How to get an azure ad registered app token in a Blazor webassembly

Pierre Gourven 41 Reputation points
2023-09-07T13:13:25.6066667+00:00

Hi everybody,

I try to get a token from an azure AD registered app using MSAL in a blazor webassembly.
I have the tenant_id, the client_id and the scope from my registered app and want to get a token.
I try to use Microsoft.AspNetCore.Components.WebAssembly.Authentication and follow the tutorial https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-blazor-webassembly
but I want to get the token from my reg app instead of graph.
I have a look on the web but did not find a solution.

Any idea?

Thanks for your help!

Pete

Developer technologies | .NET | Blazor
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

2 answers

Sort by: Most helpful
  1. Q&A Assist
    2023-09-07T13:13:25.61+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To get a token from an Azure AD registered app using MSAL in a Blazor WebAssembly app, you can follow the instructions in the tutorial Tutorial: Sign in users and call a protected API from a Blazor WebAssembly app and modify the code to get a token for your registered app instead of Graph. Specifically, you will need to modify the OnInitializedAsync method in the Index.razor file to use the AcquireTokenAsync method of the IPublicClientApplication interface to get a token for your registered app. You will also need to modify the apiAuthorizationMessageHandler in the Program.cs file to use the AddAccessToken method of the AccessTokenProvider class to add the token to the HTTP request headers.


    References:

    0 comments No comments

  2. Bruce (SqlWork.com) 77,851 Reputation points Volunteer Moderator
    2023-09-07T16:15:59.2666667+00:00

    msal is used to get an access token. the requested scopes define what the access token can be used for. your ad registered app can have its own custom scope defined under api access. just add the scope to the get access token call.

    to use the token, you call the msal library for a access token, which will perform a login if required to get the token. if login is required your blazor app will be unloaded, then reloaded with the token. your code then adds the access token to httpclient request via the authorization header.

    in your sample, it uses the new httpclient authorization library used with injected httpclient.

    https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.components.webassembly.authentication.authorizationmessagehandler?view=aspnetcore-7.0

    this library (injected service) handles calling msal to get the token, and adds the bearer token header to the injected httpclient. it also handles login if required (again this will unload and reload the blazor app).

    you can define you own AuthorizationMessageHandler class to use with your own api.

    https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/additional-scenarios?view=aspnetcore-7.0

    otherwise you can use the msal services directly to get the token.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.