TokenAcquisitionHandler

Simplistic example of using MSAL-Angular's protected resource map approach with the Microsoft.Identity.Web ITokenAcquisition service.

Useful if a web API needs to call multiple downstream APIs that need more customization than the IDownstreamWebApi approach allows.

Access tokens are retrieved by a DelegatingHandler.

appsettings.json (or other configuration)

"DownstreamApiA": {
    "BaseUrl": "https://acmewidgets.com/api/systems/",
    "Scopes": "api://acmewidgets.com/.default",
    "AuthenticationFlow": "ClientCredentials"
},
"DownstreamApiB": {
    "BaseUrl": "https://acmewidgets.com/api/userprefs/",
    "Scopes": "api://acmewidgets.com/scope1 api://acmewidgets.com/scope2 api://acmewidgets.com/scope3",
    "AuthenticationFlow": "OnBehalfOf"
}

Startup.cs / ConfigureServices

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApi(Configuration.GetSection("AzureAd"))
    .EnableTokenAcquisitionToCallDownstreamApi()
    .AddInMemoryTokenCaches();

services.AddTokenAcquisitionHandler(
    Configuration.GetSection("DownstreamApiA"),
    Configuration.GetSection("DownstreamApiB")
);

services.AddHttpClient<DownstreamApiA>(client =>
    {
        // configure the client for this API
    })
    .AddHttpMessageHandler<TokenAcquisitionHandler>();

services.AddHttpClient<DownstreamApiB>(client =>
    {
        // configure the client for this API
    })
    .AddHttpMessageHandler<TokenAcquisitionHandler>();