We have a very enterprise specific issue.
At the moment when we want to acquire authentication tokens for MS graph requests, we are using the MSAL libraries so we don’t have to re-implement all the kinds of token caching/refreshing logic by our self.
But as we are working from enclosed systems, we have to use a proxy to connect to login.microsoft.com, which works fine till now.
Our security doesn’t want this anymore, they want us to use our gateway.
So instead of using login.microsoft.com with a proxy server we should directly connect to gateway.enterprise.ch
Here comes now my problem, the MSAL libraries are doing so much more than just login.microsoft.com/oauth/…, but also all the userrealdiscovery stuff.
Is it in any way possible to use the MSAL libraries and bent them to use our gateway?
How it works at the moment:
building MSAL client
return o365IntegrationOptions.ProxySettings.UseProxy ?
PublicClientApplicationBuilder
.CreateWithApplicationOptions(pcaOptions)
.WithHttpClientFactory(serviceProvider.GetRequiredService<IWebProxyMsalClientFactory>())
.WithDefaultRedirectUri() //https://login.microsoftonline.com/common/oauth2/nativeclient
.Build()
: PublicClientApplicationBuilder
.CreateWithApplicationOptions(pcaOptions)
.WithDefaultRedirectUri() //https://login.microsoftonline.com/common/oauth2/nativeclient
.Build();
….
Later fetch the token for each graph call (without caching, as that isn’t important for the question)
var result = _msalClient.AcquireTokenByUsernamePassword(_scopes, loginSMTP, password).ExecuteAsync();
return result.AccessToken;
I tried to use different methods for injecting authorities with and without a tenantId, experimental features like the OidcAuthority, directly connecting to our InstanceDiscoveryMetadataUri but i somehow never get it to do the actual call over our gateway