search

AzureAD / microsoft-authentication-library-for-dotnet

Microsoft Authentication Library (MSAL) for .NET
https://aka.ms/msal-net
MIT License
1.39k stars 340 forks source link

[Feature Request] Add support for CIAM custom authority #4387

Closed bgavrilMS closed 5 months ago

bgavrilMS commented 1 year ago

MSAL client type

Public, Confidential

Problem Statement

CIAM will support custom authorities, which will require MSAL to perform OIDC discovery of the endpoints.

Blocked until we have a test environment.

Proposed solution

Recommendation is for MSAL to add support to WithGenericAuthority for user flows (consider renaming to WithOidcAuthority).

Since this is a general-purpose mechanism, we should also try to use a non-Microsoft authority, such as Facebook or Google. MSAL can still add "client_info" and parse tid claim from id tokens by default, to provide an "AAD-like" experience. If "client_info" isn't there, account id will be sub claim. If tid isn't there, it's just ignored.

Alternatives

No response

bgavrilMS commented 1 year ago

CC @rayluo @localden as we do not have a test enviroment.

rayluo commented 1 year ago

CC @rayluo @localden as we do not have a test enviroment.

FYI: Still waiting for this internal PR to be approved and deployed. I have pinged stakeholders via email and teams.

bgavrilMS commented 5 months ago

Done