PublicClientApplication Class

Package:

com.microsoft.identity.client

• java.lang.Object
• • IPublicClientApplication
  • • com.microsoft.identity.client.PublicClientApplication

public class PublicClientApplication implements IPublicClientApplication,ITokenShare

This is the entry point for developer to create public native applications and make API calls to acquire tokens.

Client ID: The clientID of your application is a unique identifier which can be obtained from the app registration portal.

AuthorityMetadata: A URL indicating a directory that MSAL can use to obtain tokens. In Azure AD it is of the form https://<[nstance]/[tenant], where [instance] is the directory host (e.g. https://login.microsoftonline.com) and [tenant] is an identifier within the directory itself (e.g. a domain associated to the tenant, such as contoso.onmicrosoft.com, or the GUID representing the TenantID property of the directory)

For B2C, it is of the form https://[instance]/tfp/[tenant]/[policy] where instance and tenant are same as Azure AD, and [policy] is a string like signup

MSAL PublicClientApplication provides three constructors allowing the client id to be set either via AndroidManifest.xml metadata or using constructor parameters. Similarly, if developer chooses not to use the default authority https://login.microsoftonline.com, an alternate can also be configured using the manifest, constructor parameters, or in acquire token calls.

Redirect is auto-generated in the library in the format of msal<client-id>://auth, and it cannot be overridden.

Developer MUST have BrowserTabActivity declared in their manifest, which must have the correct intent-filter configured. If the wrong scheme and host is provided, the sdk will fail the PublicClientApplication creation.

Expected format will be:

<activity
android:name="com.microsoft.identity.client.BrowserTabActivity"&gt;

&lt;intent-filter&gt;

    &lt;action android:name="android.intent.action.VIEW" /&gt;

    &lt;category android:name="android.intent.category.DEFAULT" /&gt;

    &lt;category android:name="android.intent.category.BROWSABLE" /&gt;

    &lt;data android:scheme="msal&amp;lt;AppClientId&amp;gt;"

         android:host="auth" /&gt;

&lt;/intent-filter&gt;

</activity>

Other Terminology:

Scopes:Permissions that the developers wants included in the access token received . Not all scopes are guaranteed to be included in the access token returned.

Login Hint: Usually an email, to pass to the service at the beginning of the interactive authentication flow.

Extra Scopes to Consent: Permissions you want the user to consent to in the same authentication flow, but won't be included in the returned access token.

Field Summary

Modifier and Type	Field and Description
PublicClientApplication.AccountMatcher	homeAccountMatcher
PublicClientApplication.AccountMatcher	localAccountMatcher
PublicClientApplicationConfiguration	mPublicClientConfiguration
TokenShareUtility	mTokenShareUtility
PublicClientApplication.AccountMatcher	usernameMatcher

Constructor Summary

Constructor	Description
PublicClientApplication(@NonNull final PublicClientApplicationConfiguration configFile)

Method Summary

Modifier and Type	Method and Description
void	acquireToken(@NonNull final AcquireTokenParameters acquireTokenParameters) Acquire token interactively, will pop-up webUI. Interactive flow will skip the cache lookup. Default value for Prompt is SELECT_ACCOUNT. Convey parameters via the AquireTokenParameters object
void	acquireToken(@NonNull final Activity activity, @NonNull final String[] scopes, @NonNull final AuthenticationCallback callback) Acquire token interactively, will pop-up webUI. Interactive flow will skip the cache lookup. Default value for Prompt is SELECT_ACCOUNT.
IAuthenticationResult	acquireTokenSilent( @NonNull final AcquireTokenSilentParameters acquireTokenSilentParameters) Perform acquire token silent call. If there is a valid access token in the cache, the sdk will return the access token; If no valid access token exists, the sdk will try to find a refresh token and use the refresh token to get a new access token. If refresh token does not exist or it fails the refresh, exception will be sent back via callback.
void	acquireTokenSilentAsync( @NonNull final AcquireTokenSilentParameters acquireTokenSilentParameters) Perform acquire token silent call. If there is a valid access token in the cache, the sdk will return the access token; If no valid access token exists, the sdk will try to find a refresh token and use the refresh token to get a new access token. If refresh token does not exist or it fails the refresh, exception will be sent back via callback.
void	acquireTokenWithDeviceCode(@Nullable String[] scopes, @NonNull final DeviceCodeFlowCallback callback)
AcquireTokenSilentParameters	buildAcquireTokenSilentParameters(@NonNull final String[] scopes, @NonNull final IAccount account, @NonNull final String authority, final boolean forceRefresh, @Nullable final ClaimsRequest claimsRequest, @NonNull final SilentAuthenticationCallback callback)
void	create(@NonNull final Context context, @NonNull final File configFile, @NonNull final ApplicationCreatedListener listener) PublicClientApplication#create(Context, File, ApplicationCreatedListener) will read the client id and other configuration settings from the specified file. Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs. For more information on the schema of the MSAL configuration file, please see Android app resource overview and MSAL Github Wiki
void	create(@NonNull final Context context, @NonNull final String clientId, @Nullable final String authority, @NonNull final String redirectUri, @NonNull final ApplicationCreatedListener listener) PublicClientApplication#create(Context, String, String, ApplicationCreatedListener) allows the client id and authority to be passed instead of providing them through metadata. Note: The Context should be the application context instead of an running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs.
IPublicClientApplication	create(@NonNull final Context context, final int configFileResourceId) PublicClientApplication#create(Context, int, ApplicationCreatedListener) will read the client id and other configuration settings from the file included in your application's resources. Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs. For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki
void	create(@NonNull final Context context, final int configFileResourceId, @NonNull final ApplicationCreatedListener listener) PublicClientApplication#create(Context, int, ApplicationCreatedListener) will read the client id and other configuration settings from the file included in your application resources. Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs. For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki
IMultipleAccountPublicClientApplication	createMultipleAccountPublicClientApplication(@NonNull final Context context, @NonNull final File configFile) PublicClientApplication#createMultipleAccountPublicClientApplication(Context, File) will read the client id and other configuration settings from the file included in your application resources. This function will pass back an MsalClientException object if it is unable to return IMultipleAccountPublicClientApplication. For example, when the device is marked as 'shared' (isSharedDevice() is set to true) Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs. For more information on the schema of the MSAL configuration file, please see Android app resource overview and MSAL Github Wiki
void	createMultipleAccountPublicClientApplication(@NonNull final Context context, @NonNull final File configFile, @NonNull final IMultipleAccountApplicationCreatedListener listener) PublicClientApplication#createMultipleAccountPublicClientApplication(Context, File, IMultipleAccountApplicationCreatedListener) will read the client id and other configuration settings from the file included in your application resources. This function will pass back an MsalClientException object if it is unable to return IMultipleAccountPublicClientApplication. For example, when the device is marked as 'shared' (isSharedDevice() is set to true) Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs. For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki
IMultipleAccountPublicClientApplication	createMultipleAccountPublicClientApplication(@NonNull final Context context, @NonNull final int configFileResourceId) PublicClientApplication#createMultipleAccountPublicClientApplication(Context, int) will read the client id and other configuration settings from the file included in your application's resources. This function will pass back an MsalClientException object if it is unable to return IMultipleAccountPublicClientApplication. For example, when the device is marked as 'shared' (isSharedDevice() is set to true) Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs. For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki
void	createMultipleAccountPublicClientApplication(@NonNull final Context context, final int configFileResourceId, @NonNull final IMultipleAccountApplicationCreatedListener listener) PublicClientApplication#createMultipleAccountPublicClientApplication(Context, int, IMultipleAccountApplicationCreatedListener) will read the client id and other configuration settings from the file included in your application's resources. This function will pass back an MsalClientException object if it is unable to return IMultipleAccountPublicClientApplication. For example, when the device is marked as 'shared' (isSharedDevice() is set to true) Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs. For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki
void	createSingleAccountPublicClientApplication(@NonNull final Context context, @NonNull final File configFile, @NonNull final ISingleAccountApplicationCreatedListener listener) PublicClientApplication#createSingleAccountPublicClientApplication(Context, int, ISingleAccountApplicationCreatedListener) will read the client id and other configuration settings from the file included in your application resources. This function will pass back an MsalClientException object if it is unable to return ISingleAccountApplicationCreatedListener. For example, AccountMode in configuration is not set to single. Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs. For more information on the schema of the MSAL configuration file, please see Android app resource overview and MSAL Github Wiki
ISingleAccountPublicClientApplication	createSingleAccountPublicClientApplication( @NonNull final Context context, @Nullable final File configFile) PublicClientApplication#createSingleAccountPublicClientApplication(Context, int) will read the client id and other configuration settings from the file included in your applications resources. This function will pass back an MsalClientException object if it is unable to return ISingleAccountApplicationCreatedListener. For example, AccountMode in configuration is not set to single. Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs. For more information on the schema of the MSAL configuration file, please see Android app resource overview and MSAL Github Wiki
ISingleAccountPublicClientApplication	createSingleAccountPublicClientApplication( @NonNull final Context context, final int configFileResourceId) PublicClientApplication#createSingleAccountPublicClientApplication(Context, int) will read the client id and other configuration settings from the file included in your application's resources. This function will pass back an MsalClientException object if it is unable to return ISingleAccountApplicationCreatedListener. For example, AccountMode in configuration is not set to single. Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs. For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki
void	createSingleAccountPublicClientApplication(@NonNull final Context context, final int configFileResourceId, @NonNull final ISingleAccountApplicationCreatedListener listener) PublicClientApplication#createSingleAccountPublicClientApplication(Context, int, ISingleAccountApplicationCreatedListener) will read the client id and other configuration settings from the file included in your application's resources. This function will pass back an MsalClientException object if it is unable to return ISingleAccountApplicationCreatedListener. For example, AccountMode in configuration is not set to single. Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs. For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki
String	generateSignedHttpRequest(@NonNull final IAccount account, @NonNull final PoPAuthenticationScheme popParameters) Signs the provided PoPAuthenticationScheme parameters into a JWT on behalf of the provided IAccount. Important: Use of this API requires setting the minimum_required_broker_protocol_version to "6.0" or higher.
void	generateSignedHttpRequest(@NonNull final IAccount account, @NonNull final PoPAuthenticationScheme popParameters, @NonNull final SignedHttpRequestRequestCallback callback) Signs the provided PoPAuthenticationScheme parameters into a JWT on behalf of the provided IAccount. Important: Use of this API requires setting the minimum_required_broker_protocol_version to "6.0" or higher.
CommandCallback	getCommandCallback( @NonNull final SilentAuthenticationCallback authenticationCallback, @NonNull final TokenParameters tokenParameters)
PublicClientApplicationConfiguration	getConfiguration() Returns the PublicClientConfiguration for this instance of PublicClientApplication.
String	getMsaFamilyRefreshToken(@NonNull final String identifier)
TokenShareResult	getMsaFamilyRefreshTokenWithMetadata(@NonNull final String identifier)
String	getOrgIdFamilyRefreshToken(@NonNull final String identifier)
TokenShareResult	getOrgIdFamilyRefreshTokenWithMetadata(@NonNull final String identifier)
String	getSdkVersion()
boolean	isSharedDevice() Returns whether the application is being run on a device that is marked as a shared. Only SingleAccountPublicClientApplications may be used on shared devices
void	postAuthResult(@NonNull final ILocalAuthenticationResult localAuthenticationResult, @NonNull final TokenParameters requestParameters, @NonNull final SilentAuthenticationCallback authenticationCallback) Helper method to post authentication result.
void	saveMsaFamilyRefreshToken(@NonNull final String refreshToken)
void	saveOrgIdFamilyRefreshToken(@NonNull final String ssoStateSerializerBlob)
void	showExpectedMsalRedirectUriInfo(Activity activity) Presents an activity that includes the package name, signature, redirect URI and manifest entry required for your application
void	validateAcquireTokenParameters(AcquireTokenParameters parameters)
void	validateAcquireTokenSilentParameters(AcquireTokenSilentParameters parameters)

Inherited Members

IPublicClientApplication.acquireTokenWithDeviceCode(@NonNull String[] scopes, @NonNull final DeviceCodeFlowCallback callback) ITokenShare.getMsaFamilyRefreshToken(String identifier) ITokenShare.getMsaFamilyRefreshTokenWithMetadata(String identifier) ITokenShare.getOrgIdFamilyRefreshToken(String identifier) ITokenShare.getOrgIdFamilyRefreshTokenWithMetadata(String identifier) ITokenShare.saveMsaFamilyRefreshToken(String refreshToken) ITokenShare.saveOrgIdFamilyRefreshToken(String ssoStateSerializerBlob)

Field Details

homeAccountMatcher

protected AccountMatcher homeAccountMatcher= new AccountMatcher() { @Override boolean matches(@NonNull final String homeAccountId, @NonNull final IAccount account) { return homeAccountId.contains(account.getId()); } }

localAccountMatcher

protected AccountMatcher localAccountMatcher= new AccountMatcher() { @Override boolean matches(@NonNull final String localAccountId, @NonNull final IAccount account) { if (localAccountId.contains(account.getId())) { return true; } else if (account instanceof MultiTenantAccount) { final MultiTenantAccount multiTenantAccount = (MultiTenantAccount) account; final Map tenantProfiles = multiTenantAccount.getTenantProfiles(); if (null != tenantProfiles && !tenantProfiles.isEmpty()) { for (final Map.Entry profileEntry : tenantProfiles.entrySet()) { if (!TextUtils.isEmpty(profileEntry.getValue().getId()) && localAccountId.contains(profileEntry.getValue().getId())) { return true; } } } } return false; } }

mPublicClientConfiguration

protected PublicClientApplicationConfiguration mPublicClientConfiguration

mTokenShareUtility

protected TokenShareUtility mTokenShareUtility

usernameMatcher

protected AccountMatcher usernameMatcher

Constructor Details

PublicClientApplication

protected PublicClientApplication(@NonNull final PublicClientApplicationConfiguration configFile)

Parameters:

configFile

Method Details

acquireToken

public void acquireToken(@NonNull final AcquireTokenParameters acquireTokenParameters)

Acquire token interactively, will pop-up webUI. Interactive flow will skip the cache lookup. Default value for Prompt is SELECT_ACCOUNT.

Convey parameters via the AquireTokenParameters object

Overrides:

PublicClientApplication.acquireToken(@NonNull final AcquireTokenParameters acquireTokenParameters)

Parameters:

acquireTokenParameters

acquireToken

public void acquireToken(@NonNull final Activity activity, @NonNull final String[] scopes, @NonNull final AuthenticationCallback callback)

Acquire token interactively, will pop-up webUI. Interactive flow will skip the cache lookup. Default value for Prompt is SELECT_ACCOUNT.

Overrides:

PublicClientApplication.acquireToken(@NonNull final Activity activity, @NonNull final String[] scopes, @NonNull final AuthenticationCallback callback)

Parameters:

activity - Non-null Activity that is used as the parent activity for launching the com.microsoft.identity.common.internal.providers.oauth2.AuthorizationActivity.

scopes - The non-null array of scopes to be requested for the access token. MSAL always sends the scopes 'openid profile offline_access'. Do not include any of these scopes in the scope parameter.

callback - The AuthenticationCallback to receive the result back. 1) If user cancels the flow by pressing the device back button, the result will be sent back via onCancel(). 2) If the sdk successfully receives the token back, result will be sent back via onSuccess(final IAuthenticationResult authenticationResult) 3) All the other errors will be sent back via onError(final MsalException exception).

acquireTokenSilent

public IAuthenticationResult acquireTokenSilent( @NonNull final AcquireTokenSilentParameters acquireTokenSilentParameters)

Perform acquire token silent call. If there is a valid access token in the cache, the sdk will return the access token; If no valid access token exists, the sdk will try to find a refresh token and use the refresh token to get a new access token. If refresh token does not exist or it fails the refresh, exception will be sent back via callback.

Overrides:

PublicClientApplication.acquireTokenSilent( @NonNull final AcquireTokenSilentParameters acquireTokenSilentParameters)

Parameters:

acquireTokenSilentParameters

acquireTokenSilentAsync

public void acquireTokenSilentAsync( @NonNull final AcquireTokenSilentParameters acquireTokenSilentParameters)

Perform acquire token silent call. If there is a valid access token in the cache, the sdk will return the access token; If no valid access token exists, the sdk will try to find a refresh token and use the refresh token to get a new access token. If refresh token does not exist or it fails the refresh, exception will be sent back via callback.

Overrides:

PublicClientApplication.acquireTokenSilentAsync( @NonNull final AcquireTokenSilentParameters acquireTokenSilentParameters)

Parameters:

acquireTokenSilentParameters

acquireTokenWithDeviceCode

public void acquireTokenWithDeviceCode(@Nullable String[] scopes, @NonNull final DeviceCodeFlowCallback callback)

Parameters:

scopes

callback

buildAcquireTokenSilentParameters

protected AcquireTokenSilentParameters buildAcquireTokenSilentParameters(@NonNull final String[] scopes, @NonNull final IAccount account, @NonNull final String authority, final boolean forceRefresh, @Nullable final ClaimsRequest claimsRequest, @NonNull final SilentAuthenticationCallback callback)

Parameters:

scopes

account

authority

forceRefresh

claimsRequest

callback

create

public static void create(@NonNull final Context context, @NonNull final File configFile, @NonNull final ApplicationCreatedListener listener)

PublicClientApplication#create(Context, File, ApplicationCreatedListener) will read the client id and other configuration settings from the specified file.

Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs.

For more information on the schema of the MSAL configuration file, please see Android app resource overview and MSAL Github Wiki

Parameters:

context - Application's Context. The sdk requires the application context to be passed in PublicClientApplication. Cannot be null.

configFile - The file containing the JSON configuration for the PublicClientApplication. Cannot be null.

listener - a callback to be invoked when the object is successfully created. Cannot be null.

create

public static void create(@NonNull final Context context, @NonNull final String clientId, @Nullable final String authority, @NonNull final String redirectUri, @NonNull final ApplicationCreatedListener listener)

PublicClientApplication#create(Context, String, String, ApplicationCreatedListener) allows the client id and authority to be passed instead of providing them through metadata.

Note: The Context should be the application context instead of an running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs.

Parameters:

context - Application's Context. The sdk requires the application context to be passed in PublicClientApplication. Cannot be null.

clientId - The application client id. Cannot be null.

authority - The default authority to be used for the authority. If this is null, the default authority will be used.

redirectUri - The redirect URI of the application.

listener - a callback to be invoked when the object is successfully created. Cannot be null.

create

public static IPublicClientApplication create(@NonNull final Context context, final int configFileResourceId)

PublicClientApplication#create(Context, int, ApplicationCreatedListener) will read the client id and other configuration settings from the file included in your application's resources.

Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs.

For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki

Parameters:

context - Application's Context. The sdk requires the application context to be passed in PublicClientApplication. Cannot be null.

configFileResourceId - The resource ID of the raw file containing the JSON configuration for the PublicClientApplication

Returns:

An instance of IPublicClientApplication.

Throws:

IllegalStateException - if this function is invoked on the main thread.

create

public static void create(@NonNull final Context context, final int configFileResourceId, @NonNull final ApplicationCreatedListener listener)

PublicClientApplication#create(Context, int, ApplicationCreatedListener) will read the client id and other configuration settings from the file included in your application resources.

Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs.

For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki

Parameters:

context - Application's Context. The sdk requires the application context to be passed in PublicClientApplication. Cannot be null.

configFileResourceId - The resource ID of the raw file containing the JSON configuration for the PublicClientApplication.

listener - a callback to be invoked when the object is successfully created. Cannot be null.

createMultipleAccountPublicClientApplication

public static IMultipleAccountPublicClientApplication createMultipleAccountPublicClientApplication(@NonNull final Context context, @NonNull final File configFile)

PublicClientApplication#createMultipleAccountPublicClientApplication(Context, File) will read the client id and other configuration settings from the file included in your application resources.

This function will pass back an MsalClientException object if it is unable to return IMultipleAccountPublicClientApplication. For example, when the device is marked as 'shared' (isSharedDevice() is set to true)

Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs.

For more information on the schema of the MSAL configuration file, please see Android app resource overview and MSAL Github Wiki

Parameters:

context - Application's Context. The sdk requires the application context to be passed in PublicClientApplication. Cannot be null.

configFile - The file containing the JSON configuration for the PublicClientApplication. Cannot be null.

Throws:

IllegalStateException - if this function is invoked on the main thread.

createMultipleAccountPublicClientApplication

public static void createMultipleAccountPublicClientApplication(@NonNull final Context context, @NonNull final File configFile, @NonNull final IMultipleAccountApplicationCreatedListener listener)

PublicClientApplication#createMultipleAccountPublicClientApplication(Context, File, IMultipleAccountApplicationCreatedListener) will read the client id and other configuration settings from the file included in your application resources.

This function will pass back an MsalClientException object if it is unable to return IMultipleAccountPublicClientApplication. For example, when the device is marked as 'shared' (isSharedDevice() is set to true)

Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs.

For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki

Parameters:

context - Application's Context. The sdk requires the application context to be passed in PublicClientApplication. Cannot be null.

configFile - The file containing the JSON configuration for the PublicClientApplication. Cannot be null.

listener - a callback to be invoked when the object is successfully created. Cannot be null.

createMultipleAccountPublicClientApplication

public static IMultipleAccountPublicClientApplication createMultipleAccountPublicClientApplication(@NonNull final Context context, @NonNull final int configFileResourceId)

PublicClientApplication#createMultipleAccountPublicClientApplication(Context, int) will read the client id and other configuration settings from the file included in your application's resources.

This function will pass back an MsalClientException object if it is unable to return IMultipleAccountPublicClientApplication. For example, when the device is marked as 'shared' (isSharedDevice() is set to true)

Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs.

For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki

Parameters:

context - Application's Context. The sdk requires the application context to be passed in PublicClientApplication. Cannot be null.

configFileResourceId - The resource ID of the raw file containing the JSON configuration for the PublicClientApplication.

Returns:

An instance of IMultipleAccountPublicClientApplication.

Throws:

IllegalStateException - if this function is invoked on the main thread.

createMultipleAccountPublicClientApplication

public static void createMultipleAccountPublicClientApplication(@NonNull final Context context, final int configFileResourceId, @NonNull final IMultipleAccountApplicationCreatedListener listener)

PublicClientApplication#createMultipleAccountPublicClientApplication(Context, int, IMultipleAccountApplicationCreatedListener) will read the client id and other configuration settings from the file included in your application's resources.

This function will pass back an MsalClientException object if it is unable to return IMultipleAccountPublicClientApplication. For example, when the device is marked as 'shared' (isSharedDevice() is set to true)

Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs.

For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki

Parameters:

context - Application's Context. The sdk requires the application context to be passed in PublicClientApplication. Cannot be null.

configFileResourceId - The resource ID of the raw file containing the JSON configuration for the PublicClientApplication.

listener - a callback to be invoked when the object is successfully created. Cannot be null.

createSingleAccountPublicClientApplication

public static void createSingleAccountPublicClientApplication(@NonNull final Context context, @NonNull final File configFile, @NonNull final ISingleAccountApplicationCreatedListener listener)

PublicClientApplication#createSingleAccountPublicClientApplication(Context, int, ISingleAccountApplicationCreatedListener) will read the client id and other configuration settings from the file included in your application resources.

This function will pass back an MsalClientException object if it is unable to return ISingleAccountApplicationCreatedListener. For example, AccountMode in configuration is not set to single.

Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs.

For more information on the schema of the MSAL configuration file, please see Android app resource overview and MSAL Github Wiki

Parameters:

context - Application's Context. The sdk requires the application context to be passed in PublicClientApplication. Cannot be null.

configFile - The file containing the JSON configuration for the PublicClientApplication. Cannot be null.

listener - a callback to be invoked when the object is successfully created. Cannot be null.

createSingleAccountPublicClientApplication

public static ISingleAccountPublicClientApplication createSingleAccountPublicClientApplication( @NonNull final Context context, @Nullable final File configFile)

PublicClientApplication#createSingleAccountPublicClientApplication(Context, int) will read the client id and other configuration settings from the file included in your applications resources.

This function will pass back an MsalClientException object if it is unable to return ISingleAccountApplicationCreatedListener. For example, AccountMode in configuration is not set to single.

Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs.

For more information on the schema of the MSAL configuration file, please see Android app resource overview and MSAL Github Wiki

Parameters:

context - Application's Context. The sdk requires the application context to be passed in PublicClientApplication. Cannot be null.

configFile - The file containing the JSON configuration for the PublicClientApplication. Cannot be null.

Returns:

An instance of ISingleAccountPublicClientApplication.

Throws:

IllegalStateException - if this function is invoked on the main thread.

createSingleAccountPublicClientApplication

public static ISingleAccountPublicClientApplication createSingleAccountPublicClientApplication( @NonNull final Context context, final int configFileResourceId)

PublicClientApplication#createSingleAccountPublicClientApplication(Context, int) will read the client id and other configuration settings from the file included in your application's resources.

This function will pass back an MsalClientException object if it is unable to return ISingleAccountApplicationCreatedListener. For example, AccountMode in configuration is not set to single.

Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs.

For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki

Parameters:

context - Application's Context. The sdk requires the application context to be passed in PublicClientApplication. Cannot be null.

configFileResourceId - The resource ID of the raw file containing the JSON configuration for the PublicClientApplication.

Returns:

An instance of ISingleAccountPublicClientApplication.

Throws:

IllegalStateException - if this function is invoked on the main thread.

createSingleAccountPublicClientApplication

public static void createSingleAccountPublicClientApplication(@NonNull final Context context, final int configFileResourceId, @NonNull final ISingleAccountApplicationCreatedListener listener)

PublicClientApplication#createSingleAccountPublicClientApplication(Context, int, ISingleAccountApplicationCreatedListener) will read the client id and other configuration settings from the file included in your application's resources.

This function will pass back an MsalClientException object if it is unable to return ISingleAccountApplicationCreatedListener. For example, AccountMode in configuration is not set to single.

Note: The Context should be the application context instead of the running activity's context, which could potentially make the sdk hold a strong reference to the activity, thus preventing correct garbage collection and causing bugs.

For more information on the schema of the MSAL config json, please see Android app resource overview and MSAL Github Wiki

Parameters:

context - Application's Context. The sdk requires the application context to be passed in PublicClientApplication. Cannot be null.

configFileResourceId - The resource ID of the raw file containing the JSON configuration for the PublicClientApplication.

listener - a callback to be invoked when the object is successfully created. Cannot be null.

generateSignedHttpRequest

public String generateSignedHttpRequest(@NonNull final IAccount account, @NonNull final PoPAuthenticationScheme popParameters)

Signs the provided PoPAuthenticationScheme parameters into a JWT on behalf of the provided IAccount.

Important: Use of this API requires setting the minimum_required_broker_protocol_version to "6.0" or higher.

Overrides:

PublicClientApplication.generateSignedHttpRequest(@NonNull final IAccount account, @NonNull final PoPAuthenticationScheme popParameters)

Parameters:

account - The account for whom signing shall occur.

popParameters - The input parameters.

Returns:

The resulting SHR.

generateSignedHttpRequest

public void generateSignedHttpRequest(@NonNull final IAccount account, @NonNull final PoPAuthenticationScheme popParameters, @NonNull final SignedHttpRequestRequestCallback callback)

Signs the provided PoPAuthenticationScheme parameters into a JWT on behalf of the provided IAccount.

Important: Use of this API requires setting the minimum_required_broker_protocol_version to "6.0" or higher.

Overrides:

PublicClientApplication.generateSignedHttpRequest(@NonNull final IAccount account, @NonNull final PoPAuthenticationScheme popParameters, @NonNull final SignedHttpRequestRequestCallback callback)

Parameters:

account - The account for whom signing shall occur.

popParameters - The input parameters.

callback - The callback object to receive the result (or error).

getCommandCallback

protected CommandCallback getCommandCallback( @NonNull final SilentAuthenticationCallback authenticationCallback, @NonNull final TokenParameters tokenParameters)

Parameters:

authenticationCallback

tokenParameters

getConfiguration

public PublicClientApplicationConfiguration getConfiguration()

Returns the PublicClientConfiguration for this instance of PublicClientApplication.

Overrides:

PublicClientApplication.getConfiguration()

Returns:

The PublicClientApplicationConfiguration.

getMsaFamilyRefreshToken

public String getMsaFamilyRefreshToken(@NonNull final String identifier)

Parameters:

identifier

getMsaFamilyRefreshTokenWithMetadata

public TokenShareResult getMsaFamilyRefreshTokenWithMetadata(@NonNull final String identifier)

Parameters:

identifier

getOrgIdFamilyRefreshToken

public String getOrgIdFamilyRefreshToken(@NonNull final String identifier)

Parameters:

identifier

getOrgIdFamilyRefreshTokenWithMetadata

public TokenShareResult getOrgIdFamilyRefreshTokenWithMetadata(@NonNull final String identifier)

Parameters:

identifier

getSdkVersion

public static String getSdkVersion()

Returns:

The current version for the sdk.

isSharedDevice

public boolean isSharedDevice()

Returns whether the application is being run on a device that is marked as a shared. Only SingleAccountPublicClientApplications may be used on shared devices

Overrides:

PublicClientApplication.isSharedDevice()

postAuthResult

protected void postAuthResult(@NonNull final ILocalAuthenticationResult localAuthenticationResult, @NonNull final TokenParameters requestParameters, @NonNull final SilentAuthenticationCallback authenticationCallback)

Helper method to post authentication result.

Parameters:

localAuthenticationResult

requestParameters

authenticationCallback

saveMsaFamilyRefreshToken

public void saveMsaFamilyRefreshToken(@NonNull final String refreshToken)

Parameters:

refreshToken

saveOrgIdFamilyRefreshToken

public void saveOrgIdFamilyRefreshToken(@NonNull final String ssoStateSerializerBlob)

Parameters:

ssoStateSerializerBlob

showExpectedMsalRedirectUriInfo

public static void showExpectedMsalRedirectUriInfo(Activity activity)

Presents an activity that includes the package name, signature, redirect URI and manifest entry required for your application

Parameters:

activity

validateAcquireTokenParameters

protected void validateAcquireTokenParameters(AcquireTokenParameters parameters)

Parameters:

parameters

validateAcquireTokenSilentParameters

protected void validateAcquireTokenSilentParameters(AcquireTokenSilentParameters parameters)

Parameters:

parameters