ISingleAccountPublicClientApplication Interface

  • Reference
Package:
com.microsoft.identity.client

public interface ISingleAccountPublicClientApplication extends IPublicClientApplication

An interface that contains list of operations that are available when MSAL is in 'single account' mode.

  • In this mode, one account can be signed-in to the app.

  • If the user wants to acquire a token for another account, the previous account must be signed out first.

When the device is registered as 'shared', this will be the only available PublicClientApplication the app can obtain. The calling app has to support ISingleAccountPublicClientApplication if it is planning to support shared device mode.

In the shared device mode,

  • 'Sign-in' means that the user will be signed in to the device - not just this app.

  • Once an account is 'signed-in', every MSAL app on the device that support shared device mode will be able to retrieve this account, and use them to silently perform API calls.

  • 'Sign-out' means that user will be signed out from the device - every MSAL apps and the default browser.

Method Summary

Modifier and Type Method and Description
IAuthenticationResult acquireTokenSilent(@NonNull final String[] scopes, @NonNull final String authority)

Perform acquire token silent call. If there is a valid access token in the cache, the sdk will return the access token; If no valid access token exists, the sdk will try to find a refresh token and use the refresh token to get a new access token. If refresh token does not exist or it fails the refresh, exception will be sent back via callback.
void acquireTokenSilentAsync(@NonNull final String[] scopes, @NonNull final String authority, @NonNull final SilentAuthenticationCallback callback)

Perform acquire token silent call. If there is a valid access token in the cache, the sdk will return the access token; If no valid access token exists, the sdk will try to find a refresh token and use the refresh token to get a new access token. If refresh token does not exist or it fails the refresh, exception will be sent back via callback.
ICurrentAccountResult getCurrentAccount()

Gets the current account and notify if the current account changes. This method must be called whenever the application is resumed or prior to running a scheduled background operation.
void getCurrentAccountAsync(final CurrentAccountCallback callback)

Gets the current account and notify if the current account changes. This method must be called whenever the application is resumed or prior to running a scheduled background operation.
void signIn(@NonNull final Activity activity, @Nullable final String loginHint, @NonNull final String[] scopes, @NonNull final AuthenticationCallback callback)

Allows a user to sign in to your application with one of their accounts. This method may only be called once: once a user is signed in, they must first be signed out before another user may sign in. If you wish to prompt the existing user for credentials use signInAgain(Activity, String[], Prompt, AuthenticationCallback) or acquireToken(AcquireTokenParameters).

Note: The authority used to make the sign in request will be either the MSAL default: https://login.microsoftonline.com/common or the default authority specified by you in your configuration
void signIn(@NonNull final Activity activity, @Nullable final String loginHint, @NonNull final String[] scopes, @Nullable final Prompt prompt, @NonNull final AuthenticationCallback callback)

Allows a user to sign in to your application with one of their accounts. This method may only be called once: once a user is signed in, they must first be signed out before another user may sign in. If you wish to prompt the existing user for credentials use signInAgain(Activity, String[], Prompt, AuthenticationCallback) or acquireToken(AcquireTokenParameters).

Note: The authority used to make the sign in request will be either the MSAL default: https://login.microsoftonline.com/common or the default authority specified by you in your configuration
void signInAgain(@NonNull final Activity activity, @NonNull final String[] scopes, @Nullable final Prompt prompt, @NonNull final AuthenticationCallback callback)

Reauthorizes the current account according to the supplied scopes and prompt behavior.

Note: The authority used to make the sign in request will be either the MSAL default: https://login.microsoftonline.com/common or the default authority specified by you in your configuration.
boolean signOut()

Signs out the current the Account and Credentials (tokens). NOTE: If a device is marked as a shared device within broker signout will be device wide.
void signOut(@NonNull final SignOutCallback callback)

Signs out the current the Account and Credentials (tokens). NOTE: If a device is marked as a shared device within broker signout will be device wide.

Inherited Members

IPublicClientApplication.acquireToken(@NonNull final Activity activity, @NonNull final String[] scopes, @NonNull final AuthenticationCallback callback) IPublicClientApplication.acquireToken(@NonNull final AcquireTokenParameters acquireTokenParameters) IPublicClientApplication.acquireTokenSilent(@NonNull final AcquireTokenSilentParameters acquireTokenSilentParameters) IPublicClientApplication.acquireTokenSilentAsync(@NonNull final AcquireTokenSilentParameters acquireTokenSilentParameters) IPublicClientApplication.acquireTokenWithDeviceCode(@NonNull String[] scopes, @NonNull final DeviceCodeFlowCallback callback) IPublicClientApplication.generateSignedHttpRequest(@NonNull final IAccount account, @NonNull final PoPAuthenticationScheme popParameters) IPublicClientApplication.generateSignedHttpRequest(@NonNull final IAccount account, @NonNull final PoPAuthenticationScheme popParameters, @NonNull final SignedHttpRequestRequestCallback callback) IPublicClientApplication.getConfiguration() IPublicClientApplication.isSharedDevice()

Method Details

acquireTokenSilent

public IAuthenticationResult acquireTokenSilent(@NonNull final String[] scopes, @NonNull final String authority)

Perform acquire token silent call. If there is a valid access token in the cache, the sdk will return the access token; If no valid access token exists, the sdk will try to find a refresh token and use the refresh token to get a new access token. If refresh token does not exist or it fails the refresh, exception will be sent back via callback.

Parameters:

scopes - The non-null array of scopes to be requested for the access token. MSAL always sends the scopes 'openid profile offline_access'. Do not include any of these scopes in the scope parameter.
authority - Authority to issue the token.

acquireTokenSilentAsync

public void acquireTokenSilentAsync(@NonNull final String[] scopes, @NonNull final String authority, @NonNull final SilentAuthenticationCallback callback)

Perform acquire token silent call. If there is a valid access token in the cache, the sdk will return the access token; If no valid access token exists, the sdk will try to find a refresh token and use the refresh token to get a new access token. If refresh token does not exist or it fails the refresh, exception will be sent back via callback.

Parameters:

scopes - The non-null array of scopes to be requested for the access token. MSAL always sends the scopes 'openid profile offline_access'. Do not include any of these scopes in the scope parameter.
authority - Authority to issue the token.
callback -

SilentAuthenticationCallback that is used to send the result back. The success result will be sent back via onSuccess(final IAuthenticationResult authenticationResult). Failure case will be sent back via { onError(final MsalException exception)

getCurrentAccount

public ICurrentAccountResult getCurrentAccount()

Gets the current account and notify if the current account changes. This method must be called whenever the application is resumed or prior to running a scheduled background operation.

Returns:

CurrentAccountResult

getCurrentAccountAsync

public void getCurrentAccountAsync(final CurrentAccountCallback callback)

Gets the current account and notify if the current account changes. This method must be called whenever the application is resumed or prior to running a scheduled background operation.

Parameters:

callback - a callback to be invoked when the operation finishes.

signIn

public void signIn(@NonNull final Activity activity, @Nullable final String loginHint, @NonNull final String[] scopes, @NonNull final AuthenticationCallback callback)

Allows a user to sign in to your application with one of their accounts. This method may only be called once: once a user is signed in, they must first be signed out before another user may sign in. If you wish to prompt the existing user for credentials use signInAgain(Activity, String[], Prompt, AuthenticationCallback) or acquireToken(AcquireTokenParameters).

Note: The authority used to make the sign in request will be either the MSAL default: https://login.microsoftonline.com/common or the default authority specified by you in your configuration

Parameters:

activity - Non-null Activity that is used as the parent activity for launching the com.microsoft.identity.common.internal.providers.oauth2.AuthorizationActivity.
loginHint - Optional. If provided, will be used as the query parameter sent for authenticating the user, which will have the UPN pre-populated.
scopes - The non-null array of scopes to be consented to during sign in. MSAL always sends the scopes 'openid profile offline_access'. Do not include any of these scopes in the scope parameter. The access token returned is for MS Graph and will allow you to query for additional information about the signed in account.
callback -

AuthenticationCallback that is used to send the result back. The success result will be sent back via onSuccess(final IAuthenticationResult authenticationResult). Failure case will be sent back via { onError(final MsalException exception)

signIn

public void signIn(@NonNull final Activity activity, @Nullable final String loginHint, @NonNull final String[] scopes, @Nullable final Prompt prompt, @NonNull final AuthenticationCallback callback)

Allows a user to sign in to your application with one of their accounts. This method may only be called once: once a user is signed in, they must first be signed out before another user may sign in. If you wish to prompt the existing user for credentials use signInAgain(Activity, String[], Prompt, AuthenticationCallback) or acquireToken(AcquireTokenParameters).

Note: The authority used to make the sign in request will be either the MSAL default: https://login.microsoftonline.com/common or the default authority specified by you in your configuration

Parameters:

activity - Non-null Activity that is used as the parent activity for launching the com.microsoft.identity.common.internal.providers.oauth2.AuthorizationActivity.
loginHint - Optional. If provided, will be used as the query parameter sent for authenticating the user, which will have the UPN pre-populated.
scopes - The non-null array of scopes to be consented to during sign in. MSAL always sends the scopes 'openid profile offline_access'. Do not include any of these scopes in the scope parameter. The access token returned is for MS Graph and will allow you to query for additional information about the signed in account.
prompt
callback -

AuthenticationCallback that is used to send the result back. The success result will be sent back via onSuccess(final IAuthenticationResult authenticationResult). Failure case will be sent back via { onError(final MsalException exception)

signInAgain

public void signInAgain(@NonNull final Activity activity, @NonNull final String[] scopes, @Nullable final Prompt prompt, @NonNull final AuthenticationCallback callback)

Reauthorizes the current account according to the supplied scopes and prompt behavior.

Note: The authority used to make the sign in request will be either the MSAL default: https://login.microsoftonline.com/common or the default authority specified by you in your configuration.

Parameters:

activity - Non-null Activity that is used as the parent activity for launching the com.microsoft.identity.common.internal.providers.oauth2.AuthorizationActivity.
scopes - The non-null array of scopes to be consented to during sign in. MSAL always sends the scopes 'openid profile offline_access'. Do not include any of these scopes in the scope parameter. The access token returned is for MS Graph and will allow you to query for additional information about the signed in account.
prompt - Nullable. Indicates the type of user interaction that is required. If no argument is supplied the default behavior will be used.
callback -

AuthenticationCallback that is used to send the result back. The success result will be sent back via onSuccess(final IAuthenticationResult authenticationResult). Failure case will be sent back via onError(final MsalException exception).

signOut

public boolean signOut()

Signs out the current the Account and Credentials (tokens). NOTE: If a device is marked as a shared device within broker signout will be device wide.

Returns:

boolean indicating whether the account was removed successfully

signOut

public void signOut(@NonNull final SignOutCallback callback)

Signs out the current the Account and Credentials (tokens). NOTE: If a device is marked as a shared device within broker signout will be device wide.

Parameters:

callback - a callback to be invoked when the operation finishes.

Applies to