Open DaleyKD opened 1 year ago
I've got a much better understanding of how this library works since I posted two weeks ago. I'd STILL love a way that I could not HAVE to duplicate my scopes (one for the attribute and one in the _graphServiceClient call). But I at least understand how to make this work properly now.
@DaleyKD : the readme you referenced is for MVC controllers for Blazor pages, see here: https://github.com/AzureAD/microsoft-identity-web/wiki/Managing-incremental-consent-and-conditional-access#in-razor-pages
Microsoft.Identity.Web Library
Microsoft.Identity.Web
Microsoft.Identity.Web version
2.13.3
Web app
Sign-in users and call web APIs
Web API
Not Applicable
Token cache serialization
In-memory caches
Description
When decorating a RazorPage (or MVC Controller Action) with
[AuthorizeForScopes(Scopes = new[] { "Mail.Read" })]
, the GraphServiceClient raises aServiceException
, but not aMsalUiRequiredException
. Therefore, incremental consent is never requested.According to this readme (and others I've seen throughout your repos), it's insinuated that it will all be handled behind the scenes.
Reproduction steps
Error message
Id Web logs
No response
Relevant code snippets
Program.cs
HomeController.cs
Regression
No response
Expected behavior
I'd like to see a seamless challenge so that the user is prompted to consent to the new scopes.