Added scopes parameter to IProvider.GetTokenAsync

CommunityToolkit.Authentication.Msal/MsalProvider.cs

@@ -119,15 +119,17 @@ public override async Task SignOutAsync()
         }
 
         /// <inheritdoc/>
-        public override async Task<string> GetTokenAsync(bool silentOnly = false)
+        public override async Task<string> GetTokenAsync(bool silentOnly = false, string[] scopes = null)
         {
+            var tokenScopes = scopes ?? Scopes;
+
             AuthenticationResult authResult = null;
             try
             {
                 var account = _account ?? (await Client.GetAccountsAsync()).FirstOrDefault();
                 if (account != null)
                 {
-                    authResult = await Client.AcquireTokenSilent(Scopes, account).ExecuteAsync();
+                    authResult = await Client.AcquireTokenSilent(tokenScopes, account).ExecuteAsync();
                 }
             }
             catch (MsalUiRequiredException)
@@ -143,7 +145,7 @@ public override async Task<string> GetTokenAsync(bool silentOnly = false)
             {
                 try
                 {
-                    authResult = await Client.AcquireTokenInteractive(Scopes).WithPrompt(Prompt.SelectAccount).ExecuteAsync();
+                    authResult = await Client.AcquireTokenInteractive(tokenScopes).WithPrompt(Prompt.SelectAccount).ExecuteAsync();
                 }
                 catch
                 {

CommunityToolkit.Authentication.Uwp/WindowsProvider.cs

@@ -169,7 +169,7 @@ public override async Task SignOutAsync()
         }
 
         /// <inheritdoc />
-        public override async Task<string> GetTokenAsync(bool silentOnly = false)
+        public override async Task<string> GetTokenAsync(bool silentOnly = false, string[] scopes = null)
         {
             var internetConnectionProfile = NetworkInformation.GetInternetConnectionProfile();
             if (internetConnectionProfile == null)
@@ -181,8 +181,10 @@ public override async Task<string> GetTokenAsync(bool silentOnly = false)
 
             try
             {
+                var tokenScopes = scopes ?? _scopes;
+
                 // Attempt to authenticate silently.
-                var authResult = await AuthenticateSilentAsync();
+                var authResult = await AuthenticateSilentAsync(tokenScopes);
 
                 // Authenticate with user interaction as appropriate.
                 if (authResult?.ResponseStatus != WebTokenRequestStatus.Success)
@@ -194,7 +196,7 @@ public override async Task<string> GetTokenAsync(bool silentOnly = false)
                     }
 
                     // Attempt to authenticate interactively.
-                    authResult = await AuthenticateInteractiveAsync();
+                    authResult = await AuthenticateInteractiveAsync(tokenScopes);
                 }
 
                 if (authResult?.ResponseStatus == WebTokenRequestStatus.Success)
@@ -223,7 +225,6 @@ public override async Task<string> GetTokenAsync(bool silentOnly = false)
             {
             }
 
-            await SignOutAsync();
             return null;
         }
 
@@ -330,7 +331,7 @@ private async Task SetAccountAsync(WebAccount account)
             State = ProviderState.SignedIn;
         }
 
-        private async Task<WebTokenRequestResult> AuthenticateSilentAsync()
+        private async Task<WebTokenRequestResult> AuthenticateSilentAsync(string[] scopes)
         {
             try
             {
@@ -351,7 +352,7 @@ private async Task<WebTokenRequestResult> AuthenticateSilentAsync()
                 if (account != null)
                 {
                     // Prepare a request to get a token.
-                    var webTokenRequest = GetWebTokenRequest(account.WebAccountProvider);
+                    var webTokenRequest = GetWebTokenRequest(account.WebAccountProvider, _webAccountProviderConfig.ClientId, scopes);
                     authResult = await WebAuthenticationCoreManager.GetTokenSilentlyAsync(webTokenRequest, account);
                 }
 
@@ -363,7 +364,7 @@ private async Task<WebTokenRequestResult> AuthenticateSilentAsync()
             }
         }
 
-        private async Task<WebTokenRequestResult> AuthenticateInteractiveAsync()
+        private async Task<WebTokenRequestResult> AuthenticateInteractiveAsync(string[] scopes)
         {
             try
             {
@@ -374,14 +375,14 @@ private async Task<WebTokenRequestResult> AuthenticateInteractiveAsync()
                 {
                     // We already have the account.
                     var webAccountProvider = account.WebAccountProvider;
-                    var webTokenRequest = GetWebTokenRequest(webAccountProvider);
+                    var webTokenRequest = GetWebTokenRequest(webAccountProvider, _webAccountProviderConfig.ClientId, scopes);
                     authResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest, account);
                 }
                 else
                 {
                     // We don't have an account. Prompt the user to provide one.
                     var webAccountProvider = await ShowAccountSettingsPaneAndGetProviderAsync();
-                    var webTokenRequest = GetWebTokenRequest(webAccountProvider);
+                    var webTokenRequest = GetWebTokenRequest(webAccountProvider, _webAccountProviderConfig.ClientId, scopes);
                     authResult = await WebAuthenticationCoreManager.RequestTokenAsync(webTokenRequest);
                 }
 
@@ -498,14 +499,13 @@ async void OnAccountCommandsRequested(AccountsSettingsPane sender, AccountsSetti
             }
         }
 
-        private WebTokenRequest GetWebTokenRequest(WebAccountProvider provider)
+        private WebTokenRequest GetWebTokenRequest(WebAccountProvider provider, string clientId, string[] scopes)
         {
-            string clientId = _webAccountProviderConfig.ClientId;
-            string scopes = string.Join(',', _scopes);
+            string scopesString = string.Join(',', scopes);
 
             WebTokenRequest webTokenRequest = clientId != null
-                ? new WebTokenRequest(provider, scopes, clientId)
-                : new WebTokenRequest(provider, scopes);
+                ? new WebTokenRequest(provider, scopesString, clientId)
+                : new WebTokenRequest(provider, scopesString);
 
             webTokenRequest.Properties.Add(GraphResourcePropertyKey, GraphResourcePropertyValue);
 

CommunityToolkit.Authentication/BaseProvider.cs

@@ -51,8 +51,8 @@ public BaseProvider()
         /// <inheritdoc />
         public abstract Task AuthenticateRequestAsync(HttpRequestMessage request);
 
-        /// <inheritdoc/>
-        public abstract Task<string> GetTokenAsync(bool silentOnly = false);
+        /// <inheritdoc />
+        public abstract Task<string> GetTokenAsync(bool silentOnly = false, string[] scopes = null);
 
         /// <inheritdoc />
         public abstract Task SignInAsync();

CommunityToolkit.Authentication/IProvider.cs

@@ -39,8 +39,9 @@ public interface IProvider
         /// Retrieve a token for the authenticated user.
         /// </summary>
         /// <param name="silentOnly">Determines if the acquisition should be done without prompts to the user.</param>
+        /// <param name="scopes">Additional scopes to request access for.</param>
         /// <returns>A token string for the authenticated user.</returns>
-        Task<string> GetTokenAsync(bool silentOnly = false);
+        Task<string> GetTokenAsync(bool silentOnly = false, string[] scopes = null);
 
         /// <summary>
         /// Sign in the user.

CommunityToolkit.Authentication/MockProvider.cs

@@ -46,7 +46,7 @@ public override Task AuthenticateRequestAsync(HttpRequestMessage request)
         }
 
         /// <inheritdoc/>
-        public override Task<string> GetTokenAsync(bool silentOnly = false)
+        public override Task<string> GetTokenAsync(bool silentOnly = false, string[] scopes = null)
         {
             return Task.FromResult("<mock-provider-token>");
         }