PublicClientApplication Class

Definition

Class to be used to acquire tokens in desktop or mobile applications (Desktop / UWP / Xamarin.iOS / Xamarin.Android). public client applications are not trusted to safely keep application secrets, and therefore they only access web APIs in the name of the user only. For details see https://aka.ms/msal-net-client-applications

public sealed class PublicClientApplication : Microsoft.Identity.Client.ClientApplicationBase, Microsoft.Identity.Client.IByRefreshToken, Microsoft.Identity.Client.IPublicClientApplication
type PublicClientApplication = class
    inherit ClientApplicationBase
    interface IPublicClientApplication
    interface IClientApplicationBase
    interface IByRefreshToken
Public NotInheritable Class PublicClientApplication
Inherits ClientApplicationBase
Implements IByRefreshToken, IPublicClientApplication
Inheritance
PublicClientApplication
Implements

Remarks

  • Contrary to ConfidentialClientApplication, public clients are unable to hold configuration time secrets, and as a result have no client secret
  • The redirect URL is pre-proposed by the library. It does not need to be passed in the constructor

Properties

AppConfig

Details on the configuration of the ClientApplication for debugging purposes.

(Inherited from ClientApplicationBase)
Authority (Inherited from ClientApplicationBase)
IsSystemWebViewAvailable

Returns true if MSAL can use a system browser.

OperatingSystemAccount

Currently only the Windows broker is able to login with the current user, see https://aka.ms/msal-net-wam for details.

A special account value that indicates that the current Operating System account should be used to login the user. Not all operating systems and authentication flows support this concept, in which case calling AcquireTokenSilent will throw an MsalUiRequiredException.

UserTokenCache (Inherited from ClientApplicationBase)

Methods

AcquireTokenByIntegratedWindowsAuth(IEnumerable<String>)

Non-interactive request to acquire a security token for the signed-in user in Windows, via Integrated Windows Authentication. See https://aka.ms/msal-net-iwa. The account used in this overrides is pulled from the operating system as the current user principal name.

AcquireTokenByUsernamePassword(IEnumerable<String>, String, SecureString)

Non-interactive request to acquire a security token from the authority, via Username/Password Authentication. See https://aka.ms/msal-net-up for details.

AcquireTokenInteractive(IEnumerable<String>)

Interactive request to acquire a token for the specified scopes. The interactive window will be parented to the specified window. The user will be required to select an account.

AcquireTokenSilent(IEnumerable<String>, IAccount)

[V3 API] Attempts to acquire an access token for the account from the user token cache. See https://aka.ms/msal-net-acquiretokensilent for more details

(Inherited from ClientApplicationBase)
AcquireTokenSilent(IEnumerable<String>, String)

[V3 API] Attempts to acquire an access token for the IAccount having the Username match the given loginHint, from the user token cache. See https://aka.ms/msal-net-acquiretokensilent for more details

(Inherited from ClientApplicationBase)
AcquireTokenWithDeviceCode(IEnumerable<String>, Func<DeviceCodeResult,Task>)

Acquires a security token on a device without a web browser, by letting the user authenticate on another device. This is done in two steps:

  • The method first acquires a device code from the authority and returns it to the caller via the deviceCodeResultCallback. This callback takes care of interacting with the user to direct them to authenticate (to a specific URL, with a code)
  • The method then proceeds to poll for the security token which is granted upon successful login by the user based on the device code information
See https://aka.ms/msal-device-code-flow.
GetAccountAsync(String)

Get the IAccount by its identifier among the accounts available in the token cache.

(Inherited from ClientApplicationBase)
GetAccountsAsync()

Returns all the available IAccount in the user token cache for the application.

(Inherited from ClientApplicationBase)
GetAccountsAsync(String)

Get the IAccount collection by its identifier among the accounts available in the token cache, based on the user flow. This is for Azure AD B2C scenarios.

(Inherited from ClientApplicationBase)
IsBrokerAvailable()

Returns true if a broker can be used.

IsEmbeddedWebViewAvailable()

Returns true if MSAL can use an embedded webview (browser).

IsUserInteractive()

Returns false when the program runs in headless OS, for example when SSH-ed into a Linux machine. Browsers (webviews) and brokers cannot be used if there is no UI support. Instead, please use AcquireTokenWithDeviceCode(IEnumerable<String>, Func<DeviceCodeResult,Task>)

RemoveAsync(IAccount)

Removes all tokens in the cache for the specified account.

(Inherited from ClientApplicationBase)

Explicit Interface Implementations

IByRefreshToken.AcquireTokenByRefreshToken(IEnumerable<String>, String)

Extension Methods

IsEmbeddedWebViewAvailable(IPublicClientApplication)

Returns true if MSAL can use an embedded webview (browser).

IsSystemWebViewAvailable(IPublicClientApplication)

Returns true if MSAL can use a system browser.

IsUserInteractive(IPublicClientApplication)

Returns false when the program runs in headless OS, for example when SSH-ed into a Linux machine. Browsers (webviews) and brokers cannot be used if there is no UI support. Instead, please use AcquireTokenWithDeviceCode(IEnumerable<String>, Func<DeviceCodeResult,Task>) or AcquireTokenByIntegratedWindowsAuth(IEnumerable<String>)

Applies to