[BUG] OwinTokenAcquisitionHost GetAuthenticatedUserAsync does not respect the passed in argument #2585
Description
Microsoft.Identity.Web Library
Microsoft.Identity.Web.OWIN
Microsoft.Identity.Web version
2.15.1
Web app
Not Applicable
Web API
Not Applicable
Token cache serialization
Not Applicable
Description
public Task<ClaimsPrincipal?> GetAuthenticatedUserAsync(ClaimsPrincipal? user)
{
return Task.FromResult<ClaimsPrincipal?>(HttpContext.Current.User as ClaimsPrincipal);
}
This code ignores the passed ClaimsPrincipal user. So if you where to manually resolve the ITokenAquirer as depicted in various example apps, and pass along a user when calling for example GetTokenForUserAsync it will never use the user you provided.
Reproduction steps
- Initialise microsoft.identity.web using the OwinTokenAcquirerFactory.
- Authenticate then call code which executes:
ITokenAcquirerFactory tokenAcquirerFactory = TokenAcquirerFactory.GetDefaultInstance<OwinTokenAcquirerFactory>();
ITokenAcquirer acquirer = tokenAcquirerFactory.GetTokenAcquirer()!;
AcquireTokenResult tokenResult = await acquirer.GetTokenForUserAsync(new[] { "offline_access", "user.read" }, null, myOwnClaimsPrincipalUser);
Note that the loggedin user is used in the background, and not the user you provided.
Error message
No response
Id Web logs
No response
Relevant code snippets
see descriptionRegression
No response
Expected behavior
I Expect the OwinTokenAcquisitionHost to respect the claimsprincipal thats passed along