Specify the user to authenticate

[tipa]

In my app I want my users to choose the OneDrive account to work with.

• Is there any way to show them a UI where they can select their account?
• Or is there a way for me to authenticate a specific account after the user entered his account details somewhere else in my app?

Currently, the account the user is signed in on the device is used without an option to change it. I already googled that issue and looked though the issues here and on the onedrive-sdk-dotnet-msa-auth-adapter-repo, without success

[daboxu]

hi @tipa , for selecting both OneDrive Consumer (aks personal) and OneDrive for Business account, I think the MSAL library should work for you because it hits the AAD Oauth V2 endpoint which provides UI for user to choose their personal or business account. In addition, probably you want to user the Graph SDK as well.

[tipa]

Thanks @daboxu, thanks for your response! I don't want to necessarily allow Business accounts (maybe at a later point) but I want to allow the user to choose from his personal accounts (e.g. when he is logged in on his phone with a Business account). Currently I am using the Authentication Adapter for the OneDrive SDK, very easy to use. However, it is always logging in the account the user is currently logged in. I will give your suggestion of the MSAL library a try. Is this an alternative way of authenticating for OneDrive, a newer approach or something else (compared to the MSA Auth Adapter)? Sorry, it's pretty confusing with all those different names (AD, MSAL, Graph, MSA,...) for someone who isn't deep into the topic...

[daboxu]

hi @tipa , probably you can apply a signout browser first because the login page stored user cookie and reuse it if a user has logined before, use desktop app as example:

    await msaAuthProvider.SignOutOfBrowserAsync();
    // browser has cleared the cookie.
    await msaAuthProvider.AuthenticateUserAsync();

NOTE In a word, MSAL and Graph SDK are the direction the MSA Auth Adapter and the OneDrive C# SDK are moving to. The MSA Auth Adapter is the adapter we built for providing authentication for personal and business account separately, as you know there is a MSAAuthProvider for personal account and a ADALAuthProvider for business account. We leave the identify account type logic to developers which do require your efforts, and later as the OAuth service evolves, the identify logic is a part of Azure AD OAuth V2 which supports both personal account and business account. So MSAL and Graph API are the Auth Library and the Service relies on Azure AD V2. As the AD OAuth V2 and Graph unified the application access, and OneDrive API is integrated into Graph API, I would suggest you keeping eyes on the MSAL and Graph SDK for C#.

[daboxu]

close for now and feel free to reopen it if you still have this issue.

[tipa]

Thanks for your comprehensive answer. I will try out your suggestion with the removal of the browser cookies. I also tried the Graph Library in combination with the prerelease auth MSAL library, more specifically I tried out this example but encountered a bunch of issues:

• the newtonsoft.json library wasnt included and I had to reference it by myself although being a dependency of the Graph library
• the auth token wasnt cached, I was prompted for auth on every start of the app
• currently, it seems that I cannot request permissions for the app folder only (see here)

That all says me that this seems to be in an early preview still so I stick with the current OneDrive SDK but will keep my eyes on the new one

[daboxu]

thanks your feedbacks! Yes we do have a long way to go. For 1) newtonsoft.json reference, feel free to report it on the Graph C# SDK issues. 2) auth token probably you want notice the owner of MSAL here. 3) I think I have a backlog for the permission issue, sorry for the inconvenience right now, will be back if it is solved.