diff --git a/CommunityToolkit.Authentication.Msal/MsalProvider.cs b/CommunityToolkit.Authentication.Msal/MsalProvider.cs
index b871901..d58cc20 100644
--- a/CommunityToolkit.Authentication.Msal/MsalProvider.cs
+++ b/CommunityToolkit.Authentication.Msal/MsalProvider.cs
@@ -119,15 +119,17 @@ public override async Task SignOutAsync()
}
///
- public override async Task GetTokenAsync(bool silentOnly = false)
+ public override async Task GetTokenAsync(bool silentOnly = false, string[] scopes = null)
{
+ var tokenScopes = scopes ?? Scopes;
+
AuthenticationResult authResult = null;
try
{
var account = _account ?? (await Client.GetAccountsAsync()).FirstOrDefault();
if (account != null)
{
- authResult = await Client.AcquireTokenSilent(Scopes, account).ExecuteAsync();
+ authResult = await Client.AcquireTokenSilent(tokenScopes, account).ExecuteAsync();
}
}
catch (MsalUiRequiredException)
@@ -143,7 +145,7 @@ public override async Task GetTokenAsync(bool silentOnly = false)
{
try
{
- authResult = await Client.AcquireTokenInteractive(Scopes).WithPrompt(Prompt.SelectAccount).ExecuteAsync();
+ authResult = await Client.AcquireTokenInteractive(tokenScopes).WithPrompt(Prompt.SelectAccount).ExecuteAsync();
}
catch
{
diff --git a/CommunityToolkit.Authentication.Uwp/WindowsProvider.cs b/CommunityToolkit.Authentication.Uwp/WindowsProvider.cs
index 9100024..b80e0ec 100644
--- a/CommunityToolkit.Authentication.Uwp/WindowsProvider.cs
+++ b/CommunityToolkit.Authentication.Uwp/WindowsProvider.cs
@@ -169,7 +169,7 @@ public override async Task SignOutAsync()
}
///
- public override async Task GetTokenAsync(bool silentOnly = false)
+ public override async Task GetTokenAsync(bool silentOnly = false, string[] scopes = null)
{
var internetConnectionProfile = NetworkInformation.GetInternetConnectionProfile();
if (internetConnectionProfile == null)
@@ -181,8 +181,10 @@ public override async Task GetTokenAsync(bool silentOnly = false)
try
{
+ var tokenScopes = scopes ?? _scopes;
+
// Attempt to authenticate silently.
- var authResult = await AuthenticateSilentAsync();
+ var authResult = await AuthenticateSilentAsync(tokenScopes);
// Authenticate with user interaction as appropriate.
if (authResult?.ResponseStatus != WebTokenRequestStatus.Success)
@@ -194,7 +196,7 @@ public override async Task GetTokenAsync(bool silentOnly = false)
}
// Attempt to authenticate interactively.
- authResult = await AuthenticateInteractiveAsync();
+ authResult = await AuthenticateInteractiveAsync(tokenScopes);
}
if (authResult?.ResponseStatus == WebTokenRequestStatus.Success)
@@ -223,7 +225,6 @@ public override async Task GetTokenAsync(bool silentOnly = false)
{
}
- await SignOutAsync();
return null;
}
@@ -330,7 +331,7 @@ private async Task SetAccountAsync(WebAccount account)
State = ProviderState.SignedIn;
}
- private async Task AuthenticateSilentAsync()
+ private async Task AuthenticateSilentAsync(string[] scopes)
{
try
{
@@ -351,7 +352,7 @@ private async Task AuthenticateSilentAsync()
if (account != null)
{
// Prepare a request to get a token.
- var webTokenRequest = GetWebTokenRequest(account.WebAccountProvider);
+ var webTokenRequest = GetWebTokenRequest(account.WebAccountProvider, _webAccountProviderConfig.ClientId, scopes);
authResult = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(webTokenRequest, account);
}
@@ -363,7 +364,7 @@ private async Task AuthenticateSilentAsync()
}
}
- private async Task AuthenticateInteractiveAsync()
+ private async Task AuthenticateInteractiveAsync(string[] scopes)
{
try
{
@@ -374,14 +375,14 @@ private async Task AuthenticateInteractiveAsync()
{
// We already have the account.
var webAccountProvider = account.WebAccountProvider;
- var webTokenRequest = GetWebTokenRequest(webAccountProvider);
+ var webTokenRequest = GetWebTokenRequest(webAccountProvider, _webAccountProviderConfig.ClientId, scopes);
authResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest, account);
}
else
{
// We don't have an account. Prompt the user to provide one.
var webAccountProvider = await ShowAccountSettingsPaneAndGetProviderAsync();
- var webTokenRequest = GetWebTokenRequest(webAccountProvider);
+ var webTokenRequest = GetWebTokenRequest(webAccountProvider, _webAccountProviderConfig.ClientId, scopes);
authResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest);
}
@@ -498,14 +499,13 @@ async void OnAccountCommandsRequested(AccountsSettingsPane sender, AccountsSetti
}
}
- private WebTokenRequest GetWebTokenRequest(WebAccountProvider provider)
+ private WebTokenRequest GetWebTokenRequest(WebAccountProvider provider, string clientId, string[] scopes)
{
- string clientId = _webAccountProviderConfig.ClientId;
- string scopes = string.Join(',', _scopes);
+ string scopesString = string.Join(',', scopes);
WebTokenRequest webTokenRequest = clientId != null
- ? new WebTokenRequest(provider, scopes, clientId)
- : new WebTokenRequest(provider, scopes);
+ ? new WebTokenRequest(provider, scopesString, clientId)
+ : new WebTokenRequest(provider, scopesString);
webTokenRequest.Properties.Add(GraphResourcePropertyKey, GraphResourcePropertyValue);
diff --git a/CommunityToolkit.Authentication/BaseProvider.cs b/CommunityToolkit.Authentication/BaseProvider.cs
index 3f7a24e..4a0c5d5 100644
--- a/CommunityToolkit.Authentication/BaseProvider.cs
+++ b/CommunityToolkit.Authentication/BaseProvider.cs
@@ -51,8 +51,8 @@ public BaseProvider()
///
public abstract Task AuthenticateRequestAsync(HttpRequestMessage request);
- ///
- public abstract Task GetTokenAsync(bool silentOnly = false);
+ ///
+ public abstract Task GetTokenAsync(bool silentOnly = false, string[] scopes = null);
///
public abstract Task SignInAsync();
diff --git a/CommunityToolkit.Authentication/IProvider.cs b/CommunityToolkit.Authentication/IProvider.cs
index cd065a2..eb9d657 100644
--- a/CommunityToolkit.Authentication/IProvider.cs
+++ b/CommunityToolkit.Authentication/IProvider.cs
@@ -39,8 +39,9 @@ public interface IProvider
/// Retrieve a token for the authenticated user.
///
/// Determines if the acquisition should be done without prompts to the user.
+ /// Additional scopes to request access for.
/// A token string for the authenticated user.
- Task GetTokenAsync(bool silentOnly = false);
+ Task GetTokenAsync(bool silentOnly = false, string[] scopes = null);
///
/// Sign in the user.
diff --git a/CommunityToolkit.Authentication/MockProvider.cs b/CommunityToolkit.Authentication/MockProvider.cs
index c3b5d99..664d964 100644
--- a/CommunityToolkit.Authentication/MockProvider.cs
+++ b/CommunityToolkit.Authentication/MockProvider.cs
@@ -46,7 +46,7 @@ public override Task AuthenticateRequestAsync(HttpRequestMessage request)
}
///
- public override Task GetTokenAsync(bool silentOnly = false)
+ public override Task GetTokenAsync(bool silentOnly = false, string[] scopes = null)
{
return Task.FromResult("");
}