IConfidentialClientApplication Interface

Definition

Component to be used with confidential client applications like Web Apps/API.

public interface IConfidentialClientApplication : Microsoft.Identity.Client.IClientApplicationBase
type IConfidentialClientApplication = interface
    interface IClientApplicationBase
Public Interface IConfidentialClientApplication
Implements IClientApplicationBase
Derived
Implements

Properties

AppConfig

Details on the configuration of the ClientApplication for debugging purposes.

(Inherited from IClientApplicationBase)
AppTokenCache
Authority (Inherited from IClientApplicationBase)
ClientId

Gets the Client ID (also known as Application ID) of the application as registered in the application registration portal (https://aka.ms/msal-net-register-app) and as passed in the constructor of the application.

(Inherited from IClientApplicationBase)
RedirectUri

The redirect URI (also known as Reply URI or Reply URL), is the URI at which Azure AD will contact back the application with the tokens. This redirect URI needs to be registered in the app registration (https://aka.ms/msal-net-register-app) In MSAL.NET, PublicClientApplication define the following default RedirectUri values:

  • urn:ietf:wg:oauth:2.0:oob for desktop (.NET Framework and .NET Core) applications
  • msal{ClientId} for Xamarin iOS and Xamarin Android (as this will be used by the system web browser by default on these platforms to call back the application)
These default URIs could change in the future. In ConfidentialClientApplication, this can be the URL of the Web application / Web API. (Inherited from IClientApplicationBase)
UserTokenCache (Inherited from IClientApplicationBase)

Methods

AcquireTokenByAuthorizationCode(IEnumerable<String>, String)

[V3 API] Acquires a security token from the authority configured in the app using the authorization code previously received from the STS. It uses the OAuth 2.0 authorization code flow (See https://aka.ms/msal-net-authorization-code). It's usually used in Web Apps (for instance ASP.NET / ASP.NET Core Web apps) which sign-in users, and can request an authorization code. This method does not lookup the token cache, but stores the result in it, so it can be looked up using other methods such as AcquireTokenSilent(IEnumerable<String>, IAccount).

AcquireTokenByAuthorizationCodeAsync(String, IEnumerable<String>)

[V2 API] Acquires security token from the authority using authorization code previously received. This method does not lookup token cache, but stores the result in it, so it can be looked up using other methods such as AcquireTokenSilentAsync(IEnumerable<String>, IAccount).

AcquireTokenForClient(IEnumerable<String>)

[V3 API] Acquires a token from the authority configured in the app, for the confidential client itself (in the name of no user) using the client credentials flow. See https://aka.ms/msal-net-client-credentials.

AcquireTokenForClientAsync(IEnumerable<String>)

[V2 API] Acquires token from the service for the confidential client. This method attempts to look up valid access token in the cache.

AcquireTokenForClientAsync(IEnumerable<String>, Boolean)

[V2 API] Acquires token from the service for the confidential client. This method attempts to look up valid access token in the cache.

AcquireTokenOnBehalfOf(IEnumerable<String>, UserAssertion)

[V3 API] Acquires an access token for this application (usually a Web API) from the authority configured in the application, in order to access another downstream protected Web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow. See https://aka.ms/msal-net-on-behalf-of. This confidential client application was itself called with a token which will be provided in the userAssertion parameter.

AcquireTokenOnBehalfOfAsync(IEnumerable<String>, UserAssertion)

[V3 API] Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of)

AcquireTokenOnBehalfOfAsync(IEnumerable<String>, UserAssertion, String)

[V3 API] Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of)

AcquireTokenSilent(IEnumerable<String>, IAccount)

Attempts to acquire an access token for the account from the user token cache, with advanced parameters controlling the network call. See https://aka.ms/msal-net-acquiretokensilent for more details

(Inherited from IClientApplicationBase)
AcquireTokenSilent(IEnumerable<String>, String)

Attempts to acquire an access token for the loginHint from the user token cache, with advanced parameters controlling the network call. See https://aka.ms/msal-net-acquiretokensilent for more details

(Inherited from IClientApplicationBase)
AcquireTokenSilentAsync(IEnumerable<String>, IAccount)

Attempts to acquire an access token for the account from the user token cache.

(Inherited from IClientApplicationBase)
AcquireTokenSilentAsync(IEnumerable<String>, IAccount, String, Boolean)

Attempts to acquire and access token for the account from the user token cache, with advanced parameters making a network call.

(Inherited from IClientApplicationBase)
GetAccountAsync(String)

Get the IAccount by its identifier among the accounts available in the token cache.

(Inherited from IClientApplicationBase)
GetAccountsAsync()

Returns all the available IAccount in the user token cache for the application.

(Inherited from IClientApplicationBase)
GetAuthorizationRequestUrl(IEnumerable<String>)

[V3 API] Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in the user's name. The URL targets the /authorize endpoint of the authority configured in the application. This override enables you to specify a login hint and extra query parameter.

GetAuthorizationRequestUrlAsync(IEnumerable<String>, String, String)

[V2 API] URL of the authorize endpoint including the query parameters.

GetAuthorizationRequestUrlAsync(IEnumerable<String>, String, String, String, IEnumerable<String>, String)

[V2 API] Gets URL of the authorize endpoint including the query parameters.

RemoveAsync(IAccount)

Removes all tokens in the cache for the specified account.

(Inherited from IClientApplicationBase)

Applies to