Pass all scopes in token request and update IndividualLocalAuth template (#26232)

* Pass all scopes in token request and update IndividualLocalAuth template * Fix build and address feedback from peer review
2020-09-23 20:42:44 -07:00 · 2020-09-23 20:42:44 -07:00 · b925b2886a
parent 650bbeb8f5
commit b925b2886a
4 changed files with 20 additions and 5 deletions
--- a/src/Components/Web.JS/dist/Release/blazor.server.js
+++ b/src/Components/Web.JS/dist/Release/blazor.server.js
--- a/src/Components/Web.JS/dist/Release/blazor.webassembly.js
+++ b/src/Components/Web.JS/dist/Release/blazor.webassembly.js
--- a/src/Components/WebAssembly/Authentication.Msal/src/Interop/AuthenticationService.ts
+++ b/src/Components/WebAssembly/Authentication.Msal/src/Interop/AuthenticationService.ts
@ -54,6 +54,7 @@ class MsalAuthorizeService implements AuthorizeService {
    private readonly _msalApplication: Msal.PublicClientApplication;
    private _account: Msal.AccountInfo | undefined;
    private _redirectCallback: Promise<AuthenticationResult | null> | undefined;
+    private _requestedScopes: string[] | undefined;

    constructor(private readonly _settings: AuthorizeServiceConfiguration) {
        if (this._settings.auth?.knownAuthorities?.length == 0) {
@ -81,10 +82,23 @@ class MsalAuthorizeService implements AuthorizeService {
            return;
        }

+        const scopes: string[] = [];
+        if (this._settings.defaultAccessTokenScopes && this._settings.defaultAccessTokenScopes.length > 0) {
+            scopes.push(...this._settings.defaultAccessTokenScopes)
+        }
+
+        if (this._settings.additionalScopesToConsent && this._settings.additionalScopesToConsent.length > 0) {
+            scopes.push(...this._settings.additionalScopesToConsent);
+        }
+
+        if (this._requestedScopes && this._requestedScopes.length > 0) {
+            scopes.push(...this._requestedScopes);
+        }
+
        const silentRequest = {
            redirectUri: this._settings.auth?.redirectUri,
            account: account,
-            scopes: this._settings.defaultAccessTokenScopes
+            scopes: scopes
        };

        const response = await this._msalApplication.acquireTokenSilent(silentRequest);
@ -111,6 +125,7 @@ class MsalAuthorizeService implements AuthorizeService {
            return;
        }

+        this._requestedScopes = scopes;
        const silentRequest = {
            redirectUri: this._settings.auth?.redirectUri,
            account: account,
@ -162,7 +177,7 @@ class MsalAuthorizeService implements AuthorizeService {
                    const silentRequest = {
                        redirectUri: request.redirectUri,
                        account: account,
-                        scopes: request.scopes,
+                        scopes: request.scopes.concat(request.extraScopesToConsent || [])
                    };
                    await this._msalApplication.acquireTokenSilent(silentRequest);
                }
--- a/src/ProjectTemplates/Web.ProjectTemplates/content/ComponentsWebAssembly-CSharp/Client/wwwroot/appsettings.json
+++ b/src/ProjectTemplates/Web.ProjectTemplates/content/ComponentsWebAssembly-CSharp/Client/wwwroot/appsettings.json
@ -1,7 +1,7 @@
 {
  ////#if (IndividualLocalAuth)
  //"Local": {
-  //  "Authority": "https://login.microsoftonline.com/",
+  //  "Authority": "https:////login.microsoftonline.com/",
  //  "ClientId": "33333333-3333-3333-33333333333333333"
  //}
  ////#endif