Problem:
I have an ASP.NET Core 3.1 web app with OpenIdConnect authentication. I added Microsoft Identity authentication (Azure Active Directory v2) on a separate (non-default) policy for use on one specific controller.
Adding Microsoft Identity with the following line (in Startup.cs) causes httpContext.GetTokenAsync("access_token") to return null, when called by a controller authorized with my original OpenIdConnect implementation. The httpContext being called still has all custom claims from the original OpenIdConnect implementation. Removing the below line fixes the issue and I can successfully get the Access Token.
services.AddMicrosoftIdentityWebAppAuthentication(Configuration, "AzureAd", "AzureAdOpenIdConnect", "AzureAdOpenIdCookies");
Other details:
The Microsoft Identity implementation is on a separate policy
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("oidcFlow") // scheme name for my original OpenIdConnect auth implementation
.Build();
options.AddPolicy("AzureAdOidc", new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes("AzureAdOpenIdConnect", "AzureAdOpenIdCookies") // scheme names used above when initializing Microsoft Identity
.Build());
});
There are no controllers with the AzureAdOidc policy being called by the default policy controller that is attempting to get the Access Token.
UPDATE:
Moving the
AddMicrosoftIdentityWebAppAuthenticationcall above the other auth implementation in ConfigureServices (in Startup.cs) fixed this issue, and I can obtain access tokens from calls authenticated with my other auth implemention again.