/// <summary> /// Attempts to acquire access token from the token cache silently by calling AcquireTokenSilentAsync /// </summary> internal async Task <AuthenticationResult> GetAccessTokenSilentAsync(MsalAuthenticationProviderOption msalAuthProviderOption) { IAccount account = null; if (msalAuthProviderOption.UserAccount?.ObjectId != null) { // Parse GraphUserAccount to IAccount instance account = new GraphAccount(msalAuthProviderOption.UserAccount); } else { // If no graph user account is passed, try get the one in cache. IEnumerable <IAccount> accounts = await ClientApplication.GetAccountsAsync(); account = accounts.FirstOrDefault(); } if (account == null) { return(null); } try { return(await ClientApplication.AcquireTokenSilentAsync( msalAuthProviderOption.Scopes ?? Scopes, account, ClientApplication.Authority, msalAuthProviderOption.ForceRefresh)); } catch (MsalUiRequiredException msalUiEx) { return(null); } catch (MsalServiceException serviceException) { throw new AuthenticationException( new Error { Code = ErrorConstants.Codes.GeneralException, Message = ErrorConstants.Message.UnexpectedMsalException }, serviceException); } catch (Exception exception) { throw new AuthenticationException( new Error { Code = ErrorConstants.Codes.GeneralException, Message = ErrorConstants.Message.UnexpectedException }, exception); } }
/// <summary> /// Adds an authentication header to the incoming request by checking the application's <see cref="TokenCache"/> /// for an unexpired access token. If a token is not found or expired, it gets a new one. /// </summary> /// <param name="httpRequestMessage">A <see cref="HttpRequestMessage"/> to authenticate.</param> public async Task AuthenticateRequestAsync(HttpRequestMessage httpRequestMessage) { GraphRequestContext requestContext = httpRequestMessage.GetRequestContext(); MsalAuthenticationProviderOption msalAuthProviderOption = httpRequestMessage.GetMsalAuthProviderOption(); IAccount account = new GraphAccount(msalAuthProviderOption.UserAccount); AuthenticationResult authenticationResult = await this.GetAccessTokenSilentAsync(msalAuthProviderOption); if (authenticationResult == null) { authenticationResult = await GetNewAccessTokenAsync(account, msalAuthProviderOption.Scopes ?? Scopes); } if (!string.IsNullOrEmpty(authenticationResult.AccessToken)) { httpRequestMessage.Headers.Authorization = new AuthenticationHeaderValue(CoreConstants.Headers.Bearer, authenticationResult.AccessToken); } }