Share via


ConfidentialClientApplicationOptions Class

Definition

Configuration options for a confidential client application (web app / web API / daemon app). See https://aka.ms/msal-net/application-configuration

public class ConfidentialClientApplicationOptions : Microsoft.Identity.Client.ApplicationOptions
type ConfidentialClientApplicationOptions = class
    inherit ApplicationOptions
Public Class ConfidentialClientApplicationOptions
Inherits ApplicationOptions
Inheritance
ConfidentialClientApplicationOptions

Constructors

ConfidentialClientApplicationOptions()

Properties

AadAuthorityAudience

Sign-in audience. This property is mutually exclusive with TenantId. If both are provided, an exception will be thrown.

(Inherited from ApplicationOptions)
AzureCloudInstance

Specific instance in the case of Azure Active Directory. It allows users to use the enum instead of the explicit URL. This property is mutually exclusive with Instance. If both are provided, an exception will be thrown.

(Inherited from ApplicationOptions)
AzureRegion

Instructs MSAL.NET to use an Azure regional token service. This setting should be set to either the string with the region (preferred) or to "TryAutoDetect" and MSAL.NET will attempt to auto-detect the region.

ClientCapabilities

Microsoft Identity specific OIDC extension that allows resource challenges to be resolved without interaction. Allows configuration of one or more client capabilities, e.g. "llt"

(Inherited from ApplicationOptions)
ClientId

Client ID (also known as App ID) of the application as registered in the application registration portal (https://aka.ms/msal-net-register-app)

(Inherited from ApplicationOptions)
ClientName

The name of the calling application for telemetry purposes.

(Inherited from ApplicationOptions)
ClientSecret

Client secret for the confidential client application. This secret (application password) is provided by the application registration portal, or provided to Azure AD during the application registration with PowerShell AzureAD, PowerShell AzureRM, or Azure CLI.

ClientVersion

The version of the calling application for telemetry purposes.

(Inherited from ApplicationOptions)
EnableCacheSynchronization

When set to true, MSAL will lock cache access at the ConfidentialClientApplication level, i.e. the block of code between BeforeAccessAsync and AfterAccessAsync callbacks will be synchronized. Apps can set this flag to false to enable an optimistic cache locking strategy, which may result in better performance at the cost of cache consistency. Setting this flag to false is only recommended for apps which create a new ConfidentialClientApplication per request.

EnablePiiLogging

Flag to enable/disable logging of Personally Identifiable Information (PII). PII logs are never written to default outputs like Console, Logcat or NSLog Default is set to false, which ensures that your application is compliant with GDPR. You can set it to true for advanced debugging requiring PII. See https://aka.ms/msal-net-logging

(Inherited from BaseApplicationOptions)
Instance

STS instance (for instance https://login.microsoftonline.com for the Azure public cloud). The name was chosen to ensure compatibility with AzureAdOptions in ASP.NET Core. This property is mutually exclusive with AzureCloudInstance. If both are provided, an exception will be thrown.

(Inherited from ApplicationOptions)
IsDefaultPlatformLoggingEnabled

Flag to enable/disable logging to platform defaults. In Desktop, Event Tracing is used. In iOS, NSLog is used. In Android, logcat is used. The default value is false. See https://aka.ms/msal-net-logging

(Inherited from BaseApplicationOptions)
KerberosServicePrincipalName

Service principal name for Kerberos Service Ticket.

(Inherited from ApplicationOptions)
LegacyCacheCompatibilityEnabled

Enables legacy ADAL cache serialization and deserialization.

(Inherited from ApplicationOptions)
LogLevel

Enables you to configure the level of logging you want. The default value is Info. Setting it to Error will only get errors Setting it to Warning will get errors and warning, etc.. See https://aka.ms/msal-net-logging

(Inherited from BaseApplicationOptions)
RedirectUri

This redirect URI needs to be registered in the app registration. See https://aka.ms/msal-net-register-app for details on which redirect URIs are defined by default by MSAL.NET and how to register them. Also use: WithDefaultRedirectUri() which provides a good default for public client applications for all platforms.

For web apps and web APIs, the redirect URI is computed from the URL where the application is running (for instance, baseUrl//signin-oidc for ASP.NET Core web apps).

For daemon applications (confidential client applications using only the Client Credential flow that is calling AcquireTokenForClient), no reply URI is needed.

(Inherited from ApplicationOptions)
TenantId

Tenant from which the application will allow users to sign it. This can be: a domain associated with a tenant, a GUID (tenant id), or a meta-tenant (e.g. consumers). This property is mutually exclusive with AadAuthorityAudience. If both are provided, an exception will be thrown.

(Inherited from ApplicationOptions)
TicketContainer

Kerberos Service Ticket container to be used.

(Inherited from ApplicationOptions)

Applies to