Migrating from ADAL to MSAL missing roles

Adam White 1 Reputation point
2021-02-19T09:44:02.79+00:00

I'm migrating a web app from using ADAL to MSAL, but the token is returned no longer has user information and roles.

With ADAL we would use the AcuireTokenSilentAsync method and specify the User Identifier:

authenticationResult = await authContext.AcquireTokenSilentAsync(
resource,
m_clientAssertionCertificate,
new UserIdentifier(
userObjectID,
UserIdentifierType.UniqueId)).ConfigureAwait(false);

The responding Access Token includes the profile and roles we have defined in App Roles (on the App registration)

"roles": [
"Developer"
],

When converting to use MSAL, I can't seem to find a way to pass in a UserIdentifer so that I can get back the roles in the Access Token

        var scopes = new[] {"https://graph.microsoft.com/.default"}
        authenticationResult =  clientApp.AcquireTokenForClient(scopes).WithSendX5C(true).ExecuteAsync().Result;
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,866 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,458 questions