From 83241264764779c383cabb9c2d7ec293d191b788 Mon Sep 17 00:00:00 2001 From: Jan Hajek Date: Mon, 30 Nov 2020 22:23:50 +0100 Subject: [PATCH] Add support for tenant selection when using AppOnly Microsoft Graph. (#790) --- .../BaseRequestExtensions.cs | 9 +++++++-- .../TokenAcquisitionAuthenticationProvider.cs | 4 +++- .../TokenAcquisitionAuthenticationProviderOption.cs | 1 + 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/Microsoft.Identity.Web.MicrosoftGraph/BaseRequestExtensions.cs b/src/Microsoft.Identity.Web.MicrosoftGraph/BaseRequestExtensions.cs index 3aca5470f..9b3772a1b 100644 --- a/src/Microsoft.Identity.Web.MicrosoftGraph/BaseRequestExtensions.cs +++ b/src/Microsoft.Identity.Web.MicrosoftGraph/BaseRequestExtensions.cs @@ -30,10 +30,15 @@ public static T WithScopes(this T baseRequest, params string[] scopes) where /// Type of the request. /// Request. /// Should the permissions be app only or not. + /// Tenant ID or domain for which we want to make the call.. /// - public static T WithAppOnly(this T baseRequest, bool appOnly = true) where T : IBaseRequest + public static T WithAppOnly(this T baseRequest, bool appOnly = true, string? tenant = null) where T : IBaseRequest { - return SetParameter(baseRequest, options => options.AppOnly = appOnly); + return SetParameter(baseRequest, options => + { + options.AppOnly = appOnly; + options.Tenant = tenant; + }); } private static T SetParameter(T baseRequest, Action action) where T : IBaseRequest diff --git a/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProvider.cs b/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProvider.cs index 9e582ca47..0a6b07476 100644 --- a/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProvider.cs +++ b/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProvider.cs @@ -33,11 +33,13 @@ public async Task AuthenticateRequestAsync(HttpRequestMessage request) // Default options to settings provided during intialization var scopes = _initialOptions.Scopes; bool appOnly = _initialOptions.AppOnly ?? false; + string? tenant = _initialOptions.Tenant ?? null; // Extract per-request options from the request if present TokenAcquisitionAuthenticationProviderOption? msalAuthProviderOption = GetMsalAuthProviderOption(request); if (msalAuthProviderOption != null) { scopes = msalAuthProviderOption.Scopes ?? scopes; appOnly = msalAuthProviderOption.AppOnly ?? appOnly; + tenant = msalAuthProviderOption.Tenant ?? tenant; } if (!appOnly && scopes == null) @@ -50,7 +52,7 @@ public async Task AuthenticateRequestAsync(HttpRequestMessage request) string token; if (appOnly) { - token = await _tokenAcquisition.GetAccessTokenForAppAsync(Constants.DefaultGraphScope).ConfigureAwait(false); + token = await _tokenAcquisition.GetAccessTokenForAppAsync(Constants.DefaultGraphScope, tenant).ConfigureAwait(false); } else { diff --git a/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProviderOption.cs b/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProviderOption.cs index 96471c3e9..80855ac57 100644 --- a/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProviderOption.cs +++ b/src/Microsoft.Identity.Web.MicrosoftGraph/TokenAcquisitionAuthenticationProviderOption.cs @@ -6,5 +6,6 @@ internal class TokenAcquisitionAuthenticationProviderOption : IAuthenticationPro { public string[]? Scopes { get; set; } public bool? AppOnly { get; set; } + public string? Tenant { get; set; } } }