public async Task GetAsync(string tenantId) { try { MSALCache appTokenCache = new MSALCache(Startup.clientId); // Get a token for the Microsoft Graph. If this line throws an exception for // any reason, we'll just let the exception be returned as a 500 response // to the caller, and show a generic error message to the user. ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(Startup.clientId, string.Format(AuthorityFormat, tenantId), Startup.redirectUri, new ClientCredential(Startup.clientSecret), null, appTokenCache.GetMsalCacheInstance()); AuthenticationResult authResult = await daemonClient.AcquireTokenForClientAsync(new[] { MSGraphScope }); // Query for list of users in the tenant HttpClient client = new HttpClient(); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, MSGraphQuery); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken); HttpResponseMessage response = await client.SendAsync(request); // If the token we used was insufficient to make the query, drop the token from the cache. // The Users page of the website will show a message to the user instructing them to grant // permissions to the app (see User/Index.cshtml). if (response.StatusCode == System.Net.HttpStatusCode.Forbidden) { // BUG: Here, we should clear MSAL's app token cache to ensure that on a subsequent call // to SyncController, MSAL does not return the same access token that resulted in this 403. // By clearing the cache, MSAL will be forced to retrieve a new access token from AAD, // which will contain the most up-to-date set of permissions granted to the app. Since MSAL // currently does not provide a way to clear the app token cache, we have commented this line // out. Thankfully, since this app uses the default in-memory app token cache, the app still // works correctly, since the in-memory cache is not persistent across calls to SyncController // anyway. If you build a persistent app token cache for MSAL, you should make sure to clear // it at this point in the code. // appTokenCache.Clear(); } if (!response.IsSuccessStatusCode) { throw new HttpResponseException(response.StatusCode); } // Record users in the data store (note that this only records the first page of users) string json = await response.Content.ReadAsStringAsync(); MsGraphUserListResponse users = JsonConvert.DeserializeObject <MsGraphUserListResponse>(json); usersByTenant[tenantId] = users.value; } catch (Exception ex) { var e = ex.ToString(); } }
/// <summary> /// Remove all cache entries for this user. /// </summary> private void RemoveCachedTokens() { MSALCache appTokenCache = new MSALCache(Startup.clientId); appTokenCache.Clear(); }