Share via


ITokenAcquisition.GetAccessTokenForAppAsync Method

Definition

Overloads

GetAccessTokenForAppAsync(String, String, TokenAcquisitionOptions)

Acquires a token from the authority configured in the app, for the confidential client itself (not on behalf of a user) using the client credentials flow. See https://aka.ms/msal-net-client-credentials.

GetAccessTokenForAppAsync(String, String, String, TokenAcquisitionOptions)

Acquires a token from the authority configured in the app, for the confidential client itself (not on behalf of a user) using the client credentials flow. See https://aka.ms/msal-net-client-credentials.

GetAccessTokenForAppAsync(String, String, TokenAcquisitionOptions)

Acquires a token from the authority configured in the app, for the confidential client itself (not on behalf of a user) using the client credentials flow. See https://aka.ms/msal-net-client-credentials.

public virtual System.Threading.Tasks.Task<string> GetAccessTokenForAppAsync (string scope, string? tenant = default, Microsoft.Identity.Web.TokenAcquisitionOptions? tokenAcquisitionOptions = default);
abstract member GetAccessTokenForAppAsync : string * string * Microsoft.Identity.Web.TokenAcquisitionOptions -> System.Threading.Tasks.Task<string>
override this.GetAccessTokenForAppAsync : string * string * Microsoft.Identity.Web.TokenAcquisitionOptions -> System.Threading.Tasks.Task<string>
Public Overridable Function GetAccessTokenForAppAsync (scope As String, Optional tenant As String = Nothing, Optional tokenAcquisitionOptions As TokenAcquisitionOptions = Nothing) As Task(Of String)

Parameters

scope
String

The scope requested to access a protected API. For this flow (client credentials), the scope should be of the form "{ResourceIdUri/.default}" for instance https://management.azure.net/.default or, for Microsoft Graph, https://graph.microsoft.com/.default as the requested scopes are defined statically with the application registration in the portal, cannot be overridden in the application, as you can request a token for only one resource at a time (use several calls to get tokens for other resources).

tenant
String

Enables overriding of the tenant/account for the same identity. This is useful in the cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant.

tokenAcquisitionOptions
TokenAcquisitionOptions

Options passed-in to create the token acquisition object which calls into MSAL .NET.

Returns

An access token for the app itself, based on its scopes.

Applies to

GetAccessTokenForAppAsync(String, String, String, TokenAcquisitionOptions)

Acquires a token from the authority configured in the app, for the confidential client itself (not on behalf of a user) using the client credentials flow. See https://aka.ms/msal-net-client-credentials.

public System.Threading.Tasks.Task<string> GetAccessTokenForAppAsync (string scope, string? authenticationScheme, string? tenant = default, Microsoft.Identity.Web.TokenAcquisitionOptions? tokenAcquisitionOptions = default);
abstract member GetAccessTokenForAppAsync : string * string * string * Microsoft.Identity.Web.TokenAcquisitionOptions -> System.Threading.Tasks.Task<string>
Public Function GetAccessTokenForAppAsync (scope As String, authenticationScheme As String, Optional tenant As String = Nothing, Optional tokenAcquisitionOptions As TokenAcquisitionOptions = Nothing) As Task(Of String)

Parameters

scope
String

The scope requested to access a protected API. For this flow (client credentials), the scope should be of the form "{ResourceIdUri/.default}" for instance https://management.azure.net/.default or, for Microsoft Graph, https://graph.microsoft.com/.default as the requested scopes are defined statically with the application registration in the portal, cannot be overridden in the application, as you can request a token for only one resource at a time (use several calls to get tokens for other resources).

authenticationScheme
String

Authentication scheme. If null, will use OpenIdConnectDefault.AuthenticationScheme if called from a web app, and JwtBearerDefault.AuthenticationScheme if called from a web API.

tenant
String

Enables overriding of the tenant/account for the same identity. This is useful in the cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant.

tokenAcquisitionOptions
TokenAcquisitionOptions

Options passed-in to create the token acquisition object which calls into MSAL .NET.

Returns

An access token for the app itself, based on its scopes.

Applies to