diff --git a/aspnetcore/migration/31-to-50.md b/aspnetcore/migration/31-to-50.md index eb0bc3cece..6bc0a5b3ad 100644 --- a/aspnetcore/migration/31-to-50.md +++ b/aspnetcore/migration/31-to-50.md @@ -101,7 +101,9 @@ For a standalone Blazor WebAssembly app registered in the Azure portal to use Az options.ProviderOptions.DefaultAccessTokenScopes.Add("offline_access"); ``` -* The platform configuration is set to **Single-page application (SPA)** in the Azure portal with the app's redirect URI. +* In the Azure portal app registration **Authentication** blade, set the platform configuration to **Single-page application** with the app's redirect URI. + +* Also in the **Authentication** blade, disable **Implicit grant** for **Access tokens** and **ID tokens**. For more information, see . @@ -116,7 +118,9 @@ For a standalone Blazor WebAssembly app registered in the Azure portal to use Az .Add("https://graph.microsoft.com/User.Read"); ``` -* The platform configuration is set to **Single-page application (SPA)** in the Azure portal with the app's redirect URI. +* In the Azure portal app registration **Authentication** blade, set the platform configuration to **Single-page application** with the app's redirect URI. + +* Also in the **Authentication** blade, disable **Implicit grant** for **Access tokens** and **ID tokens**. For more information, see . @@ -131,14 +135,52 @@ For a standalone Blazor WebAssembly app registered in the Azure portal to use Az options.ProviderOptions.DefaultAccessTokenScopes.Add("offline_access"); ``` -* The platform configuration is set to **Single-page application (SPA)** in the Azure portal with the app's redirect URI. +* In the Azure portal app registration **Authentication** blade, set the platform configuration to **Single-page application** with the app's redirect URI. + +* Also in the **Authentication** blade, disable **Implicit grant** for **Access tokens** and **ID tokens**. For more information, see . +### Hosted Blazor WebAssembly app with Azure Active Directory (AAD) or B2C + +The *`Client`* app registration of a hosted Blazor solution that uses AAD or AAD B2C for user authentication should use a **Single-page application** Azure Apps platform configuration: + +1. In the Azure portal app registration for the *`Client`* app, remove the **Web** platform configuration. +1. Add a **Single-page application** platform configuration with the app's redirect URI. +1. Disable **Implicit grant** for **Access tokens** and **ID tokens**. + +For more information, see: + +* +* + ### Update the Server project of a hosted Blazor solution Update the *`Server`* project of a hosted Blazor solution as an ASP.NET Core app following the general guidance in this article. +Additionally, *`Server`* projects that authenticate users to client Blazor WebAssembly apps with Azure Active Directory (AAD) or B2C should adopt new Microsoft Identity v2.0 packages: + +For AAD: + +```diff +- ++ ++ +``` + +For AAD B2C: + +```diff +- ++ ++ +``` + +For more information, see: + +* +* + ### Unauthorized client for Azure Active Directory (AAD) After upgrading a Blazor WebAssembly app that uses AAD for authentication, you may receive the following error on the login callback to the app after the user signs in with AAD: