AuthenticationContext Class

  • Reference
Package:
com.microsoft.aad.adal
  • java.lang.Object
    • com.microsoft.aad.adal.AuthenticationContext

public class AuthenticationContext

ADAL context to get access token, refresh token, and lookup from cache.

Constructor Summary

Constructor Description
AuthenticationContext(@NonNull final Context appContext, @NonNull final String authority, @Nullable final ITokenCacheStore tokenCacheStore)

It will verify the authority and use the given cache. If cache is null, it will not use cache.
AuthenticationContext(@NonNull final Context appContext, @NonNull final String authority, final boolean validateAuthority)

Constructs context to use with known authority to get the token. It uses default cache that stores encrypted tokens.
AuthenticationContext(@NonNull final Context appContext, @NonNull final String authority, final boolean validateAuthority, @Nullable final ITokenCacheStore tokenCacheStore)

Constructs context to use with known authority to get the token. It uses provided cache.

Method Summary

Modifier and Type Method and Description
void acquireToken(Activity activity, String resource, String clientId, @Nullable String redirectUri, @Nullable PromptBehavior prompt, @Nullable String extraQueryParameters, AuthenticationCallback<AuthenticationResult> callback)

acquireToken will start interactive flow if needed. It checks the cache to return existing result if not expired. It tries to use refresh token if available. If it fails to get token with refresh token, behavior will depend on options. If promptbehavior is AUTO, it will remove this refresh token from cache and fall back on the UI if activitycontext is not null. Default is AUTO.
void acquireToken(Activity activity, String resource, String clientId, @Nullable String redirectUri, @Nullable PromptBehavior prompt, AuthenticationCallback<AuthenticationResult> callback)

acquireToken will start interactive flow if needed. It checks the cache to return existing result if not expired. It tries to use refresh token if available. If it fails to get token with refresh token, behavior will depend on options. If PromptBehavior is AUTO, it will remove this refresh token from cache and fall back on the UI. Default is AUTO. if PromptBehavior is Always, it will display prompt screen.
void acquireToken(Activity activity, String resource, String clientId, @Nullable String redirectUri, @Nullable String loginHint, @Nullable PromptBehavior prompt, @Nullable String extraQueryParameters, AuthenticationCallback<AuthenticationResult> callback)

acquireToken will start interactive flow if needed. It checks the cache to return existing result if not expired. It tries to use refresh token if available. If it fails to get token with refresh token, behavior will depend on options. If promptbehavior is AUTO, it will remove this refresh token from cache and fall back on the UI if activitycontext is not null. Default is AUTO.
void acquireToken(Activity activity, String resource, String clientId, @Nullable String redirectUri, @Nullable String loginHint, @Nullable String extraQueryParameters, AuthenticationCallback<AuthenticationResult> callback)

acquireToken will start interactive flow if needed. It checks the cache to return existing result if not expired. It tries to use the refresh token if available. If it fails to get token with refresh token, it will remove this refresh token from cache and fall back on the UI.
void acquireToken(Activity activity, String resource, String clientId, @Nullable String redirectUri, @Nullable String loginHint, AuthenticationCallback<AuthenticationResult> callback)

acquireToken will start interactive flow if needed. It checks the cache to return existing result if not expired. It tries to use refresh token if available. If it fails to get token with refresh token, it will remove this refresh token from cache and start authentication.
void acquireToken(final Activity activity, final String resource, final String clientId, @Nullable String redirectUri, @Nullable final String loginHint, @Nullable final PromptBehavior prompt, @Nullable String extraQueryParameters, @Nullable final String claims, final AuthenticationCallback<AuthenticationResult> callback)

acquireToken will start an interactive auth flow to acquire new tokens with the requested claims. Bypasses token cache if promptbehavior is not AUTO or claims are passed.
void acquireToken(final IWindowComponent fragment, final String resource, final String clientId, @Nullable String redirectUri, @Nullable final String loginHint, @Nullable final PromptBehavior prompt, @Nullable String extraQueryParameters, @Nullable final String claims, final AuthenticationCallback<AuthenticationResult> callback)

acquireToken will start an interactive auth flow to acquire new tokens with the requested claims. Bypasses token cache if promptbehavior is not AUTO or claims are passed.
void acquireToken(final String resource, final String clientId, @Nullable String redirectUri, @Nullable final String loginHint, @Nullable final PromptBehavior prompt, @Nullable String extraQueryParameters, @Nullable final String claims, final AuthenticationCallback<AuthenticationResult> callback)

acquireToken will authorize an end user to call the specified resource. The access token returned from the STS will be sent to the AuthenticationCallback<T> and can be used to call the specified protected resource. Bypasses token cache if

void acquireToken(IWindowComponent fragment, String resource, String clientId, @Nullable String redirectUri, @Nullable String loginHint, @Nullable PromptBehavior prompt, @Nullable String extraQueryParameters, AuthenticationCallback<AuthenticationResult> callback)

It will start interactive flow if needed. It checks the cache to return existing result if not expired. It tries to use refresh token if available. If it fails to get token with refresh token, behavior will depend on options. If promptbehavior is AUTO, it will remove this refresh token from cache and fall back on the UI. Default is AUTO.
void acquireToken(String resource, String clientId, @Nullable String redirectUri, @Nullable String loginHint, @Nullable PromptBehavior prompt, @Nullable String extraQueryParameters, AuthenticationCallback<AuthenticationResult> callback)

acquireToken will authorize an end user to call the specified resource. The access token returned from the STS will be sent to the AuthenticationCallback<T> and can be used to call the specified protected resource. By default, acquireToken will attempt to fulfill the request silently, and perform an interactive login if needed or explicitly specified in the request. This overload uses an [AlertDialog](https://developer.android.com/guide/topics/ui/dialogs) when user interaction is required. This overload does not support any flow requiring a [token broker](https://github.com/AzureAD/azure-activedirectory-library-for-android/wiki/Broker).
void acquireTokenByRefreshToken(String refreshToken, String clientId, AuthenticationCallback<AuthenticationResult> callback)

acquire token using refresh token if cache is not used. Otherwise, use acquireToken to let the ADAL handle the cache lookup and refresh token request.

<xreftitle>Deprecated</xreftitle>

<xrefdescription>

  <p>

    <xref uid="" data-throw-if-not-resolved="false" data-raw-source="AuthenticationContext#acquireTokenByRefreshToken(String, String, AuthenticationCallback)"></xref> will be removed from the next major release. We don't recommend developers taking dependency on refresh token, ADAL will handle the cache lookup, and refresh the RT if necessary. </p>

</xrefdescription>
void acquireTokenByRefreshToken(String refreshToken, String clientId, String resource, AuthenticationCallback<AuthenticationResult> callback)

acquire token using refresh token if cache is not used. Otherwise, use acquireToken to let the ADAL handle the cache lookup and refresh token request.

<xreftitle>Deprecated</xreftitle>

<xrefdescription>

  <p>

    <xref uid="" data-throw-if-not-resolved="false" data-raw-source="AuthenticationContext#acquireTokenByRefreshToken(String, String, AuthenticationCallback)"></xref> will be removed from the next major release. We don't recommend developers taking dependency on refresh token, ADAL will handle the cache lookup, and refresh the RT if necessary. </p>

</xrefdescription>
Future<AuthenticationResult> acquireTokenSilent(String resource, String clientId, String userId, final AuthenticationCallback<AuthenticationResult> callback)

The function will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception

<xreftitle>Deprecated</xreftitle>

<xrefdescription>

  <p>Use the <xref uid="com.microsoft.aad.adal.AuthenticationContext.acquireTokenSilentAsync(String,String,String,AuthenticationCallback&lt;AuthenticationResult&gt;)" data-throw-if-not-resolved="false" data-raw-source="acquireTokenSilentAsync"></xref> method. </p>

</xrefdescription>
void acquireTokenSilentAsync(String resource, String clientId, String userId, @Nullable String claims, AuthenticationCallback<AuthenticationResult> callback)

The function will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception
void acquireTokenSilentAsync(String resource, String clientId, String userId, AuthenticationCallback<AuthenticationResult> callback)

The function will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception
void acquireTokenSilentAsync(String resource, String clientId, String userId, boolean forceRefresh, AuthenticationCallback<AuthenticationResult> callback)

The function will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception
void acquireTokenSilentAsyncWithAssertion(@NonNull final String assertion, @NonNull final String assertionType, final String resource, final String clientId, final String userId, AuthenticationCallback<AuthenticationResult> callback)

This function tries to acquire token silently. It will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. If both RT and AT are not present, then it will use the provided assertion and its type to acquire the same. This method will not show UI for the user. If prompt is needed, the method will return an exception
AuthenticationResult acquireTokenSilentSync(String resource, String clientId, String userId)

This is sync function. It will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception
AuthenticationResult acquireTokenSilentSync(String resource, String clientId, String userId, @Nullable String claims)

This is sync function. It will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception
AuthenticationResult acquireTokenSilentSync(String resource, String clientId, String userId, boolean forceRefresh)

This is sync function. It will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception
AuthenticationResult acquireTokenSilentSyncWithAssertion(@NonNull final String assertion, @NonNull final String assertionType, @NonNull final String resource, @NonNull final String clientId, @NonNull final String userId)

This function tries to acquire token silently. It will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. If both RT and AT are not present, then it will use the provided assertion and its type to acquire the same. This method will not show UI for the user. If prompt is needed, the method will return an exception
boolean cancelAuthenticationActivity(final int requestId)

Active authentication activity can be cancelled if it exists. It may not be cancelled if activity is not launched yet. RequestId is the hashcode of your AuthenticationCallback.
String getAuthority()

Gets authority that is used for this object of AuthenticationContext.
String getBrokerUser()

Gets username for current broker user.
UserInfo [] getBrokerUsers()

Gets user info from broker. This should not be called on main thread.
ITokenCacheStore getCache()

Returns referenced cache. You can use default cache, which uses SharedPreferencesFileManager and handles synchronization by itself.
List<String> getClientCapabilites()
boolean getExtendedLifetimeEnabled()

Gets if the ExtendedLifetime mode is enabled.
String getRedirectUriForBroker()

Get expected redirect Uri for your app to use in broker. You need to register this redirectUri in order to get token from Broker.
UUID getRequestCorrelationId()

Get the CorrelationId set by user.
boolean getValidateAuthority()
String getVersionName()

Version name for ADAL not for the app itself.
String mergeClaimsWithClientCapabilities(final String claims, final List<String> clientCapabilities)

Util method to merge 

Sample input claim :

{


  "userinfo": {

      "given_name": {"essential": true},

      "email": {"essential": true},

  },

  "id_token": {

      "auth_time": {"essential": true},

  }



}

Sample capabilities list : [CP1, CP2 CP3]

Output merged claims :

  {

      "userinfo": {

          "given_name": {

              "essential": true

          },

          "email": {

              "essential": true

          }

      },

      "id_token": {

          "auth_time": {

              "essential": true

          }

      },

      "access_token": {

          "xms_cc": {

              "values": ["CP1", "CP2"]

          }

      }

  }
*
void onActivityResult(final int requestCode, final int resultCode, final Intent data)

This method wraps the implementation for onActivityResult at the related Activity class. This method is called at UI thread.
void setClientCapabilites(List<String> clientCapabilites)
void setExtendedLifetimeEnabled(final boolean extendedLifetimeEnabled)

The client need to set the flag to true explicitly to enable the ExtendedLifetime mode The default value of flag is false. ADAL will return the stale token when ExtendedLifetime mode is enabled and the server is down
void setRequestCorrelationId(final UUID requestCorrelationId)

Set CorrelationId to requests.

Constructor Details

AuthenticationContext

public AuthenticationContext(@NonNull final Context appContext, @NonNull final String authority, @Nullable final ITokenCacheStore tokenCacheStore)

It will verify the authority and use the given cache. If cache is null, it will not use cache.

Parameters:

appContext -

Context

authority - Authority Url
tokenCacheStore - Cache ITokenCacheStore used to store tokens. Set to null if you don't want cache.

AuthenticationContext

public AuthenticationContext(@NonNull final Context appContext, @NonNull final String authority, final boolean validateAuthority)

Constructs context to use with known authority to get the token. It uses default cache that stores encrypted tokens.

Parameters:

appContext - It needs to have handle to the Context to use the SharedPreferencesFileManager as a Default cache storage. It does not need to be activity.
authority - Authority url to send code and token requests
validateAuthority - validate authority before sending token request

AuthenticationContext

public AuthenticationContext(@NonNull final Context appContext, @NonNull final String authority, final boolean validateAuthority, @Nullable final ITokenCacheStore tokenCacheStore)

Constructs context to use with known authority to get the token. It uses provided cache.

Parameters:

appContext -

Context

authority - Authority Url
validateAuthority - true/false for validation
tokenCacheStore - Set to null if you don't want cache.

Method Details

acquireToken

public void acquireToken(Activity activity, String resource, String clientId, @Nullable String redirectUri, @Nullable PromptBehavior prompt, @Nullable String extraQueryParameters, AuthenticationCallback callback)

acquireToken will start interactive flow if needed. It checks the cache to return existing result if not expired. It tries to use refresh token if available. If it fails to get token with refresh token, behavior will depend on options. If promptbehavior is AUTO, it will remove this refresh token from cache and fall back on the UI if activitycontext is not null. Default is AUTO.

Parameters:

activity - Calling activity
resource - required resource identifier.
clientId - required client identifier.
redirectUri - Optional. It will use packagename and provided suffix for this.
prompt - Optional. added as query parameter to authorization url
extraQueryParameters - Optional. added to authorization url
callback - required AuthenticationCallback<T> object for async call.

acquireToken

public void acquireToken(Activity activity, String resource, String clientId, @Nullable String redirectUri, @Nullable PromptBehavior prompt, AuthenticationCallback callback)

acquireToken will start interactive flow if needed. It checks the cache to return existing result if not expired. It tries to use refresh token if available. If it fails to get token with refresh token, behavior will depend on options. If PromptBehavior is AUTO, it will remove this refresh token from cache and fall back on the UI. Default is AUTO. if PromptBehavior is Always, it will display prompt screen.

Parameters:

activity - Calling activity
resource - required resource identifier.
clientId - required client identifier.
redirectUri - Optional. It will use packagename and provided suffix for this.
prompt - Optional. PromptBehavior added as query parameter to authorization url
callback - required AuthenticationCallback<T> object for async call.

acquireToken

public void acquireToken(Activity activity, String resource, String clientId, @Nullable String redirectUri, @Nullable String loginHint, @Nullable PromptBehavior prompt, @Nullable String extraQueryParameters, AuthenticationCallback callback)

acquireToken will start interactive flow if needed. It checks the cache to return existing result if not expired. It tries to use refresh token if available. If it fails to get token with refresh token, behavior will depend on options. If promptbehavior is AUTO, it will remove this refresh token from cache and fall back on the UI if activitycontext is not null. Default is AUTO.

Parameters:

activity - Calling activity
resource - required resource identifier.
clientId - required client identifier.
redirectUri - Optional. It will use packagename and provided suffix for this.
loginHint - Optional if validateAuthority == null. It is used for cache and as a loginhint at authentication.
prompt - Optional. added as query parameter to authorization url
extraQueryParameters - Optional. added to authorization url
callback - required AuthenticationCallback<T> object for async call.

acquireToken

public void acquireToken(Activity activity, String resource, String clientId, @Nullable String redirectUri, @Nullable String loginHint, @Nullable String extraQueryParameters, AuthenticationCallback callback)

acquireToken will start interactive flow if needed. It checks the cache to return existing result if not expired. It tries to use the refresh token if available. If it fails to get token with refresh token, it will remove this refresh token from cache and fall back on the UI.

Parameters:

activity - Calling activity
resource - required resource identifier.
clientId - required client identifier
redirectUri - Optional. It will use packagename and provided suffix for this.
loginHint - Optional if validateAuthority == null. This parameter will be used to pre-populate the username field in the authentication form. Please note that the end user can still edit the username field and authenticate as a different user.
extraQueryParameters - Optional. This parameter will be appended as is to the query string in the HTTP authentication request to the authority. The parameter can be null.
callback - required AuthenticationCallback<T> object for async call.

acquireToken

public void acquireToken(Activity activity, String resource, String clientId, @Nullable String redirectUri, @Nullable String loginHint, AuthenticationCallback callback)

acquireToken will start interactive flow if needed. It checks the cache to return existing result if not expired. It tries to use refresh token if available. If it fails to get token with refresh token, it will remove this refresh token from cache and start authentication.

Parameters:

activity - required to launch authentication activity.
resource - required resource identifier.
clientId - required client identifier
redirectUri - Optional. It will use package name info if not provided.
loginHint - login hint (optional if validateAuthority == false)
callback - required

acquireToken

public void acquireToken(final Activity activity, final String resource, final String clientId, @Nullable String redirectUri, @Nullable final String loginHint, @Nullable final PromptBehavior prompt, @Nullable String extraQueryParameters, @Nullable final String claims, final AuthenticationCallback callback)

acquireToken will start an interactive auth flow to acquire new tokens with the requested claims. Bypasses token cache if promptbehavior is not AUTO or claims are passed.

Parameters:

activity - Calling activity
resource - required resource identifier.
clientId - required client identifier.
redirectUri - Optional. It will use packagename and provided suffix for this.
loginHint - Optional if validateAuthority == null. It is used for cache and as a loginhint at authentication.
prompt - Optional. added as query parameter to authorization url
extraQueryParameters - Optional. added to authorization url
claims - Optional. The claims challenge returned from middle tier service, will be added as query string to authorize endpoint.
callback - required AuthenticationCallback<T> object for async call.

acquireToken

public void acquireToken(final IWindowComponent fragment, final String resource, final String clientId, @Nullable String redirectUri, @Nullable final String loginHint, @Nullable final PromptBehavior prompt, @Nullable String extraQueryParameters, @Nullable final String claims, final AuthenticationCallback callback)

acquireToken will start an interactive auth flow to acquire new tokens with the requested claims. Bypasses token cache if promptbehavior is not AUTO or claims are passed.

Parameters:

fragment - It accepts both type of fragments.
resource - required resource identifier.
clientId - required client identifier.
redirectUri - Optional. It will use packagename and provided suffix for this.
loginHint - Optional if validateAuthority == null. It is used for cache and as a loginhint at authentication.
prompt - Optional. added as query parameter to authorization url
extraQueryParameters - Optional. added to authorization url
claims - Optional. The claims challenge returned from middle tier service, will be added as query string to authorize endpoint.
callback - required AuthenticationCallback<T> object for async call.

acquireToken

public void acquireToken(final String resource, final String clientId, @Nullable String redirectUri, @Nullable final String loginHint, @Nullable final PromptBehavior prompt, @Nullable String extraQueryParameters, @Nullable final String claims, final AuthenticationCallback callback)

acquireToken will authorize an end user to call the specified resource. The access token returned from the STS will be sent to the AuthenticationCallback<T> and can be used to call the specified protected resource. Bypasses token cache if

Parameters:

resource - required resource identifier.
clientId - required client identifier.
redirectUri - Optional. It will use packagename and provided suffix for this.
loginHint - Optional if validateAuthority == null. It is used for cache and as a loginhint at authentication.
prompt - is not AUTO or claims are passed. This overload uses an [AlertDialog](https://developer.android.com/guide/topics/ui/dialogs) when user interaction is required. This overload does not support any flow requiring a [token broker](https://github.com/AzureAD/azure-activedirectory-library-for-android/wiki/Broker).
extraQueryParameters - Optional. added to authorization url
claims - Optional. The claims challenge returned from middle tier service, will be added as query string to authorize endpoint.
callback - required AuthenticationCallback<T> object for async call.

acquireToken

public void acquireToken(IWindowComponent fragment, String resource, String clientId, @Nullable String redirectUri, @Nullable String loginHint, @Nullable PromptBehavior prompt, @Nullable String extraQueryParameters, AuthenticationCallback callback)

It will start interactive flow if needed. It checks the cache to return existing result if not expired. It tries to use refresh token if available. If it fails to get token with refresh token, behavior will depend on options. If promptbehavior is AUTO, it will remove this refresh token from cache and fall back on the UI. Default is AUTO.

Parameters:

fragment - It accepts both type of fragments.
resource - required resource identifier.
clientId - required client identifier.
redirectUri - Optional. It will use packagename and provided suffix for this.
loginHint - Optional if validateAuthority == null. It is used for cache and as a loginhint at authentication.
prompt - Optional. added as query parameter to authorization url
extraQueryParameters - Optional. added to authorization url
callback - required AuthenticationCallback<T> object for async call.

acquireToken

public void acquireToken(String resource, String clientId, @Nullable String redirectUri, @Nullable String loginHint, @Nullable PromptBehavior prompt, @Nullable String extraQueryParameters, AuthenticationCallback callback)

acquireToken will authorize an end user to call the specified resource. The access token returned from the STS will be sent to the AuthenticationCallback<T> and can be used to call the specified protected resource. By default, acquireToken will attempt to fulfill the request silently, and perform an interactive login if needed or explicitly specified in the request. This overload uses an [AlertDialog](https://developer.android.com/guide/topics/ui/dialogs) when user interaction is required. This overload does not support any flow requiring a [token broker](https://github.com/AzureAD/azure-activedirectory-library-for-android/wiki/Broker).

Parameters:

resource - required resource identifier.
clientId - required client identifier.
redirectUri - Optional. It will use packagename and provided suffix for this.
loginHint - Optional if validateAuthority == null. It is used for cache and as a loginhint at authentication.
prompt - Optional. added as query parameter to authorization url
extraQueryParameters - Optional. added to authorization url
callback - required AuthenticationCallback<T> object for async call.

acquireTokenByRefreshToken

public void acquireTokenByRefreshToken(String refreshToken, String clientId, AuthenticationCallback callback)

acquire token using refresh token if cache is not used. Otherwise, use acquireToken to let the ADAL handle the cache lookup and refresh token request.

<xreftitle>Deprecated</xreftitle>

<xrefdescription>

  <p>

    <xref uid="" data-throw-if-not-resolved="false" data-raw-source="AuthenticationContext#acquireTokenByRefreshToken(String, String, AuthenticationCallback)"></xref> will be removed from the next major release. We don't recommend developers taking dependency on refresh token, ADAL will handle the cache lookup, and refresh the RT if necessary. </p>

</xrefdescription>

Parameters:

refreshToken - Required.
clientId - Required.
callback - Required

acquireTokenByRefreshToken

public void acquireTokenByRefreshToken(String refreshToken, String clientId, String resource, AuthenticationCallback callback)

acquire token using refresh token if cache is not used. Otherwise, use acquireToken to let the ADAL handle the cache lookup and refresh token request.

<xreftitle>Deprecated</xreftitle>

<xrefdescription>

  <p>

    <xref uid="" data-throw-if-not-resolved="false" data-raw-source="AuthenticationContext#acquireTokenByRefreshToken(String, String, AuthenticationCallback)"></xref> will be removed from the next major release. We don't recommend developers taking dependency on refresh token, ADAL will handle the cache lookup, and refresh the RT if necessary. </p>

</xrefdescription>

Parameters:

refreshToken - Required.
clientId - Required.
resource - Required resource identifier.
callback - Required

acquireTokenSilent

public Future acquireTokenSilent(String resource, String clientId, String userId, final AuthenticationCallback callback)

The function will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception

<xreftitle>Deprecated</xreftitle>

<xrefdescription>

  <p>Use the <xref uid="com.microsoft.aad.adal.AuthenticationContext.acquireTokenSilentAsync(String,String,String,AuthenticationCallback&lt;AuthenticationResult&gt;)" data-throw-if-not-resolved="false" data-raw-source="acquireTokenSilentAsync"></xref> method. </p>

</xrefdescription>

Parameters:

resource - required resource identifier.
clientId - required client identifier.
userId - UserId obtained from UserInfo inside AuthenticationResult
callback - required AuthenticationCallback<T> object for async call.

Returns:

A Future object representing the AuthenticationResult of the call. It contains Access Token,the Access Token's expiration time, Refresh token, and UserInfo.

acquireTokenSilentAsync

public void acquireTokenSilentAsync(String resource, String clientId, String userId, @Nullable String claims, AuthenticationCallback callback)

The function will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception

Parameters:

resource - required resource identifier.
clientId - required client identifier.
userId - UserId obtained from UserInfo inside AuthenticationResult
claims - Optional. The claims challenge returned from middle tier service, will be added as query string to authorize endpoint.
callback - required AuthenticationCallback<T> object for async call.

acquireTokenSilentAsync

public void acquireTokenSilentAsync(String resource, String clientId, String userId, AuthenticationCallback callback)

The function will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception

Parameters:

resource - required resource identifier.
clientId - required client identifier.
userId - UserId obtained from UserInfo inside AuthenticationResult
callback - required AuthenticationCallback<T> object for async call.

acquireTokenSilentAsync

public void acquireTokenSilentAsync(String resource, String clientId, String userId, boolean forceRefresh, AuthenticationCallback callback)

The function will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception

Parameters:

resource - required resource identifier.
clientId - required client identifier.
userId - UserId obtained from UserInfo inside AuthenticationResult
forceRefresh - when true, access token is renewed using broker if available; otherwise, uses local refresh token
callback - required AuthenticationCallback<T> object for async call.

acquireTokenSilentAsyncWithAssertion

public void acquireTokenSilentAsyncWithAssertion(@NonNull final String assertion, @NonNull final String assertionType, final String resource, final String clientId, final String userId, AuthenticationCallback callback)

This function tries to acquire token silently. It will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. If both RT and AT are not present, then it will use the provided assertion and its type to acquire the same. This method will not show UI for the user. If prompt is needed, the method will return an exception

Parameters:

assertion - the actual saml assertion
assertionType - version of saml assertion being used
resource - required resource identifier.
clientId - required client identifier.
userId - UserID obtained from AuthenticationResult
callback - required AuthenticationCallback<T> object for async call.

acquireTokenSilentSync

public AuthenticationResult acquireTokenSilentSync(String resource, String clientId, String userId)

This is sync function. It will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception

Parameters:

resource - required resource identifier.
clientId - required client identifier.
userId - UserID obtained from AuthenticationResult

Returns:

A Future object representing the AuthenticationResult of the call. It contains Access Token,the Access Token's expiration time, Refresh token, and UserInfo.

Throws:

AuthenticationException - If silent request fails to get the token back.
InterruptedException - If the main thread is interrupted before or during the activity.

acquireTokenSilentSync

public AuthenticationResult acquireTokenSilentSync(String resource, String clientId, String userId, @Nullable String claims)

This is sync function. It will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception

Parameters:

resource - required resource identifier.
clientId - required client identifier.
userId - UserID obtained from AuthenticationResult
claims - Optional. The claims challenge returned from middle tier service, will be added as query string to authorize endpoint.

Returns:

A Future object representing the AuthenticationResult of the call. It contains Access Token,the Access Token's expiration time, Refresh token, and UserInfo.

Throws:

AuthenticationException - If silent request fails to get the token back.
InterruptedException - If the main thread is interrupted before or during the activity.

acquireTokenSilentSync

public AuthenticationResult acquireTokenSilentSync(String resource, String clientId, String userId, boolean forceRefresh)

This is sync function. It will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. This method will not show UI for the user. If prompt is needed, the method will return an exception

Parameters:

resource - required resource identifier.
clientId - required client identifier.
userId - UserID obtained from AuthenticationResult
forceRefresh - when true, access token is renewed using broker if available; otherwise, uses local refresh token

Returns:

A Future object representing the AuthenticationResult of the call. It contains Access Token,the Access Token's expiration time, Refresh token, and UserInfo.

Throws:

AuthenticationException - If silent request fails to get the token back.
InterruptedException - If the main thread is interrupted before or during the activity.

acquireTokenSilentSyncWithAssertion

public AuthenticationResult acquireTokenSilentSyncWithAssertion(@NonNull final String assertion, @NonNull final String assertionType, @NonNull final String resource, @NonNull final String clientId, @NonNull final String userId)

This function tries to acquire token silently. It will first look at the cache and automatically checks for the token expiration. Additionally, if no suitable access token is found in the cache, but refresh token is available, the function will use the refresh token automatically. If both RT and AT are not present, then it will use the provided assertion and its type to acquire the same. This method will not show UI for the user. If prompt is needed, the method will return an exception

Parameters:

assertion - the actual saml assertion
assertionType - version of saml assertion being used
resource - required resource identifier.
clientId - required client identifier.
userId - UserID obtained from AuthenticationResult

Returns:

A Future object representing the AuthenticationResult of the call. It contains Access Token,the Access Token's expiration time, Refresh token, and UserInfo.

Throws:

AuthenticationException - If silent request fails to get the token back.
InterruptedException - If the main thread is interrupted before or during the activity.

cancelAuthenticationActivity

public boolean cancelAuthenticationActivity(final int requestId)

Active authentication activity can be cancelled if it exists. It may not be cancelled if activity is not launched yet. RequestId is the hashcode of your AuthenticationCallback.

Parameters:

requestId - Hash code value of your callback to cancel activity launch

Returns:

true: if there is a valid waiting request and cancel message sent successfully or if no waiting request exists. false: If the request could not be cancelled

Throws:

AuthenticationException - if failed to get the waiting request

getAuthority

public String getAuthority()

Gets authority that is used for this object of AuthenticationContext.

Returns:

Authority

getBrokerUser

public String getBrokerUser()

Gets username for current broker user.

Returns:

Username

getBrokerUsers

public UserInfo [] getBrokerUsers()

Gets user info from broker. This should not be called on main thread.

Returns:

An array of UserInfo that haven been authenticated via broker(can be null).

Throws:

IOException - if the broker returned an error response that indicates that it encountered an IOException while communicating with the authentication server.
AuthenticatorException - if there was an error communicating with the authenticator or if the authenticator returned an invalid response.
OperationCanceledException - if the request was canceled for any reason.

getCache

public ITokenCacheStore getCache()

Returns referenced cache. You can use default cache, which uses SharedPreferencesFileManager and handles synchronization by itself.

Returns:

ITokenCacheStore Current cache used

getClientCapabilites

public List getClientCapabilites()

getExtendedLifetimeEnabled

public boolean getExtendedLifetimeEnabled()

Gets if the ExtendedLifetime mode is enabled.

Returns:

True when ExtendedLifetime mode is enabled

getRedirectUriForBroker

public String getRedirectUriForBroker()

Get expected redirect Uri for your app to use in broker. You need to register this redirectUri in order to get token from Broker.

Returns:

RedirectUri string to use for broker requests.

getRequestCorrelationId

public UUID getRequestCorrelationId()

Get the CorrelationId set by user.

Returns:

UUID

getValidateAuthority

public boolean getValidateAuthority()

Returns:

True If developer turn on the authority validation, false otherwise.

getVersionName

public static String getVersionName()

Version name for ADAL not for the app itself.

Returns:

The current SDK version.

mergeClaimsWithClientCapabilities

public static String mergeClaimsWithClientCapabilities(final String claims, final List clientCapabilities)

Util method to merge 

Sample input claim :

{


  "userinfo": {

      "given_name": {"essential": true},

      "email": {"essential": true},

  },

  "id_token": {

      "auth_time": {"essential": true},

  }



}

Sample capabilities list : [CP1, CP2 CP3]

Output merged claims :

  {

      "userinfo": {

          "given_name": {

              "essential": true

          },

          "email": {

              "essential": true

          }

      },

      "id_token": {

          "auth_time": {

              "essential": true

          }

      },

      "access_token": {

          "xms_cc": {

              "values": ["CP1", "CP2"]

          }

      }

  }
*

Parameters:

claims - input claims passed on acquireToken call *
clientCapabilities

Returns:

merged claims with capabilities *

Throws:

JSONException - if input claims is an invalid JSON

onActivityResult

public void onActivityResult(final int requestCode, final int resultCode, final Intent data)

This method wraps the implementation for onActivityResult at the related Activity class. This method is called at UI thread.

Parameters:

requestCode - Request code provided at the start of the activity.
resultCode - Result code set from the activity.
data -

Intent

setClientCapabilites

public void setClientCapabilites(List clientCapabilites)

Parameters:

clientCapabilites

setExtendedLifetimeEnabled

public void setExtendedLifetimeEnabled(final boolean extendedLifetimeEnabled)

The client need to set the flag to true explicitly to enable the ExtendedLifetime mode The default value of flag is false. ADAL will return the stale token when ExtendedLifetime mode is enabled and the server is down

Parameters:

extendedLifetimeEnabled - true if the ExtendedLifetime mode is on, false otherwise

setRequestCorrelationId

public void setRequestCorrelationId(final UUID requestCorrelationId)

Set CorrelationId to requests.

Parameters:

requestCorrelationId - The correlation id UUID to be set in the request.

Applies to