I'm trying to implement oauth2 into an application for emailing. I want for one user with special privileges to acquire the authorization interactively, then other users in the tenant/organization/network can acquire the token silently. I'd like if the regular users didn't have to do an interactive acquisition.
The usual flow is:
var accounts = await publicClientApplication.GetAccountsAsync();
AuthenticationResult authtoken;
try
{
authtoken = await publicClientApplication.AcquireTokenSilent(scopes, accounts.FirstOrDefault()).ExecuteAsync();
}
catch (MsalUiRequiredException)
{
authtoken = await publicClientApplication.AcquireTokenInteractive(scopes).ExecuteAsync();
}
to check if you can acquire the token silently, then interactively if you can't. As seen in: https://learn.microsoft.com/en-us/entra/msal/dotnet/acquiring-tokens/acquiretokensilentasync-api
Is there a way where an application that is given to an organization would be able to have an admin do the interactive acquire then other users in the tenant wouldn't need to? I assume that's how the GetAccountsAsync() method is supposed to work, but I can't get it to return any accounts at all.
Since this is tagged Asp.Net I am going to go with the assumption that you are calling this from an asp net controller. If not, you will have to grab the context or user for what you currently have.
If you want to do something based on who a user is, I would recommend using the Role Claims. You will have to give users that you would like to skip the interactive a specific role, and query for that role in the claims.
Given an HttpContext in an Asp.Net controller. you have access to the user roles in this way:
This will allow you to dynamically call specific code for certain types of users.