PoPAuthenticationConfiguration Class

Reference

Definition

Namespace:: Microsoft.Identity.Client.AppConfig

Assembly:: Microsoft.Identity.Client.dll

Package:: Microsoft.Identity.Client v4.60.3

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Details about the HTTP request and configuration properties used to construct a proof of possession request.

public class PoPAuthenticationConfiguration

type PoPAuthenticationConfiguration = class

Public Class PoPAuthenticationConfiguration

Inheritance: Object
PoPAuthenticationConfiguration

Remarks

POP tokens are signed by the process making the request. By default, MSAL will generate a key in memory. To use a hardware key or an external key, implement PopCryptoProvider.

Constructors

PoPAuthenticationConfiguration()	Creates a configuration using the default key management - an RSA key will be created in memory and rotated every 8h. Uses HttpMethod, HttpHost etc. to control which elements of the request should be included in the POP token.
PoPAuthenticationConfiguration(HttpRequestMessage)	Creates a configuration using the default key management, and which binds all the details of the HttpRequestMessage.
PoPAuthenticationConfiguration(Uri)	Creates a configuration using the default key management, and which binds only the Uri part of the HTTP request.

Properties

HttpHost	The URL host of the protected API. The "u" part of a signed HTTP request. This MAY include the port separated from the host by a colon in host:port format. Optional.
HttpMethod	The HTTP method ("GET", "POST" etc.) method that will be bound to the token. Leave null and the POP token will not be bound to the method. Corresponds to the "m" part of the a signed HTTP request. Optional.
HttpPath	The "p" part of the signed HTTP request.
Nonce	If the protected resource (RP) requires use of a special nonce, they will publish it as part of the WWWAuthenticate header associated with a 401 HTTP response or as part of the AuthorityInfo header associated with 200 response. Set it here to make it part of the Signed HTTP Request part of the POP token.
PopCryptoProvider	An extensibility point that allows developers to define their own key management. Leave `null` and MSAL will use a default implementation, which generates an RSA key pair in memory and refreshes it every 8 hours. Important note: if you want to change the key (e.g. rotate the key), you should create a new instance of this object, as MSAL.NET will keep a thumbprint of keys in memory.
SignHttpRequest	Allows app developers to bypass the creation of the SignedHttpRequest envelope by setting this property to false. App developers can use a package like Microsoft.IdentityModel.Protocols.SignedHttpRequest to later create and sign the envelope.

Applies to