'Using MSAL to obtain tokens for MS Graph without overriding custom app authentication

I'm building a .NET 6 ASP.NET app that has custom authentication. I need to call MS Graph APIs on behalf of my users and I want to use MSAL for that. Unfortunately, all examples include signing in the users to the app via Azure AD. I do not want MSAL to override my custom authentication, I just want to obtain the access/refresh tokens and I will tie them in with my local user principals.

This is the example code I'm looking to modify:

builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
    .EnableTokenAcquisitionToCallDownstreamApi(new[] { "User.Read" })
    .AddMicrosoftGraph(builder.Configuration.GetSection("Graph"))
    .AddInMemoryTokenCaches();

I could manually craft all the OAuth 2.0 messages but surely MSAL can do that for me without overriding my app's User.Current? Any tips, examples?

oauth-2.0microsoft-graph-apimsal


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

No authentication handler is registered for the scheme 'Cookies'. The registered schemes are: Application, Bearer, ASOS

Modern Oauth2 authentication for sending mails using Nodemailer nodejs

Spring Security: How to use a UserDetailsService with JwtAuthenticationProvider?

How do I validate a JWT using JwtSecurityTokenHandler and a JWKS endpoint?

Change the preferred_username in token for client credential grant flow

How to convert guild.permissions number into an array of persmissions discord.js oauth2

how to config apache jmeter 2.6 oauth 2.0

oauth-private.key does not exist or is not readable

ASP.NET Web API Google OAuth keep return "Access Denied"

Java - OAuth 2 using restTemplate to get login with refresh token (StackOverFlowError)

AWS Cognito; unauthorized_client error when hitting /oauth2/token

AWS Cognito; unauthorized_client error when hitting /oauth2/token

Salesforce OAuth User Agent Flow: obtain refresh token with

JWT "invalid_grant" in Signature in Google OAuth2

"Full authentication is required to access this resource" on spring oauth2 authorization server on /oauth/token request