Replies: 1 comment
-
|
thanks @TLevitt I opened an issue with this so we can investigate. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Is it possible to set a discovery URI for API token acquisition?
var accessToken = await _tokenAcquisition.GetAccessTokenForAppAsync(scopesToAccessDownstreamApi);
With WebApps, setting the authority along with the tenant, client, and secret configs will send you to the authority for discovery ex:
https://myCustomAuthority/myTenantId/oauth2/v2.0/.well-known/openid-configuration
TokenAcquisition is using:
var builder = ConfidentialClientApplicationBuilder .CreateWithApplicationOptions(_applicationOptions) .WithHttpClientFactory(_httpClientFactory)microsoft-identity-web/src/Microsoft.Identity.Web/TokenAcquisition.cs
Line 583 in b106d9a
Which then creates a new ConfidentialClientApplicationBuilder with an empty ApplicationConfiguration object so the CustomInstanceDiscovery is always null
var config = new ApplicationConfiguration(); var builder = new ConfidentialClientApplicationBuilder(config).WithOptions(options);https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/ac7541c1aa1c7bdbb20df5c7e72628161f826f44/src/client/Microsoft.Identity.Client/AppConfig/ConfidentialClientApplicationBuilder.cs#L42
This causes GetAccessTokenForAppAsync to always request:
https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=.......%2Fauthorize
Instead of a cached or custom discovery endpoint.
Is this possible or would it be a feature request?
Beta Was this translation helpful? Give feedback.
All reactions