CredentialDescription.DecryptKeysAuthenticationOptions Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
When SourceType is AutoDecryptKeys, this property describes the authority to use to get a token for a web API to get the keys used to decrypt an encrypted token. The cloud instance will be the same as the application, but the application can be a multi-tenant application (tenant = common or organizations), and in this case to get a token on behalf of itself, the credential type needs to provide a tenant. More generally you might want to specify authentication options, including protocol, PopKey, etc ... This credential description is only used for decrypt credentials, not for client credentials.
public Microsoft.Identity.Abstractions.AuthorizationHeaderProviderOptions? DecryptKeysAuthenticationOptions { get; set; }member this.DecryptKeysAuthenticationOptions : Microsoft.Identity.Abstractions.AuthorizationHeaderProviderOptions with get, setPublic Property DecryptKeysAuthenticationOptions As AuthorizationHeaderProviderOptionsProperty Value
Examples
The JSON fragment below describes a decrypt credential to get the decrypt keys automatically:
{
"TokenDecryptionCredentials": [
{
"SourceType": "AutoDecryptKeys",
"DecryptKeysAuthenticationOptions" : {
"ProtocolScheme": "Bearer",
"AcquireTokenOptions": {
"Tenant": "mytenant.onmicrosoftonline.com"
}
}
}]
}
The code below describes the same, programmatically in C#.
CredentialDescription credentialDescription = new CredentialDescription
{
SourceType = CredentialSource.AutoDecryptKeys,
DecryptKeysAuthenticationOptions = new AuthorizationHeaderProviderOptions
{
ProtocolScheme = "Bearer",
AcquireTokenOptions = new AcquireTokenOptions {
Tenant = "mytenant.onmicrosoftonline.com",
}
}
};