WAM

## Improved experience using Windows broker (WAM) is now generally available starting 4.52+ The new MSAL WAM is an abstraction layer based on MSAL C++ which fixes a number of issues with the old WAM implementation and provides other benefits. **New applications should use this implementation** (also see WAM limitations). - New implementation is more stable, easier to add new features, less chance of regressions. - Works in apps that are run-as-admin. - Adds support for Proof-of-Possession tokens. - Fixes assembly size issues. … ... Because the netcoreapp3.1 target framework has reached the end of life this past December, our team will no longer offer support for applications using MSAL with the specific version of .NET Core. We recommend upgrading to the latest version of the .NET platform, where possible. ## Parent Window Handles It is now mandatory to tell MSAL the window the interactive experience should be parented to, using ``` WithParentActivityOrWindow ``` APIs. Trying to infer a window is not feasible and in the past, this has led to bad user experience where the auth window is hidden behind the application. … ## Redirect URI WAM redirect URIs do not need to be configured in MSAL, but they must be configured in the app registration. ``` ms-appx-web://microsoft.aad.brokerplugin/{client_id} ``` ## Username / Password flow This flow is not recommended except in test scenarios or in scenarios where service principal access to a resource gives it too much access and you can only scope it down with user flows. When using WAM, ``` AcquireTokenByUsernamePassword ``` will let WAM handle the protocol and fetch tokens. ## WAM limitations - B2C and ADFS authorities aren't supported. MSAL will fall back to a browser. - Available on Windows 10+ and Windows Server 2019+. On Mac, Linux, and earlier versions of Windows, MSAL will fall back to a browser. - WAM Preview is not available on UWP; instead use the old WAM implementation. … ### Advanced topics - High Availability - Token cache serialization - Logging - Exceptions in MSAL - Retry Policy - UiRequired exception classification - State Mismatch Error - Provide your own Httpclient and proxy - Extensibility Points - Clearing the cache - Client Credentials Multi-Tenant guidance - Performance perspectives - Differences between ADAL.NET and MSAL.NET Apps - PowerShell support - Testing apps that use MSAL ... - Proof of Possession (PoP) tokens - Using in Azure functions - Extract info from WWW-Authenticate headers - SPA Authorization Code