We have a .netCore web api protected by OAuth authentication for azureAD.
We use Microsoft.Identity.Web :
services.AddMicrosoftIdentityWebApiAuthentication(configuration, AzureAdOptions.Options, AzureAdOptions.BearerAuthenticationScheme);
It works perfectly with implicit flow, with a token that contain upn.
A customer want to call our api with client credentials flow and with it the token doesn’t contain an user, only an appid.
We check id user is authenticated like this :
context.User.Identity.IsAuthenticated
But in this case User is null, that is normal.
I would like to add a function to validate the token and if this token doesn’t have upn, set a mock user in context with appid as username.
Is there a mean to do that ?
Thank you for your help