IConfidentialClientApplication Interface

Reference

Definition

Namespace:: Microsoft.Identity.Client

Assembly:: Microsoft.Identity.Client.dll

Package:: Microsoft.Identity.Client v4.45.0

Package:: Microsoft.Identity.Client v4.46.0-preview2

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Component to be used with confidential client applications like web apps/API.

public interface IConfidentialClientApplication : Microsoft.Identity.Client.IClientApplicationBase

type IConfidentialClientApplication = interface
    interface IClientApplicationBase

Public Interface IConfidentialClientApplication
Implements IClientApplicationBase

Derived: Microsoft.Identity.Client.ConfidentialClientApplication

Implements: IClientApplicationBase

Properties

AppConfig	Details on the configuration of the ClientApplication for debugging purposes. (Inherited from IClientApplicationBase)
AppTokenCache	Application token cache. This case holds access tokens for the application. It's maintained and updated silently if needed when calling AcquireTokenForClient(IEnumerable<String>)
Authority	Gets the URL of the authority, or the security token service (STS) from which MSAL.NET will acquire security tokens. The return value of this property is either the value provided by the developer in the constructor of the application, or otherwise the value of the Authority static member (that is `https://login.microsoftonline.com/common/`) (Inherited from IClientApplicationBase)
UserTokenCache	User token cache. This case holds id tokens, access tokens and refresh tokens for accounts. It's used and updated silently if needed when calling AcquireTokenSilent(IEnumerable<String>, IAccount) It is updated by each AcquireTokenXXX method, with the exception of `AcquireTokenForClient` which only uses the application cache (see `IConfidentialClientApplication`). (Inherited from IClientApplicationBase)

Methods

AcquireTokenByAuthorizationCode(IEnumerable<String>, String)	[V3 API] Acquires a security token from the authority configured in the app using the authorization code previously received from the STS. It uses the OAuth 2.0 authorization code flow (See https://aka.ms/msal-net-authorization-code). It's usually used in web apps (for instance ASP.NET / ASP.NET Core web apps) which sign-in users, and can request an authorization code. This method does not lookup the token cache, but stores the result in it, so it can be looked up using other methods such as AcquireTokenSilent(IEnumerable<String>, IAccount).
AcquireTokenForClient(IEnumerable<String>)	[V3 API] Acquires a token from the authority configured in the app, for the confidential client itself (in the name of no user) using the client credentials flow. See https://aka.ms/msal-net-client-credentials.
AcquireTokenOnBehalfOf(IEnumerable<String>, UserAssertion)	[V3 API] Acquires an access token for this application (usually a web API) from the authority configured in the application, in order to access another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow. See https://aka.ms/msal-net-on-behalf-of. This confidential client application was itself called with a token which will be provided in the `userAssertion` parameter.
AcquireTokenSilent(IEnumerable<String>, IAccount)	Attempts to acquire an access token for the `account` from the user token cache, with advanced parameters controlling the network call. See https://aka.ms/msal-net-acquiretokensilent for more details (Inherited from IClientApplicationBase)
AcquireTokenSilent(IEnumerable<String>, String)	Attempts to acquire an access token for the `loginHint` from the user token cache, with advanced parameters controlling the network call. See https://aka.ms/msal-net-acquiretokensilent for more details (Inherited from IClientApplicationBase)
GetAccountAsync(String)	Get the IAccount by its identifier among the accounts available in the token cache and of the same environment (authority host) as Authority (Inherited from IClientApplicationBase)
GetAccountsAsync()	Returns all the available accounts in the user token cache for the application. (Inherited from IClientApplicationBase)
GetAccountsAsync(String)	Get the IAccount collection by its identifier among the accounts available in the token cache, based on the user flow. This is for Azure AD B2C scenarios. (Inherited from IClientApplicationBase)
GetAuthorizationRequestUrl(IEnumerable<String>)	[V3 API] Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in the user's name. The URL targets the /authorize endpoint of the authority configured in the application. This override enables you to specify a login hint and extra query parameter.
RemoveAsync(IAccount)	Removes all tokens in the cache for the specified account. (Inherited from IClientApplicationBase)

Extension Methods

GetCertificate(IConfidentialClientApplication)

Returns the certificate used to create this ConfidentialClientApplication, if any.

Applies to