We are attempting to incorporate support for calling Microsoft Graph APIs in our ABP application, using the Microsoft.Graph package. We've already successfully implemented authentication using Azure AD accounts according to the directions in this post: https://community.abp.io/posts/how-to-use-the-azure-active-directory-authentication-for-mvc-razor-page-applications-4603b9cf (we used the second approach, using AddMicrosoftIdentityWebApp).
However, when attempting to add lines to set up the Microsoft Graph client, login with Azure AD no longer works (when Azure AD is selected as the login option, the login page reloads without logging in). Here is the code for our ConfigureAuthentication function in the BlazorModule.cs file:
private void ConfigureAuthentication(ServiceConfigurationContext context, IConfiguration configuration)
{
context.Services.AddAuthentication()
.AddJwtBearer(options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]);
options.Audience = "Link";
})
.AddMicrosoftIdentityWebApp(configuration.GetSection("AzureAd"))
// Login only succeeds when these three lines are commented out:
.EnableTokenAcquisitionToCallDownstreamApi(new string[] { "Group.ReadWrite.All", "User.ReadBasic.All" })
.AddMicrosoftGraph(configuration.GetSection("Graph"))
.AddInMemoryTokenCaches();
context.Services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Authority = configuration["AzureAd:Instance"] + configuration["AzureAd:TenantId"] + "/v2.0/";
options.ClientId = configuration["AzureAd:ClientId"];
options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
options.CallbackPath = configuration["AzureAd:CallbackPath"];
options.ClientSecret = configuration["AzureAd:ClientSecret"];
options.RequireHttpsMetadata = false;
options.SaveTokens = false;
options.GetClaimsFromUserInfoEndpoint = true;
options.SignInScheme = IdentityConstants.ExternalScheme;
options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
});
}
The "Graph" section of appsettings.json consists of the following:
"Graph": {
"BaseUrl": "https://graph.microsoft.com/v1.0",
"Scopes": [ "Group.ReadWrite.All", "User.ReadBasic.All" ]
}
What would be the correct way to implement the Microsoft.Graph package into our ABP app?