in src/Saas.Lib/Saas.Identity/Provider/SaasApiAuthenticationProvider.cs [27:58]
public SaasApiAuthenticationProvider(
IClientAssertionSigningProvider clientAssertionSigningProvider,
IOptions<TOptions> azureAdB2COptions,
IOptions<SaasApiScopeOptions<TProvider>> scopes,
IKeyVaultCredentialService credentialService,
ILogger<SaasApiAuthenticationProvider<TProvider, TOptions>> logger)
{
_logger = logger;
_scopes = scopes.Value.Scopes;
if (azureAdB2COptions.Value.KeyVaultCertificateReferences?.FirstOrDefault() is null)
{
logger.LogError("Certificate cannot be null.");
throw new NullReferenceException("Certificate cannot be null.");
}
_msalClient = new Lazy<IConfidentialClientApplication>(() =>
{
return ConfidentialClientApplicationBuilder
.Create(azureAdB2COptions.Value.ClientId)
.WithAuthority(AzureCloudInstance.AzurePublic, azureAdB2COptions.Value.TenantId)
.WithClientAssertion(
(options) =>
clientAssertionSigningProvider.GetClientAssertion(
azureAdB2COptions.Value.KeyVaultCertificateReferences.First(),
options.TokenEndpoint,
options.ClientID,
credentialService.GetCredential(),
TimeSpan.FromMinutes(10))).Build();
});
}