Migrate non-Open Source or non-External Collaboration repositories to GitHub inside Microsoft

In order to protect and secure Microsoft, private or internal repositories in GitHub for Open Source, which are not related to open source projects or requiring collaboration with 3rd parties (customer, partners, etc.) must be migrated to GitHub inside Microsoft a.k.a GitHub Enterprise Cloud with Enterprise Managed User (GHEC EMU).

Action

✍️ Please RSVP to opt-in or opt-out of the migration to GitHub inside Microsoft.

❗Only users with admin permission in the repository are allowed to respond. Failure to provide a response will result to your repository getting automatically archived.🔒

Instructions

Reply with a comment on this issue containing one of the following optin or optout command options below.

✅ Opt-in to migrate

@gimsvc optin --date <target_migration_date in mm-dd-yyyy format>

Example: @gimsvc optin --date 03-15-2023

OR

❌ Opt-out of migration

@gimsvc optout --reason <staging|collaboration|delete|other>

Example: @gimsvc optout --reason staging

Options:

• staging : My project will ship as Open Source
• collaboration : Used for external or 3rd party collaboration with customers, partners, suppliers, etc.
• delete : This repository will be deleted because it is no longer needed.
• other : Other reasons not specified

Need more help? 🖐️

• Email [email protected]. ✉️
• Post your questions in GitHub inside Microsoft Team in Microsoft Teams. 🗨️

Missing Readme for blazor-wasm sample.

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Any log messages given by the failure

Expected/desired behavior

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Any log messages given by the failure

Expected/desired behavior

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [X ] feature request
- [X ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Want to remove the dependency of App Secret in the authentication flow.

Any log messages given by the failure

Expected/desired behavior

Ability to configure using Managed Identity

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ X ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Run the MAUI Sample with .NET 9 Preview on MacOs and Select iOS Simulator iPhone 15 Pro

Expected/desired behavior

ClaimsView.xaml displayed with info

OS and Version?

macOS Sonoma (with VS Code)

Versions

Nugets versions in csproj

  <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="9.0.0-preview.4.24224.3" />
  <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="9.0.0-preview.4.24224.3" />
  <PackageReference Include="Microsoft.Identity.Client" Version="4.60.3" />
  <PackageReference Include="Microsoft.Identity.Client.Extensions.Msal" Version="4.60.3" />
  <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />

Mention any other details that might be useful

I don't know if it's a maui issue or azure identity issue but the application crash on this code:
(MSALClientHelper.cs)

      return await this.PublicClientApplication.AcquireTokenInteractive(scopes)
                                  .WithParentActivityOrWindow(PlatformConfig.Instance.ParentWindow)
                                  .ExecuteAsync()
                                  .ConfigureAwait(false);

---

Thanks! We'll be in touch soon.

Please provide us with the following information:

This issue is for a: (mark with an x)

- [x ] bug report -> please search issues before submitting
- [ ] feature request
- [x ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Create a Entra External ID tenant and follow the remaining instructions. The arcticle here provides details on the steps and issues.

Any log messages given by the failure

The URL provided in devicecode.VerificationUrl is "https://microsoft.com/devicelogin" but when logging in with a local account the follow error is displayed "AADSTS500208: The domain is not a valid login domain for the account type". The article here documents the issue.

Expected/desired behavior

The correct URL for the domain should be provided e.g. "https://tenant_sub_domain.ciamlogin.com/common/oauth2/deviceauth". I'm not sure if this is a documentation issue or Microsoft.Identity.Client / MSAL issue.

OS and Version?

Windows 11

Versions

.NET 8 console app using Microsoft.Identity.Client version 4.59.0

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

This issue is for:

- [X] bug report -> please search issues before submitting
- [ ] feature request
- [X] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

I used the sample provided from git clone https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial.git
I followed the instructions and setup everything as requested.
I am able to login successfully but the SignInUserAndAcquireAccessToken method throws an exception on the last line:
return this.AuthResult.AccessToken; because AuthResult is null. See log message below for issue with Entitlements.plist

I am using automatic provisioning to may apple developer account. I have KeyChain checked in the Entitlements.plist file. The contents of my Entitlements.plist file is what came with the sample which has:

`

I added the override of the OpenUrl method in my AppDelegate.cs file, which does not get called. Not sure if that matters? I also don't understand why the instructions say to ensure this is used but yet it is not in the sample code.

Give the error below I have done extensive research and I don't see what I have done wrong.

I have also looked at this url given in the error message which appears to be an older version of what you have in the sample above:
https://aka.ms/msal-net-enable-keychain-groups

Any assistance would be greatly appreciated.

Any log messages given by the failure

NOTE: I replaced my actual APP ID Prefix with MYAPPREFIX below. The actual error has the correct APP ID Prefix
ErrorCode: missing_entitlements
Microsoft.Identity.Client.MsalClientException: The application does not have keychain access groups enabled in the Entitlements.plist. As a result, there was a failure to save to the iOS keychain. The keychain access group 'MYAPPREFIX.com.microsoft.msalcache' is not enabled in the Entitlements.plist. Also, use the WithIosKeychainSecurityGroup api to set the keychain access group. See https://aka.ms/msal-net-enable-keychain-groups for more details on enabling keychain access groups and entitlements.

Expected/desired behavior

To get a valid AuthToken and have the info displayed on the page as specified in the tutorial.

OS and Version?

Windows 11, Visual Studio 17.10.0, .net 7.0, mac OS Ventura13.6.3

Daemon sample does not work with CIAM URL.

When trying to run the following error occurs:

Unhandled exception. MSAL.NetCore.4.53.0.0.MsalClientException: 
        ErrorCode: tenant_override_non_aad
Microsoft.Identity.Client.MsalClientException: WithTenantId can only be used when an AAD authority is specified at the application level.
   at Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithTenantId(String tenantId)
   at Microsoft.Identity.Web.TokenAcquisition.GetAuthenticationResultForAppAsync(String scope, String authenticationScheme, String tenant, TokenAcquisitionOptions tokenAcquisitionOptions)
   at Microsoft.Identity.Web.DefaultAuthorizationHeaderProvider.CreateAuthorizationHeaderForAppAsync(String scopes, AuthorizationHeaderProviderOptions downstreamApiOptions, CancellationToken cancellationToken)
   at Microsoft.Identity.Web.DownstreamApi.CallApiInternalAsync(String serviceName, DownstreamApiOptions effectiveOptions, Boolean appToken, HttpContent content, ClaimsPrincipal user, CancellationToken cancellationToken)
   at Microsoft.Identity.Web.DownstreamApi.PostForAppAsync[TInput,TOutput](String serviceName, TInput input, Action`1 downstreamApiOptionsOverride, CancellationToken cancellationToken)
   at Program.<Main>$(String[] args) in C:\GitHub\AzureSamples\ms-identity-ciam-dotnet-tutorial\2-Authorization\3-call-own-api-dotnet-core-daemon\ToDoListClient\Program.cs:line 30
   at Program.<Main>(String[] args)

You can find the error description here

Seems to be thrown by the core library with a tenant override which is not registered to be allowed.

Relevant code here

See https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/blob/43af949430f54bbc3045b58cbd0bb2950ed94867/1-Authentication/1-sign-in-aspnet-core-mvc/appsettings.json

line 8, "SignedOutCallbackPath " has an extra space.

@derisen @v-michaelmi @kengaderdus

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [x ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Follow the instructions from Tutorial: Create a .NET MAUI shell app

Any log messages given by the failure

After referencing the Microsoft.Identity.Client.Desktop package needed in MSALClientHelper.cs the MAUI app will not build and shows a NETSDK1136: The target framework must be Windows error.

Expected/desired behavior

After following the tutorial as written, the code builds.

OS and Version?

Windows 10

Versions

Mention any other details that might be useful

I created a git repo that just follows the instructions from the tutorial. The commits should tell the story (https://github.com/scottpantall/sign-in-maui/commits/master/).

The only reason for the Microsoft.Identity.Client.Desktop package in MSALClientHelper.cs is to use the WithWindowsEmbeddedBrowserSupport() extension method which documentation says is unnecessary for MAUI applications. When I removed this reference I was able to build my MAUI application.

• bug report -> please search issues before submitting
• [x ] feature request
• documentation issue or request
• regression (a behavior that used to work and stopped in a new release)

            // Get the Token acquirer factory instance. By default it reads an appsettings.json
            // file if it exists in the same folder as the app (make sure that the 
            // "Copy to Output Directory" property of the appsettings.json file is "Copy if newer").
            var tokenAcquirerFactory = TokenAcquirerFactory.GetDefaultInstance();

is it possible to somehow add functionality to get the value from your own azure app configuration the same way like below example so I dont need to store client secret inside the app, by default GetDefaultInstance(); gets that from appsettings.json that is not safe for the production
```
tokenAcquirerFactory.Services.AddDownstreamApi(ServiceName,
config.GetSection("DownstreamApi"));

Trying to execute 2-Authorization - 1-call-own-api-aspnet-core-mvc in External ID tenant.

My service api, client app registration and appsettings are correct. But getting the below error -

Response content: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
fail: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX20807: Unable to retrieve document from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. HttpResponseMessage: '[PII of type 'System.Net.Http.HttpResponseMessage' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', HttpResponseMessage.Content: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
fail: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
Message: IDX20803: Unable to obtain configuration from: 'https://trialexternalidfordemobban.ciamlogin.com/10e93a61-a289-4484-9a82-799587f1f2a9/.well-known/openid-configuration'. Will retry at '10/2/2023 7:35:20 PM +00:00'. Exception: 'System.IO.IOException: IDX20807: Unable to retrieve document from: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'. HttpResponseMessage: '[PII of type 'System.Net.Http.HttpResponseMessage' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]', HttpResponseMessage.Content: '[PII of type 'System.String' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)'., InnerException: System.IO.IOException.
fail: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
Message: IDX40001: Issuer: 'https://sts.windows.net/10e93a61-a289-4484-9a82-799587f1f2a9/', does not match any of the valid issuers provided for this application. , InnerException: System.InvalidOperationException.

This issue is for a: (mark with an x)

- [X] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Any log messages given by the failure

Expected/desired behavior

OS and Version?

Windows 11

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [x ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Link can be found in the README.md @ [Tutorial: Create user flow in ....]:
https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/blob/main/2-Authorization/2-call-own-api-blazor-server/README.md

Expected/desired behavior

Working Link

Mention any other details that might be useful

Broken Link:
https://github.com/microsoft/entra-previews/blob/PP2/docs/3-Create-sign-up-and-sign-in-user-flow.md

---

Thanks! We'll be in touch soon.

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [X ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Refer to https://github.com/Azure-Samples/ms-identity-ciam-dotnet-tutorial/tree/main/1-Authentication/2-sign-in-maui#:~:text=Open%20the%20Platforms%5CiOS,from%20the%20Azure%20portal.
A reference is made to the placeholder in the iOS AppDelegate.cs file. I do not see that placeholder.

Any log messages given by the failure

Expected/desired behavior

Adjust the AppDelegate.cs file to include the placeholder or adjust the step in the documentation.

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)
iOS

Versions

Mention any other details that might be useful

---

Thanks! We'll be in touch soon.