Register IAuthorizationHeaderProvider2 in DI#3927
Merged
neha-bhargava merged 3 commits intoJul 7, 2026
Merged
Conversation
bgavrilMS
approved these changes
Jul 7, 2026
DefaultAuthorizationHeaderProvider implements both IAuthorizationHeaderProvider and IAuthorizationHeaderProvider2, but only v1 was registered - so resolving v2 directly returned nothing (internal callers only worked because they cast). Register v2 as the same instance (mirroring how ITokenAcquisitionInternal is exposed off ITokenAcquisition) in both the singleton and scoped paths, and remove it on the lifetime-mismatch re-registration. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
bgavrilMS
force-pushed
the
nebharg/register-iauthorizationheaderprovider2
branch
from
July 7, 2026 11:20
62f62ca to
e31076a
Compare
gladjohn
approved these changes
Jul 7, 2026
* Register IAuthorizationHeaderProvider2 in DI DefaultAuthorizationHeaderProvider implements both IAuthorizationHeaderProvider and IAuthorizationHeaderProvider2, but only v1 was registered - so resolving v2 directly returned nothing (internal callers only worked because they cast). Register v2 as the same instance (mirroring how ITokenAcquisitionInternal is exposed off ITokenAcquisition) in both the singleton and scoped paths, and remove it on the lifetime-mismatch re-registration. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add GetAuthorizationHeaderProvider2() to OWIN controllers OWIN controllers already get a one-liner for the v1 IAuthorizationHeaderProvider; this adds the same convenience for IAuthorizationHeaderProvider2 on both ApiController and ControllerBase, resolving it from the OWIN TokenAcquirerFactory service provider. Depends on IAuthorizationHeaderProvider2 being registered in DI. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
gladjohn
approved these changes
Jul 7, 2026
neha-bhargava
added a commit
that referenced
this pull request
Jul 10, 2026
Add the 4.13.0 changelog section (OWIN GetAuthorizationHeaderProvider2 #3928, IAuthorizationHeaderProvider2 DI registration #3927, MSAL 4.86.0 bump #3931), move the OWIN unshipped public API entries to shipped, and bump the dev version to 4.13.1. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This was referenced Jul 10, 2026
Closed
Closed
Merged
github-actions Bot
pushed a commit
to EelcoLos/nx-tinkering
that referenced
this pull request
Jul 14, 2026
Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.12.2 to 4.13.0. <details> <summary>Release notes</summary> _Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._ ## 4.13.0 ## What's Changed * Categorize managed-identity E2E tests and exclude them from the PR build by @iarekk in AzureAD/microsoft-identity-web#3923 * Add more tests for TokenAcquisitionMetadata.ExpiresOn from AuthenticationResult by @neha-bhargava in AzureAD/microsoft-identity-web#3904 * Test: consolidate MI E2E test onto shared Msal_Integration_tests UAMI by @RyAuld in AzureAD/microsoft-identity-web#3926 * docs: Credential architecture internals documentation by @gladjohn in AzureAD/microsoft-identity-web#3886 * Potential fix for code scanning alert no. 35: Missing cross-site request forgery token validation by @gladjohn in AzureAD/microsoft-identity-web#3929 * Register IAuthorizationHeaderProvider2 in DI by @neha-bhargava in AzureAD/microsoft-identity-web#3927 * Bump Microsoft.Identity.Client to 4.86.0 by @neha-bhargava in AzureAD/microsoft-identity-web#3931 * Split PR pipeline into independent net8 stages; add MI E2E stage on MSALMSIV2 by @iarekk in AzureAD/microsoft-identity-web#3933 * Run missing unit test projects in the ADO PR build by @iarekk in AzureAD/microsoft-identity-web#3934 * Revert PRs #3933 and #3934: restore single-job PR pipeline by @gladjohn with @Copilot in AzureAD/microsoft-identity-web#3936 **Full Changelog**: AzureAD/microsoft-identity-web@4.12.2...4.13.0 Commits viewable in [compare view](AzureAD/microsoft-identity-web@4.12.2...4.13.0). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eelco Los <5102501+EelcoLos@users.noreply.github.com>
This was referenced Jul 14, 2026
Closed
Closed
Closed
Closed
Open
Open
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
DefaultAuthorizationHeaderProviderimplements bothIAuthorizationHeaderProviderandIAuthorizationHeaderProvider2, butAddTokenAcquisitiononly registered v1. So resolvingIAuthorizationHeaderProvider2directly returned nothing - our own consumers (DownstreamApi, MicrosoftIdentityMessageHandler) only worked because they resolve v1 and cast.This registers v2 pointing at the same instance, using the same pattern we already use to expose
ITokenAcquisitionInternal/IConfidentialClientApplicationProvideroffITokenAcquisition:Tests: updated the two service-collection assertions, and added a Registers + a Resolves-to-same-instance test.