How call to register printer with using provider is not calling popup dialog for Azure Login?

%3CLINGO-SUB%20id%3D%22lingo-sub-2545278%22%20slang%3D%22en-US%22%3EHow%20call%20to%20register%20printer%20with%20using%20provider%20is%20not%20calling%20popup%20dialog%20for%20Azure%20Login%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2545278%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20client%20app%20where%20I%20can%20get%20berier%20token%20and%20pass%20it%20to%20service%20to%20Register%20printer.%3C%2FP%3E%3CP%3EBut%20how%20to%20register%20printer%20without%20using%20delegating%20provider%3F%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3E%20%20%20%20%20%20%20%20private%20static%20IAuthenticationProvider%20GetDelegatedAuthProvider()%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20IPublicClientApplication%20app%20%3D%20PublicClientApplicationBuilder%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.Create(Config.ClientId)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.WithTenantId(Config.Tenant)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.WithRedirectUri(%22https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fnativeclient%22)%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.WithDesktopFeatures()%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.Build()%3B%0A%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20new%20InteractiveAuthenticationProvider(app)%3B%0A%20%20%20%20%20%20%20%20%7D%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3Eif%20I%20use%20application%20provider%20then%20printer%20registration%20fails%3A%3C%2FP%3E%3CP%3E%3CEM%3E%3CSTRONG%3EMicrosoft.Graph.ServiceException%3A%20Code%3A%20403%3C%2FSTRONG%3E%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3E%3CSTRONG%3EMessage%3A%20The%20token%20does%20not%20have%20one%20or%20more%20required%20security%20scopes.%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3EWhat%20should%20I%20do%20prevent%20using%20delegating%20provider%20for%20operations%20requiring%20delegation%20permissions%20in%26nbsp%3B%20the%20service%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2588206%22%20slang%3D%22en-US%22%3ERe%3A%20How%20call%20to%20register%20printer%20with%20using%20provider%20is%20not%20calling%20popup%20dialog%20for%20Azure%20Login%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2588206%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1048245%22%20target%3D%22_blank%22%3E%40ktchoumak%3C%2FA%3E%26nbsp%3B-%20to%20register%20a%20printer%20we%20need%20it%20to%20be%20done%20explicitly%20by%20a%20printer%20admin%20action%20-%20thats%20why%20there%20you%20need%20the%20delegated%20token.%20Please%20note%2C%20if%20you%20are%20registering%20multiple%20printers%20at%20the%20same%20time%20and%20session%20length%20exceeds%20the%20expiry%20time%20of%20the%20token%20(typically%20one%20hour)%2C%20then%20you%20can%20refresh%20the%20token%20without%20requiring%20the%20user%20to%20login.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20there%20is%20a%20strong%20scenario%20where%20you%20absolutely%20need%20application%20token%2C%20then%20I%20recommend%20filing%20a%20feature%20request%20at%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FUPIdeas%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2FUPIdeas%3C%2FA%3E.%20Please%20explain%20your%20scenario%20in%20detail.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3CBR%20%2F%3ESaurabh%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I have a client app where I can get berier token and pass it to service to Register printer.

But how to register printer without using delegating provider?

        private static IAuthenticationProvider GetDelegatedAuthProvider()
        {
            IPublicClientApplication app = PublicClientApplicationBuilder
                .Create(Config.ClientId)
                .WithTenantId(Config.Tenant)
                .WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient")
                .WithDesktopFeatures()
                .Build();

            return new InteractiveAuthenticationProvider(app);
        }

if I use application provider then printer registration fails:

Microsoft.Graph.ServiceException: Code: 403
Message: The token does not have one or more required security scopes.

What should I do prevent using delegating provider for operations requiring delegation permissions in  the service?

2 Replies

@ktchoumak - to register a printer we need it to be done explicitly by a printer admin action - thats why there you need the delegated token. Please note, if you are registering multiple printers at the same time and session length exceeds the expiry time of the token (typically one hour), then you can refresh the token without requiring the user to login.

 

If there is a strong scenario where you absolutely need application token, then I recommend filing a feature request at https://aka.ms/UPIdeas. Please explain your scenario in detail.

 

Thanks,
Saurabh

Thanks for answer - I found solution: use custom provider:
public class myProvider : Microsoft.Graph.IAuthenticationProvider
{
string Token { get; set; }

public myProvider (string bearerToken)
{
Token = bearerToken;
}
public Task AuthenticateRequestAsync(HttpRequestMessage request)
{
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", Token);
return Task.FromResult(false);
}
}