Microsoft-authentication-library-for-dotnet: [Feedback Request] What do you think of MSAL 3.0.0-preview?

@jmprieur I do like the new fluent API in 3.0... I do not like that it is still expecting the UIParent which is really more relevant for Android as I recall from our previous conversations. This should be moved to PublicClientApplicationBuilder where specifically for Android you should add WithActivity. This means that the PCA can be built at the Platform level and injected with DI... everything after that should work great.

Hi @dansiegel - thanks for the feedback. We also feel the acquire token silent needs work. It's not trivial to come up with the right API here because on Android devs need to pass in the Authority. On other platforms a parent window can be used simply so that we can center the webui.

We discuss this in more detail, along with an API proposal, here:

https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/918

See also https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/949 and https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/918#issuecomment-471503296

I'm beginning with MSAL and haven't experienced the 2.0 API. From what I can tell, the 3.0 one is better and more flexible. In the interest of those improvements, and to make the current API less crowded, please depreciate the 2.0 members in the 3.0 release and outright remove them in 4.0.

I found only this sample that's for AD B2C and uses the MSAL v3 API. Does it reflect best practices? I have some doubts that I asked about here and here.

@ChainReactive
thanks for the feedback.
B2C is a bit special (as the notion of policy does not appear directly in the API model), and we are a bit behind on updating the B2C samples, but that's definitively something we are working on. See for instance this issue (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/911), and also this branch (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tree/jennyf/b2cPrototype) where @jennyf19 where we are discussing surfacing B2C policies as a first class concept in the API.

I found only this sample that's for AD B2C and uses the MSAL v3 API. Does it reflect best practices? I have some doubts that I asked about here and here.

There's a pretty good sample that's just been updated to v3 here : https://github.com/Azure-Samples/active-directory-dotnet-admin-restricted-scopes-v2

Any examples anywhere of calling SharePoint Online search API using MSAL v3?

All the Azure AD samples are available from https://aka.ms/aaddevsamplesv2 and all the .NET one use the new MSAL 3.x API.

There are a few B2C samples using MSAL.NET 3.x already

• https://github.com/Azure-Samples/active-directory-b2c-dotnet-desktop
• https://github.com/Azure-Samples/active-directory-b2c-xamarin-native
• https://github.com/Azure-Samples/active-directory-b2c-dotnetcore-webapp
  We have been working on updating the other B2C samples to MSAL 3.x

For SharePoint online search API, what is the name of the resource @zedthehead ? can you see it in the app registration portal: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-access-web-apis#add-permissions-to-access-web-apis ?

Does it reflect best practices?

@ChainReactive I would tend to say overwhelmingly the norm of Microsoft samples... assume they're following worst practices for a Proof of Concept.

In the api permissions page it is listed as Sites.Search.All under the SharePoint sub-heading/group. The name of the scope is given as https://microsoft.sharepoint-df.com/Sites.Search.All. Currently I'm trying to port an ASP.NET MVC5 project from ADAL to MSAL v3 using the https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/url sample as a guide

@zedthehead
you can get inspired by this sample: https://github.com/Azure-Samples/active-directory-dotnet-admin-restricted-scopes-v2/blob/master/GroupManager/Controllers/GroupsController.cs (MVC5)

If you want to move to ASP.NET core, this one is even bettre: https://github.com/Azure-Samples/ms-identity-aspnetcore-webapp-tutorial, in particular https://github.com/Azure-Samples/ms-identity-aspnetcore-webapp-tutorial/blob/master/3-WebApp-multi-APIs/Controllers/HomeController.cs#L42

I posted an example app and instructions for setting up the Portal for a WPF client app that uses Azure AD with MSAL 3.0.8 for authentication and accessing the Key Vault.

Waiting on MSAL support for authenticating Azure Functions, then the MSAL use cases will be complete for my app.

For the sample, I extracted the MSAL code into a service file and helper file. Essentially removing the MSAL code from the UI code.

Hope this can help someone.

Example Azure AD, MSAL 3.0.8 authentication for login and Key Vault

Thanks @kdawg1406 , I didn't know MSAL is not compatible with Azure Functions. I think it is, as MSAL is feature complete, but we will need to do some digging to understand what's blocking Azure Functions.

@bgavrilMS thank you very much. I and many customers would really like to use MSAL for our authentication scenarios. I've spent several days trying to configure the Portal and required code, but no joy. So many blog posts and examples that show the Portal are from previous versions of the Portal, making it very challenging to follow and be successful.

Greatly appreciate any sample and walk-through of the Portal setup to get this working.

Best to you,

Karl

@jmprieur has been in conctact with the folks in Azure Functions as they need to make some changes on their end first.

Assigning to me to investigate and close the loop with Azure functions.

@jmprieur does MSAL 3 support Azure AD auth for Azure Functions? As of MSAL 3.0.8 it does not work.

Is it corrected now?

Thank you.