@@ -35,7 +35,8 @@ public MicrosoftAuthentication(ICommandContext context)
3535 public async Task < JsonWebToken > GetAccessTokenAsync (
3636 string authority , string clientId , Uri redirectUri , string resource , Uri remoteUri , string userName )
3737 {
38- // If we find an external authentication helper we should delegate everything to it
38+ // If we find an external authentication helper we should delegate everything to it.
39+ // Assume the external helper can provide the best authentication experience.
3940 if ( TryFindHelperExecutablePath ( out string helperPath ) )
4041 {
4142 return await GetAccessTokenViaHelperAsync ( helperPath ,
@@ -51,6 +52,9 @@ public async Task<JsonWebToken> GetAccessTokenAsync(
5152
5253 #region Authentication strategies
5354
55+ /// <summary>
56+ /// Start an authentication helper process to obtain an access token.
57+ /// </summary>
5458 private async Task < JsonWebToken > GetAccessTokenViaHelperAsync ( string helperPath ,
5559 string authority , string clientId , Uri redirectUri , string resource , Uri remoteUri , string userName )
5660 {
@@ -74,6 +78,9 @@ private async Task<JsonWebToken> GetAccessTokenViaHelperAsync(string helperPath,
7478 return new JsonWebToken ( accessToken ) ;
7579 }
7680
81+ /// <summary>
82+ /// Obtain an access token using MSAL running inside the current process.
83+ /// </summary>
7784 private async Task < JsonWebToken > GetAccessTokenInProcAsync ( string authority , string clientId , Uri redirectUri , string [ ] scopes , string userName )
7885 {
7986 IPublicClientApplication app = await CreatePublicClientApplicationAsync ( authority , clientId , redirectUri ) ;
@@ -86,12 +93,28 @@ private async Task<JsonWebToken> GetAccessTokenInProcAsync(string authority, str
8693 result = await GetAccessTokenSilentlyAsync ( app , scopes , userName ) ;
8794 }
8895
96+ //
8997 // If we failed to acquire an AT silently (either because we don't have an existing user, or the user's RT has expired)
9098 // we need to prompt the user for credentials.
91- // Depending on the current platform and session type we try to show the most appropriate authentication interface.
99+ //
100+ // Depending on the current platform and session type we try to show the most appropriate authentication interface:
101+ //
102+ // On .NET Framework MSAL supports the WinForms based 'embedded' webview UI. For Windows + .NET Framework this is the
103+ // best and natural experience.
104+ //
105+ // On other runtimes (e.g., .NET Core) MSAL only supports the system webview flow (launch the user's browser),
106+ // and the device-code flows.
107+ //
108+ // Note: .NET Core 3 allows using WinForms when run on Windows but MSAL does not yet support this.
109+ //
110+ // The system webview flow requires that the redirect URI is a loopback address, and that we are in an interactive session.
111+ //
112+ // The device code flow has no limitations other than a way to communicate to the user the code required to authenticate.
113+ //
92114 if ( result is null )
93115 {
94116#if NETFRAMEWORK
117+ // If we're in an interactive session and on .NET Framework, let MSAL show the WinForms-based embeded UI
95118 if ( PlatformUtils . IsInteractiveSession ( ) )
96119 {
97120 result = await app . AcquireTokenInteractive ( scopes )
@@ -121,6 +144,9 @@ private async Task<JsonWebToken> GetAccessTokenInProcAsync(string authority, str
121144 return new JsonWebToken ( result . AccessToken ) ;
122145 }
123146
147+ /// <summary>
148+ /// Obtain an access token without showing UI or prompts.
149+ /// </summary>
124150 private async Task < AuthenticationResult > GetAccessTokenSilentlyAsync ( IPublicClientApplication app , string [ ] scopes , string userName )
125151 {
126152 try
0 commit comments