Share via

What is the difference between the "signIn()" and "acquireToken()" methods in MSAL?

Shreyas Rastogi 165 Reputation points
2024-09-16T15:46:55.1366667+00:00

Can someone explain the difference between the "signIn()" and "acquireToken()" methods in Microsoft Authentication Library (MSAL)? I am also curious about when to use "acquireTokenSilent()" versus "AcquireToken()" and if "signIn()" is necessary for signing in the user or if "acquireToken()" takes care of authentication for all apps.

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,065 questions
Microsoft Intune Android
Microsoft Intune Android
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Android: An open-source mobile platform based on the Linux kernel, developed by Google, and maintained by the Open Handset Alliance.
299 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,061 questions
Accepted answer
  1. James Hamil 24,921 Reputation points Microsoft Employee
    2024-09-16T15:55:35.72+00:00

    Hi @Shreyas Rastogi , the signIn() method is used to explicitly sign in a user. This method is necessary when you want to authenticate a user and establish a session. It involves user interaction, such as entering credentials, and is typically used when the user first accesses the application.

    The acquireToken() method is used to obtain an access token for accessing protected resources. This method can be called after the user has signed in. It can also involve user interaction if the token is not available in the cache or if additional authentication is required.

    When it comes to acquireTokenSilent() versus acquireToken(), the acquireTokenSilent() method is used to silently acquire a token without user interaction. It checks the token cache for a valid token and only makes a network request if the token is expired or not available. This method is useful for refreshing tokens in the background and ensuring a seamless user experience

    The acquireToken() method may involve user interaction if the token is not available in the cache or if additional authentication is required. This method is typically used when the application needs to obtain a new token and user interaction is acceptable

    signIn() is necessary for signing in the user and establishing an initial session, while acquireToken() is used to obtain access tokens for accessing protected resources. The acquireTokenSilent() method is used to silently refresh tokens without user interaction.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.