microsoft-identity-web: AddMicrosoftGraph() does not support new graph SDK 5.0.0

I would argue for developers experience it can get tedious deciding which nuget package to install for which purposes. I just want to authenticate my application and call some graph apis that I’ve been granted permissions for.

I found the starter templates helpful for this purpose. I didn’t have to think, I was just able to add authentication and plug in my ClientID and Secret and get to implementing business logic.

From my experience -

• I see there’s an update to Microsoft.Graph update it on my aspnet hosted blazor app
• Look at docs to see what’s new and how I need to restructure my graph calls
• Oops I can’t use AddMicrosoftGraph in my startup anymore
• Check to see if there’s a new function or overload that I’m missing out on
• That doesn’t work. Let me look into Microsoft.Graph since that’s the only package I upgraded and none of my other packages have a dependency on it
• Nothing is in an online search so make a github issue the msgraph-sdk-dotnet repo
• Turns out it’s actually the Microsoft.Identity.Web package
• I guess I’ll wait until a new major release…

I am at least aware of this issue so I could feasibly pivot and install a different Identity package, but for other devs who want to stay on top of new releases, they’ll run into the same hoops I did just to find out they need to use a whole new package - which is documented 🤷

I believe it’s a better experience to have teams that don’t want to upgrade the graph sdk to also not upgrade their identity package. However, I can see the painpoint of coordinating major releases with the sdk team and it’s not an ideal coupling.

Released in 2.12.2

Same for me.

using

    "Microsoft.Graph" Version="5.14.0" />

    "Microsoft.Identity.Web" Version="2.12.2" />

    "Microsoft.Identity.Web.MicrosoftGraph" Version="2.12.2" />

And it still doesn’t work.

@adukstad

Is Microsoft.Graph.GraphServiceClient the old one?

No, it is the new one. Here https://github.com/AzureAD/microsoft-identity-web/blob/jmprieur/Graph5/src/Microsoft.Identity.Web.GraphServiceClient/Readme.md

Truth be said I do not think this should have been a stable release. It breaks way too much things including basic templates which makes it really hard for developers used to stuff working out of the box.

@mtbayley: I think that this is what we are going to do (to let customers decide when they want to migrate to 5 as some feedback told us attempted to move to 5 broker a lot of their code and is not straightforward)

What happens

@shareonline, @AndreErb Microsoft.Graph SDK 5.0 has breaking changes with respect to 4.x, including on the auth side. Thanks @ashelopukho for providing the start of the work-around.

But the auth breaking changes are not the whole story. Some of the changes affect the [developer experience] (https://github.com/AzureAD/microsoft-identity-web/wiki/calling-graph) proposed in Microsoft.Identity.Web (.WithScopes, .WithAppOnly). We need to be re-think the developer experience with MSGraph 5.0 SDK (as the Request() method that was holding these extension methods is no longer part of MSGraph SDK 5.0 public API).

Moreover, I wonder if we should add another assembly supporting MicrosoftGraph 5.0 SDK (Microsoft.Identity.Web.MicrosoftGraph), to avoid breaking everybody, or take another major version (3.0) and change Microsoft.Identity.Web.MicrosoftGraph and Microsoft.Identity.Web.MicrosoftGraphBeta.

All that to say we need a bit of time to update Microsoft.Identity.Web.MicrosoftGraph(X) to Microsoft Graph SDK.

Question for the community

Would you be ready to break your code using the Graph SDK when you update to a future version of Microsoft.Identity.Web 5.0? Or would you prefer to separate the decisions of upgrading to Microsoft.Identiy.Web 2.+ and Microsoft.Graph SDK 5.0+?

Any feedback welcome on how you’d like to see things

There is no question that i would be willing to break the code when upgrading. I mean that’s what we are doing when upgrading to Graph 5.x anyway… But tight integration may not be a good idea in the future as in theory this could slow adoption of the graph sdk. I think alot of developers like the “out of box” experience to spin up a project quickly based on Azure AD and Graph… to be completely honest the Microsoft.Identity.Web is something i am using to easily start a project based on Azure AD login. It’s the default behavior for the visual studio template, so in my mind i would have thought it followed the graph sdk. I would be willing to test stuff out for you if neccesary of course. I really like the new syntax for the graph sdk over the old one. It makes more sense from a developer point of view in my mind. Granted we got used to the request syntax, but the new syntax is more logic i think…

@shareonline Temporary solution: https://gist.github.com/ashelopukho/5b00944c7744ebb4f9baa348e86f7e0e

@andymarksonline I figured it out. I’ve dived into source code and it seems there are several GraphServiceCollectionExtensions which provide AddMicrosoftGraph with same signatures. One in Microsoft.Identity.Web.MicrosoftGraph, one in Microsoft.Identity.Web.GraphServiceClient.

It seems the former is the old one and uses old Core Options that are not present in current version. Including Microsoft.Identity.Web.GraphServiceClient instead of Microsoft.Identity.Web.MicrosoftGraph solved the issue.

So confusing 😃

2/16/23

Do you mean 6/16/23?

Yes, sorry got the version (2.12) and the date (6/16) mixed together. 🤦thanks for calling it out.

Can’t wait for this! Good job everyone involved, it makes our .NET lives much easier 😏

2/16/23

Do you mean 6/16/23?

When can we expect the next release including this fix?

Can anyone at all explain to me how I can get graph working? I’m like brand new to this and I’m trying to make graph calls with a “Users.Read.All” scope from my application, but I cannot get it to work and there’s very little information as to how to do so.

I am using ASP.NET Core 7.0 Web API.

So far I have this setup, with @ashelopukho 's work around with the following:

builder.Services.AddMicrosoftIdentityWebApiAuthentication(builder.Configuration, "AzureAd")
    .EnableTokenAcquisitionToCallDownstreamApi().AddInMemoryTokenCaches();
builder.Services.AddMicrosoftGraphClient();

This throws the following error:

 An MsalUiRequiredException was thrown due to a challenge for the user.

However, I am able to call the graph endpoint with my associated client id, client secret, tenant id, grant_type, at:

https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token

And I can successfully retrieve a token and query the microsoft graph endpoint with it.

Does anyone know how to just set this up right now? The documentation is vast and unclear with multiple ways to do the same thing and none of them work. Even worse, if i wanted to use old packages, i don’t know which ones to use and Microsoft.Identity.Web, Microsoft.Graph and Microsoft.Graph.Core all depend on each other in some way that I don’t understand.

Same here.

In fact it throws TypeLoadException: Could not load type 'Microsoft.Graph.IAuthenticationProviderOption' from assembly 'Microsoft.Graph.Core, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'. Microsoft.Identity.Web.GraphServiceCollectionExtensions+<>c.<AddMicrosoftGraph>b__1_0(IServiceProvider serviceProvider)

Needed to downgrade to Microsoft.Graph 4.54.0 in order to make it run again. Didn’t want to introduce a temporary solution in my Blazor App, like @ashelopukho kindly offered.