Fix spelling mistakes

Author: Tiago Brenck

Microsoft.Identity.Web/AuthorityHelpers.cs

@@ -21,7 +21,7 @@ internal static string BuildAuthority(MicrosoftIdentityOptions options)
             if (options == null)
                 return null;
 
-            // Cannot build authority without AAD Intance or Domain
+            // Cannot build authority without AAD Instance or Domain
             if (string.IsNullOrWhiteSpace(options.Instance) || string.IsNullOrWhiteSpace(options.Domain))
                 return null;
 

Microsoft.Identity.Web/AzureADB2COpenIDConnectEventHandlers.cs

@@ -69,7 +69,7 @@ public Task OnRemoteFailure(RemoteFailureContext context)
             }
             // Access denied errors happen when a user cancels an action on the Azure Active Directory B2C UI. We just redirect back to
             // the main page in that case.
-            // Message contains error: 'access_denied', error_description: 'AADB2C90091: The user has cancelled entering self-asserted information.
+            // Message contains error: 'access_denied', error_description: 'AADB2C90091: The user has canceled entering self-asserted information.
             // Correlation ID: d01c8878-0732-4eb2-beb8-da82a57432e0
             // Timestamp: 2018-03-05 02:56:49Z
             // ', error_uri: 'error_uri is null'.

Microsoft.Identity.Web/Resource/AadIssuerValidator.cs

@@ -165,7 +165,7 @@ private static string GetTenantIdFromToken(SecurityToken securityToken)
                 if (jwtSecurityToken.Payload.TryGetValue(ClaimConstants.Tid, out object tenantId))
                     return tenantId as string;
 
-                // Since B2C doesnt have TID as default, try to get it from iss claims
+                // Since B2C doesn't have TID as default, try to get it from iss claims
                 if (jwtSecurityToken.Claims.Any(c => c.Type == ClaimConstants.Acr || c.Type == ClaimConstants.Tfp))
                     return GetTenantIdFromIss(jwtSecurityToken.Issuer);
             }

Microsoft.Identity.Web/TokenAcquisition.cs

@@ -157,7 +157,7 @@ public async Task AddAccountToCacheFromAuthorizationCodeAsync(AuthorizationCodeR
         /// passing the validated token (as a JwtSecurityToken). Calling it from a Web App supposes that
         /// you have previously called AddAccountToCacheFromAuthorizationCodeAsync from a method called by
         /// OpenIdConnectOptions.Events.OnAuthorizationCodeReceived</remarks>
-        [Obsolete("Renamed to GetAccessTokenForUserAsync. Please use that method")]
+        [Obsolete("This method has been deprecated, please use the GetAccessTokenForUserAsync() method instead.")]
         public async Task<string> GetAccessTokenOnBehalfOfUserAsync(
             IEnumerable<string> scopes,
             string tenant = null)
@@ -224,7 +224,7 @@ public async Task<string> GetAccessTokenForUserAsync(
                     accessToken = result.AccessToken;
                 }
 
-                // Case of the Web App: we let the the MsalUiRequiredException be caught by the 
+                // Case of the Web App: we let the MsalUiRequiredException be caught by the 
                 // AuthorizeForScopesAttribute exception filter so that the user can consent, do 2FA, etc ...
                 else
                 {

Microsoft.Identity.Web/WebAppServiceCollectionExtensions.cs

@@ -24,7 +24,7 @@ namespace Microsoft.Identity.Web
     public static class WebAppServiceCollectionExtensions
     {
         #region
-        [Obsolete("Use AddSignIn")]
+        [Obsolete("This method has been deprecated, please use the AddSignIn() method instead.")]
         public static IServiceCollection AddMicrosoftIdentityPlatform(
                 this IServiceCollection services,
                 IConfiguration configuration,
@@ -40,7 +40,7 @@ public static IServiceCollection AddMicrosoftIdentityPlatform(
             return services;
         }
 
-        [Obsolete("Use AddWebAppCallsProtectedWebApi")]
+        [Obsolete("This method has been deprecated, please use the AddWebAppCallsProtectedWebApi() method instead.")]
         public static IServiceCollection AddMsal(this IServiceCollection services,
                                                                IConfiguration configuration,
                                                                IEnumerable<string> initialScopes,
@@ -60,9 +60,9 @@ public static IServiceCollection AddMsal(this IServiceCollection services,
         /// <param name="initialScopes">Initial scopes to request at sign-in</param>
         /// <returns></returns>
         public static IServiceCollection AddWebAppCallsProtectedWebApi(
-            this IServiceCollection services, 
-            IConfiguration configuration, 
-            IEnumerable<string> initialScopes, 
+            this IServiceCollection services,
+            IConfiguration configuration,
+            IEnumerable<string> initialScopes,
             string configSectionName = "AzureAd",
             string openIdConnectScheme = OpenIdConnectDefaults.AuthenticationScheme)
         {
@@ -125,8 +125,8 @@ public static IServiceCollection AddWebAppCallsProtectedWebApi(
         /// </param>
         /// <returns></returns>
         public static AuthenticationBuilder AddSignIn(
-            this AuthenticationBuilder builder, 
-            IConfiguration configuration, 
+            this AuthenticationBuilder builder,
+            IConfiguration configuration,
             Action<OpenIdConnectOptions> configureOptions,
             bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents = false) =>
                 builder.AddSignIn(
@@ -150,9 +150,9 @@ public static AuthenticationBuilder AddSignIn(
         /// </param>
         /// <returns></returns>
         public static AuthenticationBuilder AddSignIn(
-            this AuthenticationBuilder builder, 
-            string configSectionName, 
-            IConfiguration configuration, 
+            this AuthenticationBuilder builder,
+            string configSectionName,
+            IConfiguration configuration,
             Action<OpenIdConnectOptions> configureOptions,
             bool subscribeToOpenIdConnectMiddlewareDiagnosticsEvents = false) =>
                 builder.AddSignIn(
@@ -202,13 +202,16 @@ public static AuthenticationBuilder AddSignIn(
 
                 if (!AuthorityHelpers.IsV2Authority(options.Authority))
                     options.Authority += "/v2.0";
-                
+
                 options.TokenValidationParameters.NameClaimType = "preferred_username";
 
-                // If you want to restrict the users that can sign-in to several organizations
-                // Set the tenant value in the appsettings.json file to 'organizations', and add the
-                // issuers you want to accept to options.TokenValidationParameters.ValidIssuers collection
-                options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetIssuerValidator(options.Authority).Validate;
+                if (options.TokenValidationParameters.IssuerValidator == null)
+                {
+                    // If you want to restrict the users that can sign-in to several organizations
+                    // Set the tenant value in the appsettings.json file to 'organizations', and add the
+                    // issuers you want to accept to options.TokenValidationParameters.ValidIssuers collection
+                    options.TokenValidationParameters.IssuerValidator = AadIssuerValidator.GetIssuerValidator(options.Authority).Validate;
+                }
 
                 // Avoids having users being presented the select account dialog when they are already signed-in
                 // for instance when going through incremental consent