AzureAD · RyAuld · Feb 10, 2026 · Jan 27, 2026 · Jan 28, 2026 · Jan 29, 2026
@@ -13,7 +13,7 @@
   </PropertyGroup>
 
   <PropertyGroup Label="Common dependency versions">
-    <MicrosoftIdentityLabApiVersion>1.0.0</MicrosoftIdentityLabApiVersion>
+    <MicrosoftIdentityLabApiVersion>2.0.0</MicrosoftIdentityLabApiVersion>
     <BenchmarkDotNetVersion>0.13.12</BenchmarkDotNetVersion>
     <BenchmarkDotNetDiagnosticsWindowsVersion>0.13.12</BenchmarkDotNetDiagnosticsWindowsVersion>
     <SystemNetHttpVersion>4.3.4</SystemNetHttpVersion>

@@ -1,8 +1,8 @@
 {
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "TenantId": "msidlab4.onmicrosoft.com",
-        "ClientId": "f6b698c0-140c-448f-8155-4aa9bf77ceba",
+        "TenantId": "id4slab1.onmicrosoft.com",
+        "ClientId": "4ebc2cfc-14bf-4c88-9678-26543ec1c59d",
         "ClientCredentials": [
             {
                 "SourceType": "StoreWithDistinguishedName",

@@ -1,7 +1,7 @@
 @Microsoft.Identity.Web.Sidecar_HostAddress = http://localhost:5178
 
 @AccessToken =
-@ApiName = 
+@ApiName =
 
 ###
 
@@ -23,7 +23,7 @@ Get {{Microsoft.Identity.Web.Sidecar_HostAddress}}/AuthorizationHeaderUnauthenti
 
 ###
 
-GET {{Microsoft.Identity.Web.Sidecar_HostAddress}}/AuthorizationHeader/{{ApiName}}?optionsOverride.Scopes=User.Read&optionsOverride.AcquireTokenOptions.Tenant=f645ad92-e38d-4d1a-b510-d1b09a74a8ca
+GET {{Microsoft.Identity.Web.Sidecar_HostAddress}}/AuthorizationHeader/{{ApiName}}?optionsOverride.Scopes=User.Read&optionsOverride.AcquireTokenOptions.Tenant=10c419d4-4a50-45b2-aa4e-919fb84df24f
 Authorization: Bearer {{AccessToken}}
 
 ###

@@ -7,8 +7,8 @@
     */
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "TenantId": "", // f645ad92-e38d-4d1a-b510-d1b09a74a8ca
-        "ClientId": "", //"556d438d-2f4b-4add-9713-ede4e5f5d7da"
+        "TenantId": "", // 10c419d4-4a50-45b2-aa4e-919fb84df24f
+        "ClientId": "", //"a021aff4-57ad-453a-bae8-e4192e5860f3"
 
         // "Scopes": "" // access_as_user
 

@@ -1,9 +1,9 @@
 {
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "Domain": "msidlab4.onmicrosoft.com",
-        "TenantId": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
-        "ClientId": "9a192b78-6580-4f8a-aace-f36ffea4f7be",
+        "Domain": "id4slab1.onmicrosoft.com",
+        "TenantId": "10c419d4-4a50-45b2-aa4e-919fb84df24f",
+        "ClientId": "a599ce88-0a5f-4a6e-beca-e67d3fc427f4",
         // To call an API
         "ClientSecret": "[secret-from-portal]",
         "CallbackPath": "/signin-oidc"

@@ -1,8 +1,8 @@
 {
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "TenantId": "msidlab4.onmicrosoft.com",
-        "ClientId": "f6b698c0-140c-448f-8155-4aa9bf77ceba",
+        "TenantId": "id4slab1.onmicrosoft.com",
+        "ClientId": "4ebc2cfc-14bf-4c88-9678-26543ec1c59d",
         "ClientCredentials": [
             {
                 "SourceType": "StoreWithDistinguishedName",

@@ -1,8 +1,8 @@
 {
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "TenantId": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
-        "ClientId": "556d438d-2f4b-4add-9713-ede4e5f5d7da",
+        "TenantId": "10c419d4-4a50-45b2-aa4e-919fb84df24f",
+        "ClientId": "a021aff4-57ad-453a-bae8-e4192e5860f3",
         "Scopes": "https://graph.microsoft.com/.default"
     },
     "Logging": {

@@ -12,9 +12,9 @@
     },
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "Domain": "msidlab4.onmicrosoft.com",
-        "TenantId": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
-        "ClientId": "9a192b78-6580-4f8a-aace-f36ffea4f7be",
+        "Domain": "id4slab1.onmicrosoft.com",
+        "TenantId": "10c419d4-4a50-45b2-aa4e-919fb84df24f",
+            "ClientId": "a599ce88-0a5f-4a6e-beca-e67d3fc427f4",
         //"ClientSecret": "",
         "ClientCertificates": [
         ],

@@ -26,7 +26,7 @@ The examples depend on setting these variables
 ```sh
 $side_car_url = "<url sidecar is running at>"
 # Example values, use appropriate values for the token you want to request.
-$token = uv run --with msal get_token.py --client-id "f79f9db9-c582-4b7b-9d4c-0e8fd40623f0" --authority "https://login.microsoftonline.com/f645ad92-e38d-4d1a-b510-d1b09a74a8ca" --scope "api://556d438d-2f4b-4add-9713-ede4e5f5d7da/access_as_user"
+$token = uv run --with msal get_token.py --client-id "9808c2f0-4555-4dc2-beea-b4dc3212d39e" --authority "https://login.microsoftonline.com/10c419d4-4a50-45b2-aa4e-919fb84df24f" --scope "api://a021aff4-57ad-453a-bae8-e4192e5860f3/access_as_user"
 ```
 
 Example: validate an authorization header returned by `get_token.py`:

@@ -18,16 +18,16 @@ interface LoginRequest {
 }
 
 const loginRequest: LoginRequest = {
-    scopes: ["api://556d438d-2f4b-4add-9713-ede4e5f5d7da/access_as_user"],
+    scopes: ["api://a021aff4-57ad-453a-bae8-e4192e5860f3/access_as_user"],
     openBrowser,
     successTemplate: "Successfully signed in! You can close this window now."
 };
 
 // Create msal application object
 const pca = new PublicClientApplication({
     auth: {
-        clientId: "f79f9db9-c582-4b7b-9d4c-0e8fd40623f0",
-        authority: "https://login.microsoftonline.com/f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
+        clientId: "9808c2f0-4555-4dc2-beea-b4dc3212d39e",
+        authority: "https://login.microsoftonline.com/10c419d4-4a50-45b2-aa4e-919fb84df24f",
     }
 });
 

@@ -1,9 +1,9 @@
 {
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "Domain": "msidlab4.onmicrosoft.com",
-        "TenantId": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
-        "ClientId": "9a192b78-6580-4f8a-aace-f36ffea4f7be",
+        "Domain": "id4slab1.onmicrosoft.com",
+        "TenantId": "10c419d4-4a50-45b2-aa4e-919fb84df24f",
+        "ClientId": "a599ce88-0a5f-4a6e-beca-e67d3fc427f4",
         // To call an API
         //"EnablePiiLogging": true,
         "CallbackPath": "/signin-oidc",

@@ -51,7 +51,7 @@ public async Task<ActionResult> SayHello()
             var channel = GrpcChannel.ForAddress("https://localhost:5001");
             var client = new Greeter.GreeterClient(channel);
 
-            string token = await _tokenAcquisition.GetAccessTokenForUserAsync(new string[] { "api://556d438d-2f4b-4add-9713-ede4e5f5d7da/access_as_user" }).ConfigureAwait(false);
+            string token = await _tokenAcquisition.GetAccessTokenForUserAsync(new string[] { "api://a021aff4-57ad-453a-bae8-e4192e5860f3/access_as_user" }).ConfigureAwait(false);
 
             var headers = new Metadata();
             headers.Add("Authorization", $"Bearer {token}");

@@ -1,9 +1,9 @@
 {
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "Domain": "msidlab4.onmicrosoft.com",
-        "TenantId": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
-        "ClientId": "9a192b78-6580-4f8a-aace-f36ffea4f7be",
+        "Domain": "id4slab1.onmicrosoft.com",
+        "TenantId": "10c419d4-4a50-45b2-aa4e-919fb84df24f",
+        "ClientId": "a599ce88-0a5f-4a6e-beca-e67d3fc427f4",
         "CallbackPath": "/signin-oidc",
         "SignedOutCallbackPath ": "/signout-callback-oidc",
         "EnablePiiLogging": true,
@@ -21,23 +21,23 @@
     "DownstreamApis": {
         "TodoList": {
             // TodoListScope is the scope of the Web API you want to call.
-            "Scopes": [ "api://556d438d-2f4b-4add-9713-ede4e5f5d7da/access_as_user" ],
+            "Scopes": [ "api://a021aff4-57ad-453a-bae8-e4192e5860f3/access_as_user" ],
             "BaseUrl": "http://localhost:44350"
 
         },
         "SayHello": {
             // Scope for the web API set up w/gRPC
-            "Scopes": [ "api://556d438d-2f4b-4add-9713-ede4e5f5d7da/access_as_user" ],
+            "Scopes": [ "api://a021aff4-57ad-453a-bae8-e4192e5860f3/access_as_user" ],
             "BaseUrl": "https://localhost:5001"
         },
         "AzureFunction": {
             // Scope for the web API set up Azure function
-            "Scopes": [ "api://556d438d-2f4b-4add-9713-ede4e5f5d7da/access_as_user" ],
+            "Scopes": [ "api://a021aff4-57ad-453a-bae8-e4192e5860f3/access_as_user" ],
             "BaseUrl": "http://localhost:7071/api/SampleFunc"
         },
         "TodoListJwe": {
             // Scope for the web API used with the token decryption certificates.
-            "Scopes": [ "api://556d438d-2f4b-4add-9713-ede4e5f5d7da/access_as_user" ],
+            "Scopes": [ "api://a021aff4-57ad-453a-bae8-e4192e5860f3/access_as_user" ],
             "BaseUrl": "https://localhost:44350"
         }
     },

@@ -16,7 +16,7 @@
 
 namespace TodoListService.Controllers
 {
-    /* equivalent 
+    /* equivalent
     [Authorize(Policy = "RequiredScope(|AzureAd:Scope")]
     [Authorize(Policy = "RequiredScope(User.Read")]
     */
@@ -61,7 +61,7 @@ public async Task<IEnumerable<Todo>> GetAsync()
 
             await RegisterPeriodicCallbackForLongProcessing(null);
 
-            // string token1 = await _tokenAcquisition.GetAccessTokenForUserAsync(new string[] { "user.read" }, "f645ad92-e38d-4d1a-b510-d1b09a74a8ca").ConfigureAwait(false);
+            // string token1 = await _tokenAcquisition.GetAccessTokenForUserAsync(new string[] { "user.read" }, "10c419d4-4a50-45b2-aa4e-919fb84df24f").ConfigureAwait(false);
             // string token2 = await _tokenAcquisition.GetAccessTokenForUserAsync(new string[] { "user.read" }, "3ebb7dbb-24a5-4083-b60c-5a5977aabf3d").ConfigureAwait(false);
 
             await Task.FromResult(0); // fix CS1998 while the lines about the 2 tokens are commented out.
@@ -92,7 +92,7 @@ private async Task RegisterPeriodicCallbackForLongProcessing(string keyHint)
             Timer timer = new Timer(async (state) =>
             {
                 HttpClient httpClient = new HttpClient();
-                
+
                 var message = await httpClient.GetAsync(url); // CodeQL [SM03781] Requests are made to a sample controller on localhost
             }, null, 1000, 1000 * 60 * 1);  // Callback every minute
         }

@@ -1,12 +1,12 @@
 {
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "Domain": "msidlab4.onmicrosoft.com",
-        "TenantId": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
-        "ClientId": "556d438d-2f4b-4add-9713-ede4e5f5d7da", //"712ae8d7-548a-4306-95b6-ee9117ee86f0", JWE clientID
+        "Domain": "id4slab1.onmicrosoft.com",
+        "TenantId": "10c419d4-4a50-45b2-aa4e-919fb84df24f",
+        "ClientId": "a021aff4-57ad-453a-bae8-e4192e5860f3", //"712ae8d7-548a-4306-95b6-ee9117ee86f0", JWE clientID
 
         // Or instead of Instance + TenantId, you can use the Authority
-        // "Authority": "https://login.microsoftonline.com/f645ad92-e38d-4d1a-b510-d1b09a74a8ca/",
+        // "Authority": "https://login.microsoftonline.com/10c419d4-4a50-45b2-aa4e-919fb84df24f/",
 
         // To exercise the signing-key issuer:
         // - uncomment the following line (Authority)

@@ -1,9 +1,9 @@
 {
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "Domain": "msidlab4.onmicrosoft.com",
-        "TenantId": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
-        "ClientId": "556d438d-2f4b-4add-9713-ede4e5f5d7da",
+        "Domain": "id4slab1.onmicrosoft.com",
+        "TenantId": "10c419d4-4a50-45b2-aa4e-919fb84df24f",
+            "ClientId": "a021aff4-57ad-453a-bae8-e4192e5860f3",
         "ClientCertificates": [
             {
                 "SourceType": "StoreWithDistinguishedName",

@@ -1,9 +1,9 @@
 {
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "Domain": "msidlab4.onmicrosoft.com",
-        "TenantId": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
-        "ClientId": "556d438d-2f4b-4add-9713-ede4e5f5d7da", //"712ae8d7-548a-4306-95b6-ee9117ee86f0", JWE clientID
+        "Domain": "id4slab1.onmicrosoft.com",
+        "TenantId": "10c419d4-4a50-45b2-aa4e-919fb84df24f",
+            "ClientId": "a021aff4-57ad-453a-bae8-e4192e5860f3", //"712ae8d7-548a-4306-95b6-ee9117ee86f0", JWE clientID
         // "ClientSecret": "",
         "Scopes": "access_as_user",
         "EnableCacheSynchronization": false,

@@ -9,10 +9,10 @@
     <add key="webpages:Enabled" value="false"/>
     <add key="ClientValidationEnabled" value="true"/>
     <add key="UnobtrusiveJavaScriptEnabled" value="true"/>
-    <!--<add key="ida:ClientId" value="556d438d-2f4b-4add-9713-ede4e5f5d7da"/>
+	<!--<add key="ida:ClientId" value="a021aff4-57ad-453a-bae8-e4192e5860f3"/>
     <add key="ida:AADInstance" value="https://login.microsoftonline.com/"/>
-    <add key="ida:Domain" value="msidlab4.onmicrosoft.com"/>
-    <add key="ida:TenantId" value="f645ad92-e38d-4d1a-b510-d1b09a74a8ca"/>
+    <add key="ida:Domain" value="id4slab1.onmicrosoft.com"/>
+    <add key="ida:TenantId" value="10c419d4-4a50-45b2-aa4e-919fb84df24f"/>
     <add key="ida:PostLogoutRedirectUri" value="https://localhost:44386/signin-oidc"/>-->
   </appSettings>
   <system.web>

@@ -1,9 +1,9 @@
 {
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "Domain": "msidlab4.onmicrosoft.com",
-        "TenantId": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
-        "ClientId": "9a192b78-6580-4f8a-aace-f36ffea4f7be",
+        "Domain": "id4slab1.onmicrosoft.com",
+        "TenantId": "10c419d4-4a50-45b2-aa4e-919fb84df24f",
+            "ClientId": "a599ce88-0a5f-4a6e-beca-e67d3fc427f4",
         "RedirectUri": "https://localhost:44386/",
         //        "ClientSecret": "",
         "EnableCacheSynchronization": false,

@@ -88,7 +88,7 @@ else
         try
         {
             // Get the authorization header
-            var authorizationHeader = await authorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(["api://556d438d-2f4b-4add-9713-ede4e5f5d7da/.default"]
+                var authorizationHeader = await authorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(["api://a021aff4-57ad-453a-bae8-e4192e5860f3/.default"]
                     //claimsPrincipal: authenticationSate.User,
                     );
         }

@@ -16,7 +16,7 @@
 
 builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
     .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd"))
-    .EnableTokenAcquisitionToCallDownstreamApi(["api://556d438d-2f4b-4add-9713-ede4e5f5d7da/.default"])
+    .EnableTokenAcquisitionToCallDownstreamApi(["api://a021aff4-57ad-453a-bae8-e4192e5860f3/.default"])
     .AddInMemoryTokenCaches();
 
 builder.Services.AddMicrosoftIdentityConsentHandler();

@@ -2,9 +2,9 @@
     "$schema": "https://raw.githubusercontent.com/AzureAD/microsoft-identity-web/refs/heads/master/JsonSchemas/microsoft-identity-web.json",
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "Domain": "msidlab4.onmicrosoft.com",
-        "TenantId": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
-        "ClientId": "9a192b78-6580-4f8a-aace-f36ffea4f7be",
+        "Domain": "id4slab1.onmicrosoft.com",
+        "TenantId": "10c419d4-4a50-45b2-aa4e-919fb84df24f",
+        "ClientId": "a599ce88-0a5f-4a6e-beca-e67d3fc427f4",
         "CallbackPath": "/signin-oidc",
         "SignedOutCallbackPath ": "/signout-callback-oidc",
         "EnablePiiLogging": true,

@@ -1,9 +1,9 @@
 {
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "Domain": "msidlab4.onmicrosoft.com",
-        "TenantId": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
-        "ClientId": "9a192b78-6580-4f8a-aace-f36ffea4f7be",
+        "Domain": "id4slab1.onmicrosoft.com",
+        "TenantId": "10c419d4-4a50-45b2-aa4e-919fb84df24f",
+            "ClientId": "a599ce88-0a5f-4a6e-beca-e67d3fc427f4",
         "ClientCertificates": [
             {
                 "SourceType": "StoreWithDistinguishedName",
@@ -20,7 +20,7 @@
       - a scope corresponding to a V1 application (for instance <GUID>/user_impersonation, where  <GUID> is the
         clientId of a V1 application, created in the https://portal.azure.com portal.
     */
-        "Scopes": [ "api://556d438d-2f4b-4add-9713-ede4e5f5d7da/access_as_user" ],
+                "Scopes": [ "api://a021aff4-57ad-453a-bae8-e4192e5860f3/access_as_user" ],
         "BaseUrl": "https://localhost:44351",
         "RelativePath": "/api/todolist"
 

@@ -1,9 +1,9 @@
 {
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
-        "Domain": "msidlab4.onmicrosoft.com",
-        "TenantId": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
-        "ClientId": "556d438d-2f4b-4add-9713-ede4e5f5d7da"
+        "Domain": "id4slab1.onmicrosoft.com",
+        "TenantId": "10c419d4-4a50-45b2-aa4e-919fb84df24f",
+        "ClientId": "a021aff4-57ad-453a-bae8-e4192e5860f3"
     },
     "Kestrel": {
         "Endpoints": {

@@ -27,8 +27,8 @@ static async Task Main(string[] args)
             /*
             var tokenAcquirer = tokenAcquirerFactory.GetTokenAcquirer(new MicrosoftIdentityApplicationOptions
             {
-                ClientId = "f6b698c0-140c-448f-8155-4aa9bf77ceba",
-                Authority = "https://login.microsoftonline.com/msidlab4.onmicrosoft.com",
+                ClientId = "4ebc2cfc-14bf-4c88-9678-26543ec1c59d",
+                    Authority = "https://login.microsoftonline.com/id4slab1.onmicrosoft.com",
                 ClientCredentials = new[]
                 {
                     new CredentialDescription()
@@ -42,8 +42,8 @@ static async Task Main(string[] args)
             */
             // Or
             var tokenAcquirer = tokenAcquirerFactory.GetTokenAcquirer(
-                authority: "https://login.microsoftonline.com/msidlab4.onmicrosoft.com",
-                clientId: "f6b698c0-140c-448f-8155-4aa9bf77ceba",
+                    authority: "https://login.microsoftonline.com/id4slab1.onmicrosoft.com",
+                clientId: "4ebc2cfc-14bf-4c88-9678-26543ec1c59d",
                 clientCredentials: new[]
                 {
                     new CredentialDescription()

@@ -23,11 +23,11 @@ static async Task Main(string[] args)
         {
             var builder = WebApplication.CreateBuilder(args);
             var services = builder.Services;
-            
+
             services.Configure<MicrosoftIdentityOptions>(option => builder.Configuration.GetSection("AzureAd").Bind(option));
             services.AddTokenAcquisition();
             services.AddHttpClient();
-           
+
             //services.AddMicrosoftGraph(); // or services.AddTokenAcquisition() if you don't need graph
 
             // Add a cache
@@ -47,7 +47,7 @@ static async Task Main(string[] args)
             // Get the token acquisition service
             ITokenAcquirerFactory tokenAcquirerFactory = app.Services.GetRequiredService<ITokenAcquirerFactory>();
             var tokenAcquirer = tokenAcquirerFactory.GetTokenAcquirer();
-            var result = await tokenAcquirer.GetTokenForAppAsync("api://556d438d-2f4b-4add-9713-ede4e5f5d7da/.default");
+            var result = await tokenAcquirer.GetTokenForAppAsync("api://a021aff4-57ad-453a-bae8-e4192e5860f3/.default");
             Console.WriteLine($"Token expires on {result.ExpiresOn}");
 
 #endif