You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the "Index" method of the "TasksController", there is an exemple on how to retrieve a bearer token for the "https://fabrikamb2c.onmicrosoft.com/tasks/read" scope. It's working perfectly.
Now, let's add a little twist. Instead of retrieving only one bearer token, let's say i want to retrieve two bearers token but with different scope :
My understanding is that the authorization code receive in the "OnAuthorizationCodeReceived" method of the "Startup" class can only be use once to obtain a bearer token for one of the previous scope. If you try to use it more then once, the second "access_token" will be null.
In the method, this code return a valid access_token for the first scope
var scope = new string[] { Globals.ReadTasksScope };
IConfidentialClientApplication cca = MsalAppBuilder.BuildConfidentialClientApplication();
var accounts = await cca.GetAccountsAsync();
AuthenticationResult result = await cca.AcquireTokenSilent(scope, accounts.FirstOrDefault()).ExecuteAsync();
HttpClient client = new HttpClient();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, apiEndpoint);
// Add token to the Authorization header and make the request
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
Since the access_token already exist in the msal cache, no call is record in fiddler to retrieve the access token.
Then, I try to use this code to retrieve the second access_token
var scope2 = new string[] { "https://merveilleuxb2c.onmicrosoft.com/FAKE_INFO/Task2" };
var claimsPrincipal = ClaimsPrincipal.Current;
var objIdclaim = claimsPrincipal.FindFirst(ClaimTypes.NameIdentifier);
string signedInUserID = objIdclaim.Value;
IConfidentialClientApplication clientapp = ConfidentialClientApplicationBuilder.Create(Globals.ClientId)
.WithClientSecret(Globals.ClientSecret)
.WithRedirectUri(Globals.RedirectUri)
.WithB2CAuthority(Globals.B2CAuthority)
.Build();
new MSALPerUserMemoryTokenCache(clientapp.UserTokenCache, ClaimsPrincipal.Current);
var accounts2 = await cca.GetAccountsAsync();
AuthenticationResult result2 = await clientapp.AcquireTokenSilent(scope2, accounts.FirstOrDefault()).ExecuteAsync();
This time, in fiddler, there is an API call to the /token endpoint using the refresh_token found in the msal cache. But, the access_token return is null.
So, using the refresh_token, is it possible to retrieve additional scope for multiple web api? If not, how can I achieve this?
Best regards,
The text was updated successfully, but these errors were encountered:
Hi,
In the "Index" method of the "TasksController", there is an exemple on how to retrieve a bearer token for the "https://fabrikamb2c.onmicrosoft.com/tasks/read" scope. It's working perfectly.
Now, let's add a little twist. Instead of retrieving only one bearer token, let's say i want to retrieve two bearers token but with different scope :
Ex : https://app1.onmicrosoft.com/tasks/read and https://app2.onmicrosoft.com/car/write
My understanding is that the authorization code receive in the "OnAuthorizationCodeReceived" method of the "Startup" class can only be use once to obtain a bearer token for one of the previous scope. If you try to use it more then once, the second "access_token" will be null.
In the method, this code return a valid access_token for the first scope
Since the access_token already exist in the msal cache, no call is record in fiddler to retrieve the access token.
Then, I try to use this code to retrieve the second access_token
This time, in fiddler, there is an API call to the /token endpoint using the refresh_token found in the msal cache. But, the access_token return is null.
So, using the refresh_token, is it possible to retrieve additional scope for multiple web api? If not, how can I achieve this?
Best regards,
The text was updated successfully, but these errors were encountered: