I'm building a web app that calls MS Graph to get a logged in user's data, and it's working fine with one account, but I want the user to be able to log in to subsequent Microsoft accounts without logging out first, so that a user with multiple accounts can get a unified experience without logging in and out all the time. For example, a unified email inbox for more than one account.
This is possible with Msal.js, but it's a requirement for the project to stay in the .NET ecosystem and I'm already using ASP.NET Core, so I'm considering all possibilities before I move on and build a separate JS/React application to manage these accounts and send account data to the existing web app.
This is my current configuration in startup.cs:
string[] initialScopes = Configuration.GetValue<string>("DownstreamApi:Scopes")?.Split(' ');
services
.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration)
.EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
.AddMicrosoftGraph(Configuration.GetSection("DownstreamApi"))
.AddInMemoryTokenCaches();
And I currently have no custom logic to deal with the logins. I use the redirect URL that Microsoft uses in their example code.
<a class="btn btn-primary btn-large" href="https://localhost:5001/signin-oidc">Click here to sign in</a>