AcquireTokenSilentParameterBuilder.WithProofOfPossession Method

  • Reference

Definition

Namespace:
Microsoft.Identity.Client
Assembly:
Microsoft.Identity.Client.dll
Package:
Microsoft.Identity.Client v4.60.3

Overloads

WithProofOfPossession(PoPAuthenticationConfiguration)

Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token. PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows. See https://aka.ms/msal-net-pop
WithProofOfPossession(String, HttpMethod, Uri)

Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token. PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows. Note that only the host and path parts of the request URI will be bound. See https://aka.ms/msal-net-pop

WithProofOfPossession(PoPAuthenticationConfiguration)

Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token. PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows. See https://aka.ms/msal-net-pop

public Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder WithProofOfPossession (Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration popAuthenticationConfiguration);
member this.WithProofOfPossession : Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration -> Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder
Public Function WithProofOfPossession (popAuthenticationConfiguration As PoPAuthenticationConfiguration) As AcquireTokenSilentParameterBuilder

Parameters

popAuthenticationConfiguration
PoPAuthenticationConfiguration

Configuration properties used to construct a Proof-of-Possession request.

Returns

AcquireTokenSilentParameterBuilder

Remarks

  • An Authentication header is automatically added to the request.
  • The PoP token is bound to the HTTP request, more specifically to the HTTP method (GET, POST, etc.) and to the Uri (path and query, but not query parameters).
  • MSAL creates, reads and stores a key in memory that will be cycled every 8 hours.
  • This is an experimental API. The method signature may change in the future without involving a major version upgrade.

Applies to

WithProofOfPossession(String, HttpMethod, Uri)

Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token. PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows. Note that only the host and path parts of the request URI will be bound. See https://aka.ms/msal-net-pop

public Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder WithProofOfPossession (string nonce, System.Net.Http.HttpMethod httpMethod, Uri requestUri);
member this.WithProofOfPossession : string * System.Net.Http.HttpMethod * Uri -> Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder
Public Function WithProofOfPossession (nonce As String, httpMethod As HttpMethod, requestUri As Uri) As AcquireTokenSilentParameterBuilder

Parameters

nonce
String

Nonce of the protected resource (RP) which will be published as part of the WWWAuthenticate header associated with a 401 HTTP response or as part of the AuthorityInfo header associated with 200 response. Set it here to make it part of the Signed HTTP Request part of the POP token.

httpMethod
HttpMethod

The HTTP method ("GET", "POST" etc.) method that will be bound to the token. If set to null, the PoP token will not be bound to the method. Corresponds to the "m" part of the a signed HTTP request.

requestUri
Uri

The URI to bind the signed HTTP request to.

Returns

AcquireTokenSilentParameterBuilder

The builder.

Remarks

  • An Authentication header is automatically added to the request.
  • The PoP token is bound to the HTTP request, more specifically to the HTTP method (GET, POST, etc.) and to the Uri (path and query, but not query parameters).
  • MSAL creates, reads and stores a key in memory that will be cycled every 8 hours.
  • On confidential clients, this is an experimental API. The method signature may change in the future without involving a major version upgrade.
  • Broker is required to use Proof-of-Possession on public clients.

Applies to