Description
Library version used
4.61.1
.NET version
.NET 7.0
Scenario
PublicClient - mobile app
Is this a new or an existing app?
This is a new app or experiment
Issue description and reproduction steps
For MS Graph access we are using service accounts with delegated permissions.
To access login.microsoft.com we are using an implementation with the HttpClientFactory to route the traffic over the a proxy.
Now we got a security requirement to not directly use the proxy anymore, but we have to use our enterprise service gateway to which we provide a cerrtificate fe: "api-cert.company.ch/application-id/rest/microsoft/auth/v1" which then redirects to login.microsoft.com + our tenantId
I tried to use the new OidcAuthority (which is still in Experimental I know) but it doesn't set an URI for the UserRealmUriPrefix which then tries to make a call to https://loginSMTP/?api-version=1.0 which doesn't make much sense
Is there a way where i can achieve what i want to do?
Relevant code snippets
PublicClientApplicationBuilder
.CreateWithApplicationOptions(pcaOptions)
.WithExperimentalFeatures(true)
.WithOidcAuthority(o365IntegrationOptions.BaseUrl)
.WithDefaultRedirectUri() //https://login.microsoftonline.com/common/oauth2/nativeclient
.WithHttpClientFactory(serviceProvider.GetRequiredService<IWebProxyMsalClientFactory>()) // new doesn't have the proxy, but adds a certificate to the requests
.Build();Expected behavior
The expected behaviour is either to skip the user realm discovery somehow, or that I can manually set the Uri for the OIDC Case.
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
4.61.1
Solution and workarounds
No response