When TokenAcquirerFactory is not in use (e.g. ASP.NET Core 2.x) then Token Acquistion Services are incorrectly registered as scoped services instead of singleton #3157
Description
Microsoft.Identity.Web Library
Microsoft.Identity.Web
Microsoft.Identity.Web version
3.4.0
Web app
Not Applicable
Web API
Protected web APIs call downstream web APIs
Token cache serialization
Not Applicable
Description
When TokenAcquirerFactory is not in use (e.g. ASP.NET Core 2.x) and Token Acquistion Services are incorrectly registered as scoped services instead of singleton
Reproduction steps
- Setup a Web API on ASP.NET Core 2.1
- Invoke AddTokenAcquisition()
- Invoke AddTokenAcquisition(isTokenAcquisitionSingleton: true)
The second time around, token acquisition services will an incorrect lifetime (scoped) are expected to be removed and re-added as singleton. This does not happen. Instead, these services are now registered twice, once as scoped and again as singleton.
Why?
Because ASP.NET Core 2x does not use TokenAcquirerFactory.GetDefaultInstance().
Error message
InvalidOperationException: Cannot consume scoped service 'Microsoft.Identity.Abstractions.IDownstreamApi' from singleton....
Id Web logs
No response
Relevant code snippets
1. Setup a Web API on ASP.NET Core 2.1
2. Invoke AddTokenAcquisition()
3. Invoke AddTokenAcquisition(isTokenAcquisitionSingleton: true)Regression
No response
Expected behavior
A single set of Token Acquisition services should be in the DI container registered as singleton.