026
5 checks passed
@neha-bhargava
neha-bhargava deleted the nebharg/register-iauthorizationheaderprovider2 branch July 7, 2026 20:25
neha-bhargava added a commit that referenced this pull request Jul 10, 2026
Add the 4.13.0 changelog section (OWIN GetAuthorizationHeaderProvider2 #3928, IAuthorizationHeaderProvider2 DI registration #3927, MSAL 4.86.0 bump #3931), move the OWIN unshipped public API entries to shipped, and bump the dev version to 4.13.1.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This was referenced Jul 10, 2026
github-actions Bot pushed a commit to EelcoLos/nx-tinkering that referenced this pull request Jul 14, 2026
Updated
[Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web)
from 4.12.2 to 4.13.0.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Identity.Web's
releases](https://github.com/AzureAD/microsoft-identity-web/releases)._

## 4.13.0

## What's Changed
* Categorize managed-identity E2E tests and exclude them from the PR
build by @​iarekk in
AzureAD/microsoft-identity-web#3923
* Add more tests for TokenAcquisitionMetadata.ExpiresOn from
AuthenticationResult by @​neha-bhargava in
AzureAD/microsoft-identity-web#3904
* Test: consolidate MI E2E test onto shared Msal_Integration_tests UAMI
by @​RyAuld in
AzureAD/microsoft-identity-web#3926
* docs: Credential architecture internals documentation by @​gladjohn in
AzureAD/microsoft-identity-web#3886
* Potential fix for code scanning alert no. 35: Missing cross-site
request forgery token validation by @​gladjohn in
AzureAD/microsoft-identity-web#3929
* Register IAuthorizationHeaderProvider2 in DI by @​neha-bhargava in
AzureAD/microsoft-identity-web#3927
* Bump Microsoft.Identity.Client to 4.86.0 by @​neha-bhargava in
AzureAD/microsoft-identity-web#3931
* Split PR pipeline into independent net8 stages; add MI E2E stage on
MSALMSIV2 by @​iarekk in
AzureAD/microsoft-identity-web#3933
* Run missing unit test projects in the ADO PR build by @​iarekk in
AzureAD/microsoft-identity-web#3934
* Revert PRs #​3933 and #​3934: restore single-job PR pipeline by
@​gladjohn with @​Copilot in
AzureAD/microsoft-identity-web#3936


**Full Changelog**:
AzureAD/microsoft-identity-web@4.12.2...4.13.0

Commits viewable in [compare
view](AzureAD/microsoft-identity-web@4.12.2...4.13.0).
</details>

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web&package-manager=nuget&previous-version=4.12.2&new-version=4.13.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Eelco Los <5102501+EelcoLos@users.noreply.github.com>
This was referenced Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants