ConfidentialClientApplication Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Class to be used for confidential client applications (web apps, web APIs, and daemon applications).
public sealed class ConfidentialClientApplication : Microsoft.Identity.Client.ClientApplicationBase, Microsoft.Identity.Client.IByRefreshToken, Microsoft.Identity.Client.IByUsernameAndPassword, Microsoft.Identity.Client.IConfidentialClientApplication, Microsoft.Identity.Client.ILongRunningWebApitype ConfidentialClientApplication = class
inherit ClientApplicationBase
interface IConfidentialClientApplication
interface IClientApplicationBase
interface IApplicationBase
interface IByRefreshToken
interface ILongRunningWebApi
interface IByUsernameAndPasswordPublic NotInheritable Class ConfidentialClientApplication
Inherits ClientApplicationBase
Implements IByRefreshToken, IByUsernameAndPassword, IConfidentialClientApplication, ILongRunningWebApi- Inheritance
- Implements
Remarks
Confidential client applications are typically applications which run on servers (web apps, web API, or even service/daemon applications). They are considered difficult to access, and therefore capable of keeping an application secret (hold configuration time secrets as these values would be difficult for end users to extract). A web app is the most common confidential client. The clientId is exposed through the web browser, but the secret is passed only in the back channel and never directly exposed. For details see https://aka.ms/msal-net-client-applications
Fields
| AttemptRegionDiscovery |
Instructs MSAL to try to auto discover the Azure region. |
Properties
| AppConfig |
Details on the configuration of the ClientApplication for debugging purposes. (Inherited from ClientApplicationBase) |
| AppTokenCache |
Application token cache. This case holds access tokens for the application. It's maintained and updated silently if needed when calling AcquireTokenForClient(IEnumerable<String>) |
| Authority |
Gets the URL of the authority, or security token service (STS) from which MSAL.NET will acquire security tokens
The return value of this property is either the value provided by the developer in the constructor of the application, or otherwise
the value of the Microsoft.Identity.Client.ApplicationBase.DefaultAuthority static member (that is |
| Certificate |
The certificate used to create this ConfidentialClientApplication, if any. |
| UserTokenCache |
User token cache. It holds access tokens, id tokens and refresh tokens for accounts. It's used
and updated silently if needed when calling AcquireTokenSilent(IEnumerable<String>, IAccount)
or one of the overrides of AcquireTokenSilent(IEnumerable<String>, IAccount).
It is updated by each AcquireTokenXXX method, with the exception of |
Methods
| AcquireTokenByAuthorizationCode(IEnumerable<String>, String) |
Acquires a security token from the authority configured in the app using the authorization code previously received from the STS. It uses the OAuth 2.0 authorization code flow (See https://aka.ms/msal-net-authorization-code). It's usually used in web apps (for instance ASP.NET / ASP.NET Core web apps) which sign-in users, and can request an authorization code. This method does not lookup the token cache, but stores the result in it, so it can be looked up using other methods such as AcquireTokenSilent(IEnumerable<String>, IAccount). |
| AcquireTokenForClient(IEnumerable<String>) |
Acquires a token from the authority configured in the app, for the confidential client itself (in the name of no user) using the client credentials flow. See https://aka.ms/msal-net-client-credentials. |
| AcquireTokenInLongRunningProcess(IEnumerable<String>, String) |
Retrieves an access token from the cache using the provided cache key that can be used to access another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow. See Long-running OBO in MSAL.NET. Use to stop the long running process and remove the associated tokens from the cache. |
| AcquireTokenOnBehalfOf(IEnumerable<String>, UserAssertion) |
Acquires an access token for this application (usually a Web API) from the authority configured in the application,
in order to access another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow.
See https://aka.ms/msal-net-on-behalf-of.
This confidential client application was itself called with a token which will be provided in the
|
| AcquireTokenSilent(IEnumerable<String>, IAccount) |
[V3 API] Attempts to acquire an access token for the |
| AcquireTokenSilent(IEnumerable<String>, String) |
[V3 API] Attempts to acquire an access token for the IAccount
having the Username match the given |
| GetAccountAsync(String, CancellationToken) |
Get the IAccount by its identifier among the accounts available in the token cache. (Inherited from ClientApplicationBase) |
| GetAccountAsync(String) |
Get the IAccount by its identifier among the accounts available in the token cache. (Inherited from ClientApplicationBase) |
| GetAccountsAsync() |
Returns all the available accounts in the user token cache for the application. (Inherited from ClientApplicationBase) |
| GetAccountsAsync(CancellationToken) |
Returns all the available accounts in the user token cache for the application. (Inherited from ClientApplicationBase) |
| GetAccountsAsync(String, CancellationToken) |
Get the IAccount collection by its identifier among the accounts available in the token cache, based on the user flow. This is for Azure AD B2C scenarios. (Inherited from ClientApplicationBase) |
| GetAccountsAsync(String) |
Get the IAccount collection by its identifier among the accounts available in the token cache, based on the user flow. This is for Azure AD B2C scenarios. (Inherited from ClientApplicationBase) |
| GetAuthorizationRequestUrl(IEnumerable<String>) |
Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in the user's name. The URL targets the /authorize endpoint of the authority configured in the application. This override enables you to specify a login hint and extra query parameter. |
| InitiateLongRunningProcessInWebApi(IEnumerable<String>, String, String) |
Acquires an access token for this web API from the authority configured in the application,
in order to access another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow.
See Long-running OBO in MSAL.NET.
Pass an access token (not an ID token) which was used to call this confidential client application in the
|
| RemoveAsync(IAccount, CancellationToken) |
Removes all tokens in the cache for the specified account. (Inherited from ClientApplicationBase) |
| RemoveAsync(IAccount) |
Removes all tokens in the cache for the specified account. (Inherited from ClientApplicationBase) |
| StopLongRunningProcessInWebApiAsync(String, CancellationToken) |
Stops an in-progress long-running on-behalf-of session by removing the tokens associated with the provided cache key. See Long-running OBO in MSAL.NET. |
Explicit Interface Implementations
| IByRefreshToken.AcquireTokenByRefreshToken(IEnumerable<String>, String) | |
| IByUsernameAndPassword.AcquireTokenByUsernamePassword(IEnumerable<String>, String, String) |
Acquires a token without user interaction using username and password authentication. This method does not look in the token cache, but stores the result in it. Before calling this method, use other methods such as AcquireTokenSilent(IEnumerable<String>, IAccount) to check the token cache. |
Extension Methods
| StopLongRunningProcessInWebApiAsync(ILongRunningWebApi, String, CancellationToken) |
Stops an in-progress long-running on-behalf-of session by removing the tokens associated with the provided cache key. See Long-running OBO in MSAL.NET. |
| GetCertificate(IConfidentialClientApplication) |
Returns the certificate used to create this ConfidentialClientApplication, if any. |