Sync Microsoft.Identity.Web with the ASP.NET Core

Web app's content.

Author: jmprieur

Microsoft.Identity.Web/ClaimPrincipalExtension.cs

@@ -107,10 +107,10 @@ public static string GetDomainHint(this ClaimsPrincipal claimsPrincipal)
         /// <remarks>See https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens#payload-claims </remarks>
         public static string GetDisplayName(this ClaimsPrincipal claimsPrincipal)
         {
-            // Attempting the claims brought by a v2.0 token first
+            // Attempting the claims brought by an Microsoft identity platform token first
             string displayName = claimsPrincipal.FindFirstValue(ClaimConstants.PreferredUserName);
 
-            // Otherwise falling back to the claims brought by a v1.0 token
+            // Otherwise falling back to the claims brought by an Azure AD v1.0 token
             if (string.IsNullOrWhiteSpace(displayName))
             {
                 displayName = claimsPrincipal.FindFirstValue(ClaimsIdentity.DefaultNameClaimType);

Microsoft.Identity.Web/Client/TokenAcquisition.cs

@@ -282,9 +282,9 @@ public async Task RemoveAccount(RedirectContext context)
 
             if (account != null)
             {
-                this.UserTokenCacheProvider?.Clear(account.HomeAccountId.Identifier);
-
                 await app.RemoveAsync(account);
+
+                this.UserTokenCacheProvider?.Clear(user.GetMsalAccountId());
             }
         }
 

Microsoft.Identity.Web/Microsoft.Identity.Web.csproj

@@ -8,6 +8,6 @@
     <PackageReference Include="Microsoft.AspNetCore.App" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="2.2.0" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureADB2C.UI" Version="2.2.0" />
-    <PackageReference Include="Microsoft.Identity.Client" Version="4.1.0" />
+    <PackageReference Include="Microsoft.Identity.Client" Version="4.2.1" />
   </ItemGroup>
 </Project>

Microsoft.Identity.Web/README.md

@@ -22,7 +22,7 @@ The library contains helper classes to:
     ![image](https://user-images.githubusercontent.com/13203188/53899064-a100ab80-4039-11e9-8869-fa9cffcd345a.png)
   
 - Protect Web resources (in the `Resources` folder)
-  - `AadIssuerValidator` is used to validate the issuer in multi-tenant applications, taking into account the aliases for authorities exising in Azure AD. This class works both for Azure AD v1.0 and Microsoft identity platform web resources. You should not need to use it directly, as it's used by `AddAzureAdV2Authentication`
+  - `AadIssuerValidator` is used to validate the issuer in multi-tenant applications, taking into account the aliases for authorities exising in Azure AD. This class works both for Azure AD (v1.0) and Microsoft identity platform (v2.0) web resources. You should not need to use it directly, as it's used by `AddAzureAdV2Authentication`
   - `OpenIdConnectMiddlewareDiagnostics` helps you understand what happens in the Open Id Connect Middleware. This is a diagnostics class that can help you troubleshooting your Web apps.
   - `ClaimsPrincipalExtensions` provides a set of extension methods on `ClaimsPrincipal` helping getting information from the signed-in user. It's used in the other classes of the libraries.
 

Microsoft.Identity.Web/Resource/AadIssuerValidator.cs

@@ -125,7 +125,7 @@ public string Validate(string actualIssuer, SecurityToken securityToken, TokenVa
 
             string tenantId = GetTenantIdFromToken(securityToken);
             if (string.IsNullOrWhiteSpace(tenantId))
-                throw new SecurityTokenInvalidIssuerException("Neither `tid` nor `tenantId` claim is present in the token obtained from Microsoft Identity Platform.");
+                throw new SecurityTokenInvalidIssuerException("Neither `tid` nor `tenantId` claim is present in the token obtained from Microsoft identity platform.");
 
             if (validationParameters.ValidIssuers != null)
                 foreach (var validIssuerTemplate in validationParameters.ValidIssuers)

Microsoft.Identity.Web/StartupHelpers.cs

@@ -38,7 +38,7 @@ namespace Microsoft.Identity.Web
     public static class StartupHelpers
     {
         /// <summary>
-        /// Add authentication with Microsoft identity platform (v2.0).
+        /// Add authentication with Microsoft identity platform.
         /// This expects the configuration files will have a section named "AzureAD"
         /// </summary>
         /// <param name="services">Service collection to which to add this authentication scheme</param>
@@ -70,7 +70,7 @@ public static IServiceCollection AddAzureAdV2Authentication(this IServiceCollect
 
                 // Set the nameClaimType to be preferred_username.
                 // This change is needed because certain token claims from Azure AD V1 endpoint
-                // (on which the original .NET core template is based) are different than V2 endpoint.
+                // (on which the original .NET core template is based) are different than Microsoft identity platform endpoint.
                 // For more details see [ID Tokens](https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens)
                 // and [Access Tokens](https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens)
                 options.TokenValidationParameters.NameClaimType = "preferred_username";

Microsoft.Identity.Web/WebApiStartupHelpers.cs

@@ -43,7 +43,7 @@ namespace Microsoft.Identity.Web
     public static class WebApiStartupHelpers
     {
         /// <summary>
-        /// Protects the Web API with Microsoft identity platform (v2.0)
+        /// Protects the Web API with Microsoft identity platform 
         /// This expects the configuration files will have a section named "AzureAD"
         /// </summary>
         /// <param name="services">Service collection to which to add this authentication scheme</param>
@@ -57,13 +57,13 @@ public static IServiceCollection AddProtectWebApiWithMicrosoftIdentityPlatformV2
             // Add session if you are planning to use session based token cache , .AddSessionTokenCaches()
             services.AddSession();
 
-            // Change the authentication configuration  to accommodate the identity platform endpoint.
+            // Change the authentication configuration  to accommodate the Microsoft identity platform endpoint.
             services.Configure<JwtBearerOptions>(AzureADDefaults.JwtBearerAuthenticationScheme, options =>
             {
                 // Reinitialize the options as this has changed to JwtBearerOptions to pick configuration values for attributes unique to JwtBearerOptions
                 configuration.Bind("AzureAd", options);
 
-                // This is an identity platform Web API
+                // This is an Microsoft identity platform Web API
                 options.Authority += "/v2.0";
 
                 // The valid audiences are both the Client ID (options.Audience) and api://{ClientID}
@@ -105,7 +105,7 @@ public static IServiceCollection AddProtectWebApiWithMicrosoftIdentityPlatformV2
         }
 
         /// <summary>
-        /// Protects the Web API with Microsoft identity platform (v2.0)
+        /// Protects the Web API with Microsoft identity platform 
         /// This supposes that the configuration files have a section named "AzureAD"
         /// </summary>
         /// <param name="services">Service collection to which to add authentication</param>