IAuthorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Creates the authorization header used to call a protected web API on behalf of a user.
public System.Threading.Tasks.Task<string> CreateAuthorizationHeaderForUserAsync (System.Collections.Generic.IEnumerable<string> scopes, Microsoft.Identity.Abstractions.AuthorizationHeaderProviderOptions? authorizationHeaderProviderOptions = default, System.Security.Claims.ClaimsPrincipal? claimsPrincipal = default, System.Threading.CancellationToken cancellationToken = default);abstract member CreateAuthorizationHeaderForUserAsync : seq<string> * Microsoft.Identity.Abstractions.AuthorizationHeaderProviderOptions * System.Security.Claims.ClaimsPrincipal * System.Threading.CancellationToken -> System.Threading.Tasks.Task<string>Public Function CreateAuthorizationHeaderForUserAsync (scopes As IEnumerable(Of String), Optional authorizationHeaderProviderOptions As AuthorizationHeaderProviderOptions = Nothing, Optional claimsPrincipal As ClaimsPrincipal = Nothing, Optional cancellationToken As CancellationToken = Nothing) As Task(Of String)Parameters
- scopes
- IEnumerable<String>
Scopes for which to request the authorization header.
- authorizationHeaderProviderOptions
- AuthorizationHeaderProviderOptions
Information about the API that will be called (for some protocols like Pop), and token acquisition options.
- claimsPrincipal
- ClaimsPrincipal
Inbound authentication elements. In a web API, this is usually the result of the validation of a token. In a web app, this would be information about the signed-in user. This is not useful in daemon applications. In Microsoft.Identity.Web you rarely need to provide this parameter as it's inferred from the context.
- cancellationToken
- CancellationToken
Cancellation token.
Returns
A string containing the authorization header, that is protocol and tokens (for instance: "Bearer token", "PoP token", etc ...).