Add IsB2C field to app registrations, add Downstream API condition fo…

…r adding permissions
dotnet · Aug 6, 2022 · 9b1a0d0 · 9b1a0d0
1 parent a2cd3c7
commit 9b1a0d0
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 1 deletion.
diff --git a/...otNet.MSIdentity/MicrosoftIdentityPlatform/MicrosoftIdentityPlatformApplicationManager.cs b/...otNet.MSIdentity/MicrosoftIdentityPlatform/MicrosoftIdentityPlatformApplicationManager.cs
@@ -79,7 +79,7 @@ public class MicrosoftIdentityPlatformApplicationManager
                 .AddAsync(servicePrincipal).ConfigureAwait(false);
 
             // B2C does not allow user consent, and therefore we need to explicity grant permissions
-            if (applicationParameters.IsB2C)
+            if (applicationParameters.IsB2C && applicationParameters.CallsDownstreamApi) // TODO need to have admin permissions for the downstream API
             {
                 IEnumerable<IGrouping<string, ResourceAndScope>>? scopesPerResource = await AddApiPermissions(
                     applicationParameters,

diff --git a/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Tool/MsAADTool.cs b/src/MSIdentityScaffolding/Microsoft.DotNet.MSIdentity/Tool/MsAADTool.cs
@@ -125,6 +125,15 @@ internal async Task<string> PrintApplicationsList()
 
                 if (applicationList.Any())
                 {
+                    Organization? tenant = await GetTenant(GraphServiceClient);
+                    if (tenant != null && tenant.TenantType.Equals("AAD B2C", StringComparison.OrdinalIgnoreCase))
+                    {
+                        foreach (Application app in applicationList)
+                        {
+                            app.AdditionalData.Add("IsB2C", true);
+                        }
+                    }
+
                     //order list by created date.
                     applicationList = applicationList.OrderByDescending(app => app.CreatedDateTime).ToList();
 
@@ -150,6 +159,40 @@ internal async Task<string> PrintApplicationsList()
             return outputJsonString;
         }
 
+        private static async Task<Organization?> GetTenant(GraphServiceClient graphServiceClient)
+        {
+            Organization? tenant = null;
+            try
+            {
+                tenant = (await graphServiceClient.Organization
+                    .Request()
+                    .GetAsync()).FirstOrDefault();
+            }
+            catch (ServiceException ex)
+            {
+                if (ex.InnerException != null)
+                {
+                    Console.WriteLine(ex.InnerException.Message);
+                }
+                else
+                {
+                    if (ex.Message.Contains("User was not found") || ex.Message.Contains("not found in tenant"))
+                    {
+                        Console.WriteLine("User was not found.\nUse both --tenant-id <tenant> --username <username@tenant>.\nAnd re-run the tool.");
+                    }
+                    else
+                    {
+                        Console.WriteLine(ex.Message);
+                    }
+                }
+
+                Environment.Exit(1);
+            }
+
+            return tenant;
+        }
+
+
         internal async Task<string> PrintServicePrincipalList()
         {
             string outputJsonString = string.Empty;