From 022e02101f51e3acb5a2e3c0440fcdeb9424e920 Mon Sep 17 00:00:00 2001 From: Jean-Marc Prieur Date: Sat, 5 Sep 2020 14:20:11 +0200 Subject: [PATCH 1/6] Add GetAuthenticationResultForUserAsync - small refactoring of the methods to return an AuthenticationResult instead of the token only - GetAccessTokenForUserAsync implemented based on GetAuthenticationResultForUserAsync --- .../Microsoft.Identity.Web.xml | 29 +++++++++- .../TokenAcquisition.cs | 57 ++++++++++++++----- 2 files changed, 70 insertions(+), 16 deletions(-) diff --git a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml index 598808ae2..ae2b8ee05 100644 --- a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml +++ b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml @@ -1653,7 +1653,7 @@ you have previously called AddAccountToCacheFromAuthorizationCodeAsync from a method called by OpenIdConnectOptions.Events.OnAuthorizationCodeReceived. - + Typically used from a web app or web API controller, this method retrieves an access token for a downstream API using; @@ -1708,7 +1708,7 @@ Creates an MSAL confidential client application. - + Gets an access token for a downstream API on behalf of the user described by its claimsPrincipal. @@ -1719,7 +1719,7 @@ on behalf of the user described in the claimsPrincipal. Azure AD B2C user flow to target. - + Gets an access token for a downstream API on behalf of the user which account is passed as an argument. @@ -1742,6 +1742,29 @@ The to update. A representing the asynchronous operation. + + + Typically used from a web app or web API controller, this method retrieves an access token + for a downstream API using; + 1) the token cache (for web apps and web APis) if a token exists in the cache + 2) or the on-behalf-of flow + in web APIs, for the user account that is ascertained from claims are provided in the + instance of the current HttpContext. + + Scopes to request for the downstream API to call. + Enables overriding of the tenant/account for the same identity. This is useful in the + cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. + Azure AD B2C user flow to target. + Optional claims principal representing the user. If not provided, will use the signed-in + user (in a web app), or the user for which the token was received (in a web API) + cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. + An access token to call the downstream API and populated with this downstream API's scopes. + Calling this method from a web API supposes that you have previously called, + in a method called by JwtBearerOptions.Events.OnTokenValidated, the HttpContextExtensions.StoreTokenUsedToCallWebAPI method + passing the validated token (as a JwtSecurityToken). Calling it from a web app supposes that + you have previously called AddAccountToCacheFromAuthorizationCodeAsync from a method called by + OpenIdConnectOptions.Events.OnAuthorizationCodeReceived. + Extension class used to add an in-memory token cache serializer to MSAL. diff --git a/src/Microsoft.Identity.Web/TokenAcquisition.cs b/src/Microsoft.Identity.Web/TokenAcquisition.cs index c02af691d..c7014447d 100644 --- a/src/Microsoft.Identity.Web/TokenAcquisition.cs +++ b/src/Microsoft.Identity.Web/TokenAcquisition.cs @@ -216,7 +216,7 @@ public async Task GetAccessTokenOnBehalfOfUserAsync( /// passing the validated token (as a JwtSecurityToken). Calling it from a web app supposes that /// you have previously called AddAccountToCacheFromAuthorizationCodeAsync from a method called by /// OpenIdConnectOptions.Events.OnAuthorizationCodeReceived. - public async Task GetAccessTokenForUserAsync( + public async Task GetAuthenticationResultForUserAsync( IEnumerable scopes, string? tenant = null, string? userFlow = null, @@ -231,23 +231,23 @@ public async Task GetAccessTokenForUserAsync( _application = await GetOrBuildConfidentialClientApplicationAsync().ConfigureAwait(false); string authority = CreateAuthorityBasedOnTenantIfProvided(_application, tenant); - string? accessToken; + AuthenticationResult? authenticationResult; try { // Access token will return if call is from a web API - accessToken = await GetTokenForWebApiToCallDownstreamApiAsync( + authenticationResult = await GetAuthenticationResultForWebApiToCallDownstreamApiAsync( _application, authority, scopes).ConfigureAwait(false); - if (!string.IsNullOrEmpty(accessToken)) + if (authenticationResult != null) { - return accessToken; + return authenticationResult; } // If access token is null, this is a web app - return await GetAccessTokenForWebAppWithAccountFromCacheAsync( + return await GetAuthenticationResultForWebAppWithAccountFromCacheAsync( _application, user, scopes, @@ -266,7 +266,7 @@ public async Task GetAccessTokenForUserAsync( } } - private async Task GetTokenForWebApiToCallDownstreamApiAsync( + private async Task GetAuthenticationResultForWebApiToCallDownstreamApiAsync( IConfidentialClientApplication application, string authority, IEnumerable scopes) @@ -288,7 +288,7 @@ public async Task GetAccessTokenForUserAsync( .WithAuthority(authority) .ExecuteAsync() .ConfigureAwait(false); - return result.AccessToken; + return result; } return null; @@ -471,7 +471,7 @@ private async Task BuildConfidentialClientApplic /// (optional) Authority based on a specific tenant for which to acquire a token to access the scopes /// on behalf of the user described in the claimsPrincipal. /// Azure AD B2C user flow to target. - private async Task GetAccessTokenForWebAppWithAccountFromCacheAsync( + private async Task GetAuthenticationResultForWebAppWithAccountFromCacheAsync( IConfidentialClientApplication application, ClaimsPrincipal? claimsPrincipal, IEnumerable scopes, @@ -496,7 +496,7 @@ private async Task GetAccessTokenForWebAppWithAccountFromCacheAsync( } } - return await GetAccessTokenForWebAppWithAccountFromCacheAsync( + return await GetAuthenticationResultForWebAppWithAccountFromCacheAsync( application, account, scopes, @@ -513,7 +513,7 @@ private async Task GetAccessTokenForWebAppWithAccountFromCacheAsync( /// Authority based on a specific tenant for which to acquire a token to access the scopes /// on behalf of the user. /// Azure AD B2C user flow. - private async Task GetAccessTokenForWebAppWithAccountFromCacheAsync( + private async Task GetAuthenticationResultForWebAppWithAccountFromCacheAsync( IConfidentialClientApplication application, IAccount? account, IEnumerable scopes, @@ -540,7 +540,7 @@ private async Task GetAccessTokenForWebAppWithAccountFromCacheAsync( .ExecuteAsync() .ConfigureAwait(false); - return result.AccessToken; + return result; } result = await application @@ -549,7 +549,7 @@ private async Task GetAccessTokenForWebAppWithAccountFromCacheAsync( .WithSendX5C(_microsoftIdentityOptions.SendX5C) .ExecuteAsync() .ConfigureAwait(false); - return result.AccessToken; + return result; } /// @@ -657,5 +657,36 @@ private static bool AcceptedTokenVersionMismatch(MsalUiRequiredException msalSer return authority; } + + /// + /// Typically used from a web app or web API controller, this method retrieves an access token + /// for a downstream API using; + /// 1) the token cache (for web apps and web APis) if a token exists in the cache + /// 2) or the on-behalf-of flow + /// in web APIs, for the user account that is ascertained from claims are provided in the + /// instance of the current HttpContext. + /// + /// Scopes to request for the downstream API to call. + /// Enables overriding of the tenant/account for the same identity. This is useful in the + /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. + /// Azure AD B2C user flow to target. + /// Optional claims principal representing the user. If not provided, will use the signed-in + /// user (in a web app), or the user for which the token was received (in a web API) + /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. + /// An access token to call the downstream API and populated with this downstream API's scopes. + /// Calling this method from a web API supposes that you have previously called, + /// in a method called by JwtBearerOptions.Events.OnTokenValidated, the HttpContextExtensions.StoreTokenUsedToCallWebAPI method + /// passing the validated token (as a JwtSecurityToken). Calling it from a web app supposes that + /// you have previously called AddAccountToCacheFromAuthorizationCodeAsync from a method called by + /// OpenIdConnectOptions.Events.OnAuthorizationCodeReceived. + public async Task GetAccessTokenForUserAsync( + IEnumerable scopes, + string? tenant = null, + string? userFlow = null, + ClaimsPrincipal? user = null) + { + AuthenticationResult result = await GetAuthenticationResultForUserAsync(scopes, tenant, userFlow, user).ConfigureAwait(false); + return result.AccessToken; + } } } From 3c980b02521a4188cfbce7648dbb1f202bb435e1 Mon Sep 17 00:00:00 2001 From: Jean-Marc Prieur Date: Sat, 5 Sep 2020 14:20:11 +0200 Subject: [PATCH 2/6] Add GetAuthenticationResultForUserAsync - small refactoring of the methods to return an AuthenticationResult instead of the token only - GetAccessTokenForUserAsync implemented based on GetAuthenticationResultForUserAsync --- .../ITokenAcquisition.cs | 19 +++++++ .../Microsoft.Identity.Web.xml | 44 +++++++++++++- .../TokenAcquisition.cs | 57 ++++++++++++++----- 3 files changed, 104 insertions(+), 16 deletions(-) diff --git a/src/Microsoft.Identity.Web/ITokenAcquisition.cs b/src/Microsoft.Identity.Web/ITokenAcquisition.cs index a837996bd..9046aacac 100644 --- a/src/Microsoft.Identity.Web/ITokenAcquisition.cs +++ b/src/Microsoft.Identity.Web/ITokenAcquisition.cs @@ -33,6 +33,25 @@ Task GetAccessTokenForUserAsync( string? userFlow = null, ClaimsPrincipal? user = null); + /// + /// Typically used from an ASP.NET Core web app or web API controller, this method gets an access token + /// for a downstream API on behalf of the user account which claims are provided in the + /// member of the controller's parameter. + /// + /// Scopes to request for the downstream API to call. + /// Enables to override the tenant/account for the same identity. This is useful in the + /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant. + /// Azure AD B2C UserFlow to target. + /// Optional claims principal representing the user. If not provided, will use the signed-in + /// user (in a web app), or the user for which the token was received (in a web API) + /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. + /// An to call on behalf of the user, the downstream API characterized by its scopes. + Task GetAuthenticationResultForUserAsync( + IEnumerable scopes, + string? tenantId = null, + string? userFlow = null, + ClaimsPrincipal? user = null); + /// /// Acquires a token from the authority configured in the app, for the confidential client itself (not on behalf of a user) /// using the client credentials flow. See https://aka.ms/msal-net-client-credentials. diff --git a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml index 598808ae2..e07b4a996 100644 --- a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml +++ b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml @@ -858,6 +858,21 @@ cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. An access token to call on behalf of the user, the downstream API characterized by its scopes. + + + Typically used from an ASP.NET Core web app or web API controller, this method gets an access token + for a downstream API on behalf of the user account which claims are provided in the + member of the controller's parameter. + + Scopes to request for the downstream API to call. + Enables to override the tenant/account for the same identity. This is useful in the + cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant. + Azure AD B2C UserFlow to target. + Optional claims principal representing the user. If not provided, will use the signed-in + user (in a web app), or the user for which the token was received (in a web API) + cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. + An to call on behalf of the user, the downstream API characterized by its scopes. + Acquires a token from the authority configured in the app, for the confidential client itself (not on behalf of a user) @@ -1653,7 +1668,7 @@ you have previously called AddAccountToCacheFromAuthorizationCodeAsync from a method called by OpenIdConnectOptions.Events.OnAuthorizationCodeReceived. - + Typically used from a web app or web API controller, this method retrieves an access token for a downstream API using; @@ -1708,7 +1723,7 @@ Creates an MSAL confidential client application. - + Gets an access token for a downstream API on behalf of the user described by its claimsPrincipal. @@ -1719,7 +1734,7 @@ on behalf of the user described in the claimsPrincipal. Azure AD B2C user flow to target. - + Gets an access token for a downstream API on behalf of the user which account is passed as an argument. @@ -1742,6 +1757,29 @@ The to update. A representing the asynchronous operation. + + + Typically used from a web app or web API controller, this method retrieves an access token + for a downstream API using; + 1) the token cache (for web apps and web APis) if a token exists in the cache + 2) or the on-behalf-of flow + in web APIs, for the user account that is ascertained from claims are provided in the + instance of the current HttpContext. + + Scopes to request for the downstream API to call. + Enables overriding of the tenant/account for the same identity. This is useful in the + cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. + Azure AD B2C user flow to target. + Optional claims principal representing the user. If not provided, will use the signed-in + user (in a web app), or the user for which the token was received (in a web API) + cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. + An access token to call the downstream API and populated with this downstream API's scopes. + Calling this method from a web API supposes that you have previously called, + in a method called by JwtBearerOptions.Events.OnTokenValidated, the HttpContextExtensions.StoreTokenUsedToCallWebAPI method + passing the validated token (as a JwtSecurityToken). Calling it from a web app supposes that + you have previously called AddAccountToCacheFromAuthorizationCodeAsync from a method called by + OpenIdConnectOptions.Events.OnAuthorizationCodeReceived. + Extension class used to add an in-memory token cache serializer to MSAL. diff --git a/src/Microsoft.Identity.Web/TokenAcquisition.cs b/src/Microsoft.Identity.Web/TokenAcquisition.cs index c02af691d..c7014447d 100644 --- a/src/Microsoft.Identity.Web/TokenAcquisition.cs +++ b/src/Microsoft.Identity.Web/TokenAcquisition.cs @@ -216,7 +216,7 @@ public async Task GetAccessTokenOnBehalfOfUserAsync( /// passing the validated token (as a JwtSecurityToken). Calling it from a web app supposes that /// you have previously called AddAccountToCacheFromAuthorizationCodeAsync from a method called by /// OpenIdConnectOptions.Events.OnAuthorizationCodeReceived. - public async Task GetAccessTokenForUserAsync( + public async Task GetAuthenticationResultForUserAsync( IEnumerable scopes, string? tenant = null, string? userFlow = null, @@ -231,23 +231,23 @@ public async Task GetAccessTokenForUserAsync( _application = await GetOrBuildConfidentialClientApplicationAsync().ConfigureAwait(false); string authority = CreateAuthorityBasedOnTenantIfProvided(_application, tenant); - string? accessToken; + AuthenticationResult? authenticationResult; try { // Access token will return if call is from a web API - accessToken = await GetTokenForWebApiToCallDownstreamApiAsync( + authenticationResult = await GetAuthenticationResultForWebApiToCallDownstreamApiAsync( _application, authority, scopes).ConfigureAwait(false); - if (!string.IsNullOrEmpty(accessToken)) + if (authenticationResult != null) { - return accessToken; + return authenticationResult; } // If access token is null, this is a web app - return await GetAccessTokenForWebAppWithAccountFromCacheAsync( + return await GetAuthenticationResultForWebAppWithAccountFromCacheAsync( _application, user, scopes, @@ -266,7 +266,7 @@ public async Task GetAccessTokenForUserAsync( } } - private async Task GetTokenForWebApiToCallDownstreamApiAsync( + private async Task GetAuthenticationResultForWebApiToCallDownstreamApiAsync( IConfidentialClientApplication application, string authority, IEnumerable scopes) @@ -288,7 +288,7 @@ public async Task GetAccessTokenForUserAsync( .WithAuthority(authority) .ExecuteAsync() .ConfigureAwait(false); - return result.AccessToken; + return result; } return null; @@ -471,7 +471,7 @@ private async Task BuildConfidentialClientApplic /// (optional) Authority based on a specific tenant for which to acquire a token to access the scopes /// on behalf of the user described in the claimsPrincipal. /// Azure AD B2C user flow to target. - private async Task GetAccessTokenForWebAppWithAccountFromCacheAsync( + private async Task GetAuthenticationResultForWebAppWithAccountFromCacheAsync( IConfidentialClientApplication application, ClaimsPrincipal? claimsPrincipal, IEnumerable scopes, @@ -496,7 +496,7 @@ private async Task GetAccessTokenForWebAppWithAccountFromCacheAsync( } } - return await GetAccessTokenForWebAppWithAccountFromCacheAsync( + return await GetAuthenticationResultForWebAppWithAccountFromCacheAsync( application, account, scopes, @@ -513,7 +513,7 @@ private async Task GetAccessTokenForWebAppWithAccountFromCacheAsync( /// Authority based on a specific tenant for which to acquire a token to access the scopes /// on behalf of the user. /// Azure AD B2C user flow. - private async Task GetAccessTokenForWebAppWithAccountFromCacheAsync( + private async Task GetAuthenticationResultForWebAppWithAccountFromCacheAsync( IConfidentialClientApplication application, IAccount? account, IEnumerable scopes, @@ -540,7 +540,7 @@ private async Task GetAccessTokenForWebAppWithAccountFromCacheAsync( .ExecuteAsync() .ConfigureAwait(false); - return result.AccessToken; + return result; } result = await application @@ -549,7 +549,7 @@ private async Task GetAccessTokenForWebAppWithAccountFromCacheAsync( .WithSendX5C(_microsoftIdentityOptions.SendX5C) .ExecuteAsync() .ConfigureAwait(false); - return result.AccessToken; + return result; } /// @@ -657,5 +657,36 @@ private static bool AcceptedTokenVersionMismatch(MsalUiRequiredException msalSer return authority; } + + /// + /// Typically used from a web app or web API controller, this method retrieves an access token + /// for a downstream API using; + /// 1) the token cache (for web apps and web APis) if a token exists in the cache + /// 2) or the on-behalf-of flow + /// in web APIs, for the user account that is ascertained from claims are provided in the + /// instance of the current HttpContext. + /// + /// Scopes to request for the downstream API to call. + /// Enables overriding of the tenant/account for the same identity. This is useful in the + /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. + /// Azure AD B2C user flow to target. + /// Optional claims principal representing the user. If not provided, will use the signed-in + /// user (in a web app), or the user for which the token was received (in a web API) + /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. + /// An access token to call the downstream API and populated with this downstream API's scopes. + /// Calling this method from a web API supposes that you have previously called, + /// in a method called by JwtBearerOptions.Events.OnTokenValidated, the HttpContextExtensions.StoreTokenUsedToCallWebAPI method + /// passing the validated token (as a JwtSecurityToken). Calling it from a web app supposes that + /// you have previously called AddAccountToCacheFromAuthorizationCodeAsync from a method called by + /// OpenIdConnectOptions.Events.OnAuthorizationCodeReceived. + public async Task GetAccessTokenForUserAsync( + IEnumerable scopes, + string? tenant = null, + string? userFlow = null, + ClaimsPrincipal? user = null) + { + AuthenticationResult result = await GetAuthenticationResultForUserAsync(scopes, tenant, userFlow, user).ConfigureAwait(false); + return result.AccessToken; + } } } From 3ed38418851562d29a0c18d17613185e80f16ed7 Mon Sep 17 00:00:00 2001 From: Jean-Marc Prieur Date: Tue, 8 Sep 2020 09:05:46 +0200 Subject: [PATCH 3/6] Update src/Microsoft.Identity.Web/ITokenAcquisition.cs Co-authored-by: jennyf19 --- src/Microsoft.Identity.Web/ITokenAcquisition.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.Identity.Web/ITokenAcquisition.cs b/src/Microsoft.Identity.Web/ITokenAcquisition.cs index 9046aacac..9d12874c9 100644 --- a/src/Microsoft.Identity.Web/ITokenAcquisition.cs +++ b/src/Microsoft.Identity.Web/ITokenAcquisition.cs @@ -40,7 +40,7 @@ Task GetAccessTokenForUserAsync( /// /// Scopes to request for the downstream API to call. /// Enables to override the tenant/account for the same identity. This is useful in the - /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant. + /// cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant. /// Azure AD B2C UserFlow to target. /// Optional claims principal representing the user. If not provided, will use the signed-in /// user (in a web app), or the user for which the token was received (in a web API) From 31ab02c0b8dfd7636a7c4b97eaaec72cc04f082e Mon Sep 17 00:00:00 2001 From: Jean-Marc Prieur Date: Tue, 8 Sep 2020 09:05:52 +0200 Subject: [PATCH 4/6] Update src/Microsoft.Identity.Web/TokenAcquisition.cs Co-authored-by: jennyf19 --- src/Microsoft.Identity.Web/TokenAcquisition.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.Identity.Web/TokenAcquisition.cs b/src/Microsoft.Identity.Web/TokenAcquisition.cs index c7014447d..2693aa01d 100644 --- a/src/Microsoft.Identity.Web/TokenAcquisition.cs +++ b/src/Microsoft.Identity.Web/TokenAcquisition.cs @@ -672,7 +672,7 @@ private static bool AcceptedTokenVersionMismatch(MsalUiRequiredException msalSer /// Azure AD B2C user flow to target. /// Optional claims principal representing the user. If not provided, will use the signed-in /// user (in a web app), or the user for which the token was received (in a web API) - /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. + /// cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. /// An access token to call the downstream API and populated with this downstream API's scopes. /// Calling this method from a web API supposes that you have previously called, /// in a method called by JwtBearerOptions.Events.OnTokenValidated, the HttpContextExtensions.StoreTokenUsedToCallWebAPI method From 3370c60bb09ca8b64d9e3d6f663f872f7332e050 Mon Sep 17 00:00:00 2001 From: Jean-Marc Prieur Date: Tue, 8 Sep 2020 09:06:00 +0200 Subject: [PATCH 5/6] Update src/Microsoft.Identity.Web/TokenAcquisition.cs Co-authored-by: jennyf19 --- src/Microsoft.Identity.Web/TokenAcquisition.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.Identity.Web/TokenAcquisition.cs b/src/Microsoft.Identity.Web/TokenAcquisition.cs index 2693aa01d..3080c57c7 100644 --- a/src/Microsoft.Identity.Web/TokenAcquisition.cs +++ b/src/Microsoft.Identity.Web/TokenAcquisition.cs @@ -668,7 +668,7 @@ private static bool AcceptedTokenVersionMismatch(MsalUiRequiredException msalSer /// /// Scopes to request for the downstream API to call. /// Enables overriding of the tenant/account for the same identity. This is useful in the - /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. + /// cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. /// Azure AD B2C user flow to target. /// Optional claims principal representing the user. If not provided, will use the signed-in /// user (in a web app), or the user for which the token was received (in a web API) From c844f37e1a44c132fae2e3281cb1e00b46fa499a Mon Sep 17 00:00:00 2001 From: Jean-Marc Prieur Date: Tue, 8 Sep 2020 09:06:10 +0200 Subject: [PATCH 6/6] Update src/Microsoft.Identity.Web/ITokenAcquisition.cs Co-authored-by: jennyf19 --- src/Microsoft.Identity.Web/ITokenAcquisition.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.Identity.Web/ITokenAcquisition.cs b/src/Microsoft.Identity.Web/ITokenAcquisition.cs index 9d12874c9..bed44fed1 100644 --- a/src/Microsoft.Identity.Web/ITokenAcquisition.cs +++ b/src/Microsoft.Identity.Web/ITokenAcquisition.cs @@ -44,7 +44,7 @@ Task GetAccessTokenForUserAsync( /// Azure AD B2C UserFlow to target. /// Optional claims principal representing the user. If not provided, will use the signed-in /// user (in a web app), or the user for which the token was received (in a web API) - /// cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. + /// cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in. /// An to call on behalf of the user, the downstream API characterized by its scopes. Task GetAuthenticationResultForUserAsync( IEnumerable scopes,