Merge branch 'master' into jmprieur/removingUis

Tiago Brenck · Tiago Brenck · commit f161eb301f29 · 2020-02-05T10:23:06.000-08:00
# Conflicts:
#	Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs
diff --git a/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs b/Microsoft.Identity.Web/AuthorizeForScopesAttribute.cs
@@ -46,6 +46,7 @@ public class AuthorizeForScopesAttribute : ExceptionFilterAttribute
         public override void OnException(ExceptionContext context)
         {
             MsalUiRequiredException msalUiRequiredException = context.Exception as MsalUiRequiredException;
+
             if (msalUiRequiredException == null)
             {
                 msalUiRequiredException = context.Exception?.InnerException as MsalUiRequiredException;
@@ -55,6 +56,9 @@ public override void OnException(ExceptionContext context)
             {
                 if (CanBeSolvedByReSignInOfUser(msalUiRequiredException))
                 {
+                    // Do not re-use the attribute param Scopes. For more info: https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/issues/273
+                    string[] scopes = null;
+
                     // the users cannot provide both scopes and ScopeKeySection at the same time
                     if (!string.IsNullOrWhiteSpace(ScopeKeySection) && Scopes != null && Scopes.Length > 0)
                     {
@@ -72,10 +76,13 @@ public override void OnException(ExceptionContext context)
                             throw new InvalidOperationException($"The {nameof(ScopeKeySection)} is provided but the IConfiguration instance is not present in the services collection");
                         }
 
-                        Scopes = new string[] { configuration.GetValue<string>(ScopeKeySection) };
+                        scopes = new string[] { configuration.GetValue<string>(ScopeKeySection) };
                     }
 
-                    var properties = BuildAuthenticationPropertiesForIncrementalConsent(Scopes, msalUiRequiredException, context.HttpContext);
+                    else
+                        scopes = Scopes;
+
+                    var properties = BuildAuthenticationPropertiesForIncrementalConsent(scopes, msalUiRequiredException, context.HttpContext);
                     context.Result = new ChallengeResult(properties);
                 }
             }
@@ -91,7 +98,7 @@ private bool CanBeSolvedByReSignInOfUser(MsalUiRequiredException ex)
             // InMemoryCache, the cache could be empty if the server was restarted. This is why
             // the null_user exception is thrown.
 
-            return ex.ErrorCode.ContainsAny(new [] { MsalError.UserNullError, MsalError.InvalidGrantError });
+            return ex.ErrorCode.ContainsAny(new[] { MsalError.UserNullError, MsalError.InvalidGrantError });
         }
 
         /// <summary>
@@ -102,16 +109,16 @@ private bool CanBeSolvedByReSignInOfUser(MsalUiRequiredException ex)
         /// <param name="context">current http context in the pipeline</param>
         /// <returns>AuthenticationProperties</returns>
         private AuthenticationProperties BuildAuthenticationPropertiesForIncrementalConsent(
-            string[] scopes, 
-            MsalUiRequiredException ex, 
+            string[] scopes,
+            MsalUiRequiredException ex,
             HttpContext context)
         {
             var properties = new AuthenticationProperties();
 
             // Set the scopes, including the scopes that ADAL.NET / MSAL.NET need for the token cache
             string[] additionalBuiltInScopes =
-                {OidcConstants.ScopeOpenId, 
-                OidcConstants.ScopeOfflineAccess, 
+                {OidcConstants.ScopeOpenId,
+                OidcConstants.ScopeOfflineAccess,
                 OidcConstants.ScopeProfile};
             properties.SetParameter<ICollection<string>>(OpenIdConnectParameterNames.Scope,
                                                          scopes.Union(additionalBuiltInScopes).ToList());
diff --git a/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj b/Microsoft.Identity.Web/Microsoft.Identity.Web.csproj
@@ -56,6 +56,6 @@
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="3.1.1" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="3.1.1" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="3.0.1" />
-    <PackageReference Include="Microsoft.Identity.Client" Version="4.8.0" />
+    <PackageReference Include="Microsoft.Identity.Client" Version="4.8.1" />
   </ItemGroup>
 </Project>

Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,7 @@ public class AuthorizeForScopesAttribute : ExceptionFilterAttribute`
`46`	`46`	`public override void OnException(ExceptionContext context)`
`47`	`47`	`{`
`48`	`48`	`MsalUiRequiredException msalUiRequiredException = context.Exception as MsalUiRequiredException;`
	`49`	`+`
`49`	`50`	`if (msalUiRequiredException == null)`
`50`	`51`	`{`
`51`	`52`	`msalUiRequiredException = context.Exception?.InnerException as MsalUiRequiredException;`
`@@ -55,6 +56,9 @@ public override void OnException(ExceptionContext context)`
`55`	`56`	`{`
`56`	`57`	`if (CanBeSolvedByReSignInOfUser(msalUiRequiredException))`
`57`	`58`	`{`
	`59`	`+ // Do not re-use the attribute param Scopes. For more info: https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/issues/273`
	`60`	`+ string[] scopes = null;`
	`61`	`+`
`58`	`62`	`// the users cannot provide both scopes and ScopeKeySection at the same time`
`59`	`63`	`if (!string.IsNullOrWhiteSpace(ScopeKeySection) && Scopes != null && Scopes.Length > 0)`
`60`	`64`	`{`
`@@ -72,10 +76,13 @@ public override void OnException(ExceptionContext context)`
`72`	`76`	`throw new InvalidOperationException($"The {nameof(ScopeKeySection)} is provided but the IConfiguration instance is not present in the services collection");`
`73`	`77`	`}`
`74`	`78`
`75`		`- Scopes = new string[] { configuration.GetValue<string>(ScopeKeySection) };`
	`79`	`+ scopes = new string[] { configuration.GetValue<string>(ScopeKeySection) };`
`76`	`80`	`}`
`77`	`81`
`78`		`- var properties = BuildAuthenticationPropertiesForIncrementalConsent(Scopes, msalUiRequiredException, context.HttpContext);`
	`82`	`+ else`
	`83`	`+ scopes = Scopes;`
	`84`	`+`
	`85`	`+ var properties = BuildAuthenticationPropertiesForIncrementalConsent(scopes, msalUiRequiredException, context.HttpContext);`
`79`	`86`	`context.Result = new ChallengeResult(properties);`
`80`	`87`	`}`
`81`	`88`	`}`
`@@ -91,7 +98,7 @@ private bool CanBeSolvedByReSignInOfUser(MsalUiRequiredException ex)`
`91`	`98`	`// InMemoryCache, the cache could be empty if the server was restarted. This is why`
`92`	`99`	`// the null_user exception is thrown.`
`93`	`100`
`94`		`- return ex.ErrorCode.ContainsAny(new [] { MsalError.UserNullError, MsalError.InvalidGrantError });`
	`101`	`+ return ex.ErrorCode.ContainsAny(new[] { MsalError.UserNullError, MsalError.InvalidGrantError });`
`95`	`102`	`}`
`96`	`103`
`97`	`104`	`/// <summary>`
`@@ -102,16 +109,16 @@ private bool CanBeSolvedByReSignInOfUser(MsalUiRequiredException ex)`
`102`	`109`	`/// <param name="context">current http context in the pipeline</param>`
`103`	`110`	`/// <returns>AuthenticationProperties</returns>`
`104`	`111`	`private AuthenticationProperties BuildAuthenticationPropertiesForIncrementalConsent(`
`105`		`- string[] scopes,`
`106`		`- MsalUiRequiredException ex,`
	`112`	`+ string[] scopes,`
	`113`	`+ MsalUiRequiredException ex,`
`107`	`114`	`HttpContext context)`
`108`	`115`	`{`
`109`	`116`	`var properties = new AuthenticationProperties();`
`110`	`117`
`111`	`118`	`// Set the scopes, including the scopes that ADAL.NET / MSAL.NET need for the token cache`
`112`	`119`	`string[] additionalBuiltInScopes =`
`113`		`- {OidcConstants.ScopeOpenId,`
`114`		`- OidcConstants.ScopeOfflineAccess,`
	`120`	`+ {OidcConstants.ScopeOpenId,`
	`121`	`+ OidcConstants.ScopeOfflineAccess,`
`115`	`122`	`OidcConstants.ScopeProfile};`
`116`	`123`	`properties.SetParameter<ICollection<string>>(OpenIdConnectParameterNames.Scope,`
`117`	`124`	`scopes.Union(additionalBuiltInScopes).ToList());`