private async Task <WebAccount> TryFetchWebAccountFromMsaAsync( AuthenticationRequestParameters authenticationRequestParameters, WebAccountProvider accountProvider) { // This response has an v1 MSA Access Token, which MSAL should expose to the user var webTokenRequestMsa = await _msaPlugin.CreateWebTokenRequestAsync( accountProvider, authenticationRequestParameters, isForceLoginPrompt : false, isInteractive : true, isAccountInWam : false) .ConfigureAwait(false); WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequestMsa); var webTokenResponseMsa = await _wamProxy.RequestTokenForWindowAsync(_parentHandle, webTokenRequestMsa) .ConfigureAwait(true); if (!webTokenResponseMsa.ResponseStatus.IsSuccessStatus()) { var errorResp = WamAdapters.CreateMsalResponseFromWamResponse(webTokenResponseMsa, _msaPlugin, _logger, true); _logger.Warning( "WAM MSA-PT: could not get a transfer token, ussually this is because the " + "1st party app is configured for MSA-PT but not configured to login MSA users (signinaudience =2). " + "Error was: " + errorResp.Error + " " + errorResp.ErrorDescription); return(null); } // Cannot use this WebAccount with the AAD provider WebAccount msaPtWebAccount = webTokenResponseMsa.ResponseData[0].WebAccount; return(msaPtWebAccount); }
// only works for AAD plugin. MSA plugin does not allow for privacy reasons private async Task <MsalTokenResponse> AcquireInteractiveWithAadBrowserAsync( AuthenticationRequestParameters authenticationRequestParameters, Prompt msalPrompt) { var provider = await _webAccountProviderFactory.GetAccountProviderAsync( authenticationRequestParameters.Authority.TenantId).ConfigureAwait(true); WebTokenRequest webTokenRequest = await _aadPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : true, isInteractive : true, isAccountInWam : false) .ConfigureAwait(false); string differentAuthority = await WorkaroundOrganizationsBugAsync(authenticationRequestParameters, provider).ConfigureAwait(true); WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest, _logger, differentAuthority); AddPromptToRequest(msalPrompt == Prompt.NotSpecified ? Prompt.SelectAccount : msalPrompt, true, webTokenRequest); var wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest).ConfigureAwait(false); return(WamAdapters.CreateMsalResponseFromWamResponse( wamResult, _aadPlugin, authenticationRequestParameters.AppConfig.ClientId, _logger, isInteractive: true)); }
private async Task <WebAccount> FetchWebAccountFromMsaAsync( AuthenticationRequestParameters authenticationRequestParameters, WebAccountProvider accountProvider) { // This response has an v1 MSA Access Token, which MSAL should expose to the user var webTokenRequestMsa = await _msaPlugin.CreateWebTokenRequestAsync( accountProvider, authenticationRequestParameters, isForceLoginPrompt : false, isInteractive : true, isAccountInWam : false) .ConfigureAwait(false); WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequestMsa); var webTokenResponseMsa = await _wamProxy.RequestTokenForWindowAsync(_parentHandle, webTokenRequestMsa) .ConfigureAwait(true); if (!webTokenResponseMsa.ResponseStatus.IsSuccessStatus()) { var errorResp = WamAdapters.CreateMsalResponseFromWamResponse(webTokenResponseMsa, _msaPlugin, _logger, true); throw new MsalServiceException( errorResp.Error, "Error fetching the MSA-PT initial token - " + errorResp.ErrorDescription); } // Cannot use this WebAccount with the AAD provider WebAccount msaPtWebAccount = webTokenResponseMsa.ResponseData[0].WebAccount; return(msaPtWebAccount); }
public async Task <MsalTokenResponse> AcquireTokenSilentDefaultUserAsync( AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenSilentParameters acquireTokenSilentParameters) { using (_logger.LogMethodDuration()) { bool isMsa = await IsMsaRequestAsync( authenticationRequestParameters.Authority, null, IsMsaPassthrough(authenticationRequestParameters)).ConfigureAwait(false); IWamPlugin wamPlugin = isMsa ? _msaPlugin : _aadPlugin; WebAccountProvider provider = await GetProviderAsync( authenticationRequestParameters.Authority.AuthorityInfo.CanonicalAuthority, isMsa).ConfigureAwait(false); WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : false, isAccountInWam : false, isInteractive : false) .ConfigureAwait(false); AddCommonParamsToRequest(authenticationRequestParameters, webTokenRequest); var wamResult = await _wamProxy.GetTokenSilentlyForDefaultAccountAsync(webTokenRequest).ConfigureAwait(false); return(CreateMsalTokenResponse(wamResult, wamPlugin, isInteractive: false)); } }
public async Task FetchTransferToken_Silent_Async() { // Arrange using (MockHttpAndServiceBundle harness = CreateTestHarness()) { var msaProvider = new WebAccountProvider("id", "*****@*****.**", null); Client.Internal.Requests.AuthenticationRequestParameters requestParams = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, validateAuthority: true); requestParams.AppConfig.WindowsBrokerOptions = new WindowsBrokerOptions() { MsaPassthrough = true }; var msaRequest = new WebTokenRequest(msaProvider); _msaPlugin.CreateWebTokenRequestAsync(msaProvider, requestParams, false, false, true, MsaPassthroughHandler.TransferTokenScopes) .Returns(Task.FromResult(msaRequest)); var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>(); webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success); WebAccount accountFromMsaProvider = new WebAccount(msaProvider, "*****@*****.**", WebAccountState.Connected); var webTokenResponse = new WebTokenResponse("transfer_token", accountFromMsaProvider); webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>() { webTokenResponse }); _wamProxy.RequestTokenForWindowAsync(IntPtr.Zero, msaRequest, accountFromMsaProvider).Returns(webTokenResponseWrapper); _msaPlugin.ParseSuccessfullWamResponse(Arg.Any <WebTokenResponse>(), out Arg.Any <Dictionary <string, string> >()) .Returns(x => { x[1] = new Dictionary <string, string>(); (x[1] as Dictionary <string, string>).Add("code", "actual_transfer_token"); return(new MsalTokenResponse()); }); // Act var transferToken = await _msaPassthroughHandler.TryFetchTransferTokenSilentAsync( requestParams, accountFromMsaProvider) .ConfigureAwait(false); // Assert Assert.AreEqual("actual_transfer_token", transferToken); } }
private async Task <IWebTokenRequestResultWrapper> AcquireInteractiveWithoutPickerAsync( AuthenticationRequestParameters authenticationRequestParameters, Prompt prompt, IWamPlugin wamPlugin, WebAccountProvider provider, WebAccount wamAccount) { bool isForceLoginPrompt = IsForceLoginPrompt(prompt); WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : isForceLoginPrompt, isInteractive : true, isAccountInWam : true) .ConfigureAwait(false); if (isForceLoginPrompt && ApiInformation.IsApiContractPresent("Windows.Foundation.UniversalApiContract", 6)) { // this feature works correctly since windows RS4, aka 1803 with the AAD plugin only! webTokenRequest.Properties["prompt"] = prompt.PromptValue; } AddCommonParamsToRequest(authenticationRequestParameters, webTokenRequest); try { #if WINDOWS_APP // UWP requires being on the UI thread await _synchronizationContext; #endif IWebTokenRequestResultWrapper wamResult; if (wamAccount != null) { wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest, wamAccount).ConfigureAwait(false); } else { // default user wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest).ConfigureAwait(false); } return(wamResult); } catch (Exception ex) { _logger.ErrorPii(ex); throw new MsalServiceException( MsalError.WamInteractiveError, "AcquireTokenInteractive without picker failed. See inner exception for details. ", ex); } }
public async Task ATS_AccountMatchingInWAM_MatchingHomeAccId_Async() { string homeAccId = $"{TestConstants.Uid}.{TestConstants.Utid}"; // Arrange using (var harness = CreateTestHarness()) { var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null); var requestParams = harness.CreateAuthenticationRequestParameters(TestConstants.AuthorityConsumerTidTenant); // MSA var webAccount = new WebAccount(wamAccountProvider, "*****@*****.**", WebAccountState.Connected); IReadOnlyList <WebAccount> webAccounts = new List <WebAccount>() { webAccount }; var webTokenRequest = new WebTokenRequest(wamAccountProvider); var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>(); webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success); var webTokenResponse = new WebTokenResponse(); webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>() { webTokenResponse }); _wamProxy.FindAllWebAccountsAsync(wamAccountProvider, TestConstants.ClientId).Returns(Task.FromResult(webAccounts)); // WAM can give MSAL the home account ID of a Wam account, which MSAL matches to a WAM account _msaPlugin.GetHomeAccountIdOrNull(webAccount).Returns(homeAccId); _msaPlugin.CreateWebTokenRequestAsync( wamAccountProvider, requestParams, isForceLoginPrompt: false, isAccountInWam: true, isInteractive: false) .Returns(Task.FromResult(webTokenRequest)); requestParams.Account = new Account( homeAccId, // matching in on home acc id "*****@*****.**", // matching is not on UPN null); // account does not have wam_id, might be coming directly from WAM var atsParams = new AcquireTokenSilentParameters(); _webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(wamAccountProvider)); _wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest). Returns(Task.FromResult(webTokenResponseWrapper)); _msaPlugin.ParseSuccesfullWamResponse(webTokenResponse).Returns(_msalTokenResponse); // Act var result = await _wamBroker.AcquireTokenSilentAsync(requestParams, atsParams).ConfigureAwait(false); // Assert Assert.AreSame(_msalTokenResponse, result); } }
public async Task <MsalTokenResponse> AcquireTokenSilentAsync( AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenSilentParameters acquireTokenSilentParameters) { using (_logger.LogMethodDuration()) { // Important: MSAL will have already resolved the authority by now, // so we are not expecting "common" or "organizations" but a tenanted authority bool isMsa = IsMsaRequest( authenticationRequestParameters.Authority, null, IsMsaPassthrough(authenticationRequestParameters)); IWamPlugin wamPlugin = isMsa ? _msaPlugin : _aadPlugin; WebAccountProvider provider; if (isMsa) { provider = await _webAccountProviderFactory.GetAccountProviderAsync("consumers").ConfigureAwait(false); } else { provider = await _webAccountProviderFactory.GetAccountProviderAsync(authenticationRequestParameters.Authority.AuthorityInfo.CanonicalAuthority) .ConfigureAwait(false); } WebAccount webAccount = await FindWamAccountForMsalAccountAsync( provider, wamPlugin, authenticationRequestParameters.Account, null, // ATS requires an account object, login_hint is not supported on its own authenticationRequestParameters.ClientId).ConfigureAwait(false); if (webAccount == null) { throw new MsalUiRequiredException( MsalError.InteractionRequired, "Could not find a WAM account for the silent request."); } WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : false, isAccountInWam : true, isInteractive : false) .ConfigureAwait(false); AddCommonParamsToRequest(authenticationRequestParameters, webTokenRequest); var wamResult = await _wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest).ConfigureAwait(false); return(CreateMsalTokenResponse(wamResult, wamPlugin, isInteractive: false)); } }
private async Task <IWebTokenRequestResultWrapper> AcquireInteractiveWithWamAccountAsync( AuthenticationRequestParameters authenticationRequestParameters, Prompt msalPrompt, IWamPlugin wamPlugin, WebAccountProvider provider, WebAccount wamAccount) { WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : false, isInteractive : true, isAccountInWam : true) .ConfigureAwait(false); // because of https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2476 string differentAuthority = null; if (string.Equals(wamAccount?.WebAccountProvider?.Authority, Constants.OrganizationsTenant) && string.Equals(authenticationRequestParameters.Authority.TenantId, Constants.OrganizationsTenant)) { differentAuthority = authenticationRequestParameters.Authority.GetTenantedAuthority("common"); } WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest, differentAuthority); try { IWebTokenRequestResultWrapper wamResult; if (wamAccount != null) { wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest, wamAccount).ConfigureAwait(false); } else { // default user wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest).ConfigureAwait(false); } return(wamResult); } catch (Exception ex) { _logger.ErrorPii(ex); throw new MsalServiceException( MsalError.WamInteractiveError, "AcquireTokenInteractive without picker failed. See inner exception for details. ", ex); } }
public async Task <MsalTokenResponse> AcquireTokenSilentDefaultUserAsync( AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenSilentParameters acquireTokenSilentParameters) { using (_logger.LogMethodDuration()) { var defaultAccountProvider = await _webAccountProviderFactory.GetDefaultProviderAsync().ConfigureAwait(false); if (defaultAccountProvider == null) { throw new MsalUiRequiredException( MsalError.InteractionRequired, "A default account was not found"); } // special case: passthrough + default MSA account. Need to use the transfer token protocol. if (_wamOptions.MsaPassthrough && _webAccountProviderFactory.IsConsumerProvider(defaultAccountProvider)) { return(await AcquireTokenSilentDefaultUserPassthroughAsync(authenticationRequestParameters, defaultAccountProvider).ConfigureAwait(false)); } bool isMsa = await IsMsaRequestAsync( authenticationRequestParameters.Authority, null, _wamOptions.MsaPassthrough).ConfigureAwait(false); IWamPlugin wamPlugin = isMsa ? _msaPlugin : _aadPlugin; WebAccountProvider provider = await GetProviderAsync( authenticationRequestParameters.Authority.AuthorityInfo.CanonicalAuthority, isMsa).ConfigureAwait(false); WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : false, isAccountInWam : false, isInteractive : false) .ConfigureAwait(false); WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest, _logger); var wamResult = await _wamProxy.GetTokenSilentlyForDefaultAccountAsync(webTokenRequest).ConfigureAwait(false); return(WamAdapters.CreateMsalResponseFromWamResponse( wamResult, wamPlugin, authenticationRequestParameters.AppConfig.ClientId, _logger, isInteractive: false)); } }
public async Task <string> TryFetchTransferTokenInteractiveAsync(AuthenticationRequestParameters authenticationRequestParameters, WebAccountProvider accountProvider) { // First party apps can have MSA-PT enabled and can configured to allow MSA users _logger.Verbose("WAM MSA-PT - fetching transfer token for interactive flow"); var webTokenRequestMsa = await _msaPlugin.CreateWebTokenRequestAsync( accountProvider, authenticationRequestParameters, isForceLoginPrompt : false, isInteractive : true, isAccountInWam : false, TransferTokenScopes) .ConfigureAwait(false); WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequestMsa, _logger); var transferResponse = await _wamProxy.RequestTokenForWindowAsync(_parentHandle, webTokenRequestMsa) .ConfigureAwait(true); return(ExtractTransferToken( authenticationRequestParameters.AppConfig.ClientId, transferResponse, isInteractive: true)); }
private async Task <IWebTokenRequestResultWrapper> AcquireInteractiveWithoutPickerAsync( AuthenticationRequestParameters authenticationRequestParameters, Prompt msalPrompt, IWamPlugin wamPlugin, WebAccountProvider provider, WebAccount wamAccount) { bool isForceLoginPrompt = IsForceLoginPrompt(msalPrompt); WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : isForceLoginPrompt, isInteractive : true, isAccountInWam : true) .ConfigureAwait(false); AddPromptToRequest(msalPrompt, isForceLoginPrompt, webTokenRequest); WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest); try { IWebTokenRequestResultWrapper wamResult; if (wamAccount != null) { wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest, wamAccount).ConfigureAwait(false); } else { // default user wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest).ConfigureAwait(false); } return(wamResult); } catch (Exception ex) { _logger.ErrorPii(ex); throw new MsalServiceException( MsalError.WamInteractiveError, "AcquireTokenInteractive without picker failed. See inner exception for details. ", ex); } }
// only works for AAD plugin. MSA plugin does not allow for privacy reasons private async Task <MsalTokenResponse> AcquireInteractiveWithAadBrowserAsync( AuthenticationRequestParameters authenticationRequestParameters, Prompt msalPrompt) { var provider = await _webAccountProviderFactory.GetAccountProviderAsync( authenticationRequestParameters.Authority.TenantId).ConfigureAwait(true); WebTokenRequest webTokenRequest = await _aadPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : true, isInteractive : true, isAccountInWam : false) .ConfigureAwait(false); WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest); AddPromptToRequest(msalPrompt, true, webTokenRequest); var wamResult = await _wamProxy.RequestTokenForWindowAsync( _parentHandle, webTokenRequest).ConfigureAwait(false); return(CreateMsalTokenResponse(wamResult, _aadPlugin, isInteractive: true)); }
public async Task ATS_AccountWithWamId_Async() { // Arrange using (MockHttpAndServiceBundle harness = CreateTestHarness()) { _webAccountProviderFactory.ClearReceivedCalls(); var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null); var extraQP = new Dictionary <string, string>() { { "extraQp1", "extraVal1" }, { "instance_aware", "true" } }; var requestParams = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, extraQueryParameters: extraQP, validateAuthority: true); // AAD requestParams.UserConfiguredAuthority = Authority.CreateAuthority("https://login.microsoftonline.com/organizations"); requestParams.Account = new Account( $"{TestConstants.Uid}.{TestConstants.Utid}", TestConstants.DisplayableId, null, new Dictionary <string, string>() { { TestConstants.ClientId, "wam_id_1" } }); // account has wam_id! var webAccount = new WebAccount(wamAccountProvider, "*****@*****.**", WebAccountState.Connected); var webTokenRequest = new WebTokenRequest(wamAccountProvider); var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>(); webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success); var webTokenResponse = new WebTokenResponse(); webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>() { webTokenResponse }); _webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(wamAccountProvider)); _wamProxy.FindAccountAsync(Arg.Any <WebAccountProvider>(), "wam_id_1").Returns(Task.FromResult(webAccount)); _aadPlugin.CreateWebTokenRequestAsync( wamAccountProvider, requestParams, isForceLoginPrompt: false, isAccountInWam: true, isInteractive: false) .Returns(Task.FromResult(webTokenRequest)); var atsParams = new AcquireTokenSilentParameters(); _wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest). Returns(Task.FromResult(webTokenResponseWrapper)); _aadPlugin.ParseSuccesfullWamResponse(webTokenResponse).Returns(_msalTokenResponse); // Act var result = await _wamBroker.AcquireTokenSilentAsync(requestParams, atsParams).ConfigureAwait(false); // Assert Assert.AreSame(_msalTokenResponse, result); Assert.AreEqual("yes", webTokenRequest.Properties["validateAuthority"]); Assert.AreEqual("extraVal1", webTokenRequest.Properties["extraQp1"]); // Although at the time of writing, MSAL does not support instance aware ... // WAM does support it but the param is different - discovery=home Assert.AreEqual("home", webTokenRequest.Properties["discover"]); Assert.AreEqual("https://login.microsoftonline.com/organizations/", webTokenRequest.Properties["authority"]); } }
public async Task <MsalTokenResponse> AcquireTokenSilentAsync( AuthenticationRequestParameters authenticationRequestParameters, AcquireTokenSilentParameters acquireTokenSilentParameters) { using (_logger.LogMethodDuration()) { // Important: MSAL will have already resolved the authority by now, // so we are not expecting "common" or "organizations" but a tenanted authority bool isMsa = await IsMsaRequestAsync( authenticationRequestParameters.Authority, null, _wamOptions.MsaPassthrough) .ConfigureAwait(false); IWamPlugin wamPlugin = isMsa ? _msaPlugin : _aadPlugin; WebAccountProvider provider; if (_wamOptions.MsaPassthrough) { provider = await GetProviderAsync( "organizations", false).ConfigureAwait(false); } else { provider = await GetProviderAsync( authenticationRequestParameters.AuthorityInfo.CanonicalAuthority, isMsa).ConfigureAwait(false); } WebAccount webAccount = await FindWamAccountForMsalAccountAsync( provider, wamPlugin, authenticationRequestParameters.Account, null, // ATS requires an account object, login_hint is not supported on its own authenticationRequestParameters.AppConfig.ClientId).ConfigureAwait(false); if (webAccount == null && _wamOptions.MsaPassthrough) { return(await AcquireMsaTokenSilentForPassthroughAsync( authenticationRequestParameters, provider).ConfigureAwait(false)); } if (webAccount == null) { throw new MsalUiRequiredException( MsalError.InteractionRequired, "Could not find a WAM account for the silent request."); } WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync( provider, authenticationRequestParameters, isForceLoginPrompt : false, isAccountInWam : true, isInteractive : false) .ConfigureAwait(false); // For MSA-PT scenario, MSAL's authority is wrong. MSAL will use Account.HomeTenantId // which will essentialyl be /consumers. This is wrong, we are not trying to obtain // an MSA token, we are trying to obtain an ADD *guest* token. string differentAuthority = null; if (_wamOptions.MsaPassthrough && authenticationRequestParameters.Authority is AadAuthority aadAuthority && aadAuthority.IsConsumers()) { differentAuthority = authenticationRequestParameters.Authority.GetTenantedAuthority("organizations", forceTenantless: true); } WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest, _logger, differentAuthority); var wamResult = await _wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest).ConfigureAwait(false); return(WamAdapters.CreateMsalResponseFromWamResponse( wamResult, wamPlugin, authenticationRequestParameters.AppConfig.ClientId, _logger, isInteractive: false)); } }