Jmprieur/fix115 (#121)

* First attempt to fix 115

* Attempt to keep fixing 115

* Force the selection of accounts (to avoid that the windows account is automatically signed it)

* Removing the select_account

Author: jmprieur

Microsoft.Identity.Web/Client/TokenAcquisition.cs

@@ -125,9 +125,18 @@ public async Task AddAccountToCacheFromAuthorizationCode(AuthorizationCodeReceiv
             try
             {
                 // As AcquireTokenByAuthorizationCodeAsync is asynchronous we want to tell ASP.NET core that we are handing the code
-                // even if it's not done yet, so that it does not concurrently call the Token endpoint.
+                // even if it's not done yet, so that it does not concurrently call the Token endpoint. (otherwise there will be a
+                // race condition ending-up in an error from Azure AD telling "code already redeemed")
                 context.HandleCodeRedemption();
 
+                // The cache will need the claims from the ID token. In the case of guest scenarios
+                // If they are not yet in the HttpContext.User's claims, adding them.
+                if (!context.HttpContext.User.Claims.Any())
+                {
+                    (context.HttpContext.User.Identity as ClaimsIdentity).AddClaims(context.Principal.Claims);
+                }
+
+
                 var application = GetOrBuildConfidentialClientApplication(context.HttpContext, context.Principal);
 
                 // Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it and will not send the OAuth 2.0 request in
@@ -272,7 +281,7 @@ public async Task RemoveAccount(RedirectContext context)
                 account = accounts.FirstOrDefault(a => a.Username == user.GetLoginHint());
             }
 
-            if (account!=null)
+            if (account != null)
             {
                 this.UserTokenCacheProvider?.Clear(account.HomeAccountId.Identifier);
 

Microsoft.Identity.Web/Client/TokenCacheProviders/InMemory/MSALPerUserMemoryTokenCacheProvider.cs

@@ -94,11 +94,7 @@ private void UserTokenCacheAfterAccessNotification(TokenCacheNotificationArgs ar
             // if the access operation resulted in a cache update
             if (args.HasStateChanged)
             {
-                string cacheKey = args.Account?.HomeAccountId?.Identifier;
-                if (string.IsNullOrEmpty(cacheKey))
-                {
-                    cacheKey = httpContextAccessor.HttpContext.User.GetMsalAccountId();
-                }
+                string cacheKey = httpContextAccessor.HttpContext.User.GetMsalAccountId();
 
                 if (string.IsNullOrWhiteSpace(cacheKey))
                     return;
@@ -116,17 +112,13 @@ private void UserTokenCacheAfterAccessNotification(TokenCacheNotificationArgs ar
         /// <param name="args">Contains parameters used by the MSAL call accessing the cache.</param>
         private void UserTokenCacheBeforeAccessNotification(TokenCacheNotificationArgs args)
         {
-            string cacheKey = args.Account?.HomeAccountId?.Identifier;
-            if (string.IsNullOrEmpty(cacheKey))
-            {
-                cacheKey = httpContextAccessor.HttpContext.User.GetMsalAccountId();
-            }
+            string cacheKey = httpContextAccessor.HttpContext.User.GetMsalAccountId();
 
             if (string.IsNullOrWhiteSpace(cacheKey))
                 return;
 
             byte[] tokenCacheBytes = (byte[])this.memoryCache.Get(cacheKey);
-            args.TokenCache.DeserializeMsalV3(tokenCacheBytes, shouldClearExistingCache:true);
+            args.TokenCache.DeserializeMsalV3(tokenCacheBytes, shouldClearExistingCache: true);
         }
 
         /// <summary>

Microsoft.Identity.Web/Client/TokenCacheProviders/Session/MSALPerUserSessionTokenCacheProvider.cs

@@ -107,11 +107,7 @@ private void UserTokenCacheAfterAccessNotification(TokenCacheNotificationArgs ar
             // if the access operation resulted in a cache update
             if (args.HasStateChanged)
             {
-                string cacheKey = args.Account?.HomeAccountId?.Identifier;
-                if (string.IsNullOrEmpty(cacheKey))
-                {
-                    cacheKey = httpContextAccessor.HttpContext.User.GetMsalAccountId();
-                }
+                string cacheKey = httpContextAccessor.HttpContext.User.GetMsalAccountId();
 
                 if (string.IsNullOrWhiteSpace(cacheKey))
                     return;
@@ -140,11 +136,7 @@ private void UserTokenCacheAfterAccessNotification(TokenCacheNotificationArgs ar
         private void UserTokenCacheBeforeAccessNotification(TokenCacheNotificationArgs args)
         {
             this.HttpContext.Session.LoadAsync().Wait();
-            string cacheKey = args.Account?.HomeAccountId?.Identifier;
-            if (string.IsNullOrEmpty(cacheKey))
-            {
-                cacheKey = httpContextAccessor.HttpContext.User.GetMsalAccountId();
-            }
+            string cacheKey = httpContextAccessor.HttpContext.User.GetMsalAccountId();
             if (string.IsNullOrWhiteSpace(cacheKey))
                 return;
 

Microsoft.Identity.Web/Client/TokenCacheProviders/Sql/MSALPerUserSqlTokenCacheProvider.cs

@@ -121,11 +121,7 @@ private void UserTokenCacheBeforeAccessNotification(TokenCacheNotificationArgs a
         /// <param name="args">Contains parameters used by the MSAL call accessing the cache.</param>
         private void UserTokenCacheAfterAccessNotification(TokenCacheNotificationArgs args)
         {
-            string accountId = args.Account?.HomeAccountId?.Identifier;
-            if (string.IsNullOrEmpty(accountId))
-            {
-                accountId = httpContextAccesssor.HttpContext.User.GetMsalAccountId();
-            }
+            string accountId = httpContextAccesssor.HttpContext.User.GetMsalAccountId();
 
             // if state changed, i.e. new token obtained
             if (args.HasStateChanged && !string.IsNullOrWhiteSpace(accountId))
@@ -160,11 +156,7 @@ private void UserTokenCacheAfterAccessNotification(TokenCacheNotificationArgs ar
         /// </summary>
         private void ReadCacheForSignedInUser(TokenCacheNotificationArgs args)
         {
-            string accountId = args.Account?.HomeAccountId?.Identifier;
-            if (string.IsNullOrEmpty(accountId))
-            {
-                accountId = httpContextAccesssor.HttpContext.User.GetMsalAccountId();
-            }
+            string accountId = httpContextAccesssor.HttpContext.User.GetMsalAccountId();
             if (this.InMemoryCache == null) // first time access
             {
                 this.InMemoryCache = GetLatestUserRecordQuery(accountId).FirstOrDefault();

Microsoft.Identity.Web/StartupHelpers.cs

@@ -76,6 +76,9 @@ public static IServiceCollection AddAzureAdV2Authentication(this IServiceCollect
                 // and [Access Tokens](https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens)
                 options.TokenValidationParameters.NameClaimType = "preferred_username";
 
+                // Force the account selection (to avoid automatic sign-in with the account signed-in with Windows)
+                //options.Prompt = "select_account";
+
                 // Handling the sign-out
                 options.Events.OnRedirectToIdentityProviderForSignOut = async context =>
                 {