PublicClientApplication class

Reference

Package:: @azure/msal-browser

The PublicClientApplication class is the object exposed by the library to perform authentication and authorization functions in Single Page Applications to obtain JWT tokens as described in the OAuth 2.0 Authorization Code Flow with PKCE specification.

Extends: ClientApplication

Constructors

PublicClientApplication(Configuration)

Methods

acquireTokenSilent(SilentRequest)	Silently acquire an access token for a given set of scopes. Returns currently processing promise if parallel requests are made.
loginPopup(PopupRequest)	Use when initiating the login process via opening a popup window in the user's browser
loginRedirect(RedirectRequest)	Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute. IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function.

Inherited Methods

acquireTokenByCode(AuthorizationCodeRequest)	This function redeems an authorization code (passed as code) from the eSTS token endpoint. This authorization code should be acquired server-side using a confidential client to acquire a spa_code. This API is not indended for normal authorization code acquisition and redemption. Redemption of this authorization code will not require PKCE, as it was acquired by a confidential client.
acquireTokenPopup(PopupRequest)	Use when you want to obtain an access_token for your API via opening a popup window in the user's browser
acquireTokenRedirect(RedirectRequest)	Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute. IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function.
addEventCallback(EventCallbackFunction)	Adds event callbacks to array
addPerformanceCallback(PerformanceCallbackFunction)	Registers a callback to receive performance events.
disableAccountStorageEvents()	Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window
enableAccountStorageEvents()	Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window
getAccountByHomeId(string)	Returns the signed in account matching homeAccountId. (the account object is created at the time of successful login) or null when no matching account is found
getAccountByLocalId(string)	Returns the signed in account matching localAccountId. (the account object is created at the time of successful login) or null when no matching account is found
getAccountByUsername(string)	Returns the signed in account matching username. (the account object is created at the time of successful login) or null when no matching account is found. This API is provided for convenience but getAccountById should be used for best reliability
getActiveAccount()	Gets the currently active account
getAllAccounts()	Returns all accounts that MSAL currently has data for. (the account object is created at the time of successful login) or empty array when no accounts are found
getConfiguration()	Returns the configuration object
getLogger()	Returns the logger instance
getTokenCache()	Gets the token cache for the application.
handleRedirectPromise(string)	Event handler function which allows users to fire events after the PublicClientApplication object has loaded during redirect flows. This should be invoked on all page loads involved in redirect auth flows.
initialize()	Initializer function to perform async startup tasks such as connecting to WAM extension
initializeWrapperLibrary(WrapperSKU, string)	Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc.
logout(EndSessionRequest)	Deprecated logout function. Use logoutRedirect or logoutPopup instead
logoutPopup(EndSessionPopupRequest)	Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server
logoutRedirect(EndSessionRequest)	Use to log out the current user, and redirect the user to the postLogoutRedirectUri. Default behaviour is to redirect the user to `window.location.href`.
removeEventCallback(string)	Removes callback with provided id from callback array
removePerformanceCallback(string)	Removes a callback registered with addPerformanceCallback.
setActiveAccount(AccountInfo \| null)	Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account.
setLogger(Logger)	Replaces the default logger set in configurations with new Logger with new configurations
setNavigationClient(INavigationClient)	Sets navigation client
ssoSilent(SsoSilentRequest)	This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work: Any browser using a form of Intelligent Tracking Prevention If there is not an established session with the service In these cases, the request must be done inside a popup or full frame redirect. For the cases where interaction is required, you cannot send a request with prompt=none. If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as you session on the server still exists.

Constructor Details

PublicClientApplication(Configuration)

new PublicClientApplication(configuration: Configuration)

Parameters

configuration: Configuration

object for the MSAL PublicClientApplication instance

Method Details

acquireTokenSilent(SilentRequest)

Silently acquire an access token for a given set of scopes. Returns currently processing promise if parallel requests are made.

function acquireTokenSilent(request: SilentRequest): Promise<AuthenticationResult>

Parameters

request: SilentRequest

Returns

Promise<AuthenticationResult>

a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the <xref:AuthResponse> object

loginPopup(PopupRequest)

Use when initiating the login process via opening a popup window in the user's browser

function loginPopup(request?: PopupRequest): Promise<AuthenticationResult>

Parameters

request: PopupRequest

Returns

Promise<AuthenticationResult>

A promise that is fulfilled when this function has completed, or rejected if an error was raised.

loginRedirect(RedirectRequest)

Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute. IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function.

function loginRedirect(request?: RedirectRequest): Promise<void>

Parameters

request: RedirectRequest

Returns

Promise<void>

Inherited Method Details

acquireTokenByCode(AuthorizationCodeRequest)

This function redeems an authorization code (passed as code) from the eSTS token endpoint. This authorization code should be acquired server-side using a confidential client to acquire a spa_code. This API is not indended for normal authorization code acquisition and redemption. Redemption of this authorization code will not require PKCE, as it was acquired by a confidential client.

function acquireTokenByCode(request: AuthorizationCodeRequest): Promise<AuthenticationResult>

Parameters

request: AuthorizationCodeRequest

Returns

Promise<AuthenticationResult>

A promise that is fulfilled when this function has completed, or rejected if an error was raised.

Inherited From ClientApplication.acquireTokenByCode

acquireTokenPopup(PopupRequest)

Use when you want to obtain an access_token for your API via opening a popup window in the user's browser

function acquireTokenPopup(request: PopupRequest): Promise<AuthenticationResult>

Parameters

request: PopupRequest

Returns

Promise<AuthenticationResult>

A promise that is fulfilled when this function has completed, or rejected if an error was raised.

Inherited From ClientApplication.acquireTokenPopup

acquireTokenRedirect(RedirectRequest)

Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute. IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function.

function acquireTokenRedirect(request: RedirectRequest): Promise<void>

Parameters

request: RedirectRequest

Returns

Promise<void>

Inherited From ClientApplication.acquireTokenRedirect

addEventCallback(EventCallbackFunction)

Adds event callbacks to array

function addEventCallback(callback: EventCallbackFunction): string | null

Parameters

callback: EventCallbackFunction

Returns

string | null

Inherited From ClientApplication.addEventCallback

addPerformanceCallback(PerformanceCallbackFunction)

Registers a callback to receive performance events.

function addPerformanceCallback(callback: PerformanceCallbackFunction): string

Parameters

callback: PerformanceCallbackFunction

Returns

string

Inherited From ClientApplication.addPerformanceCallback

disableAccountStorageEvents()

Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window

function disableAccountStorageEvents()

Inherited From ClientApplication.disableAccountStorageEvents

enableAccountStorageEvents()

Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window

function enableAccountStorageEvents()

Inherited From ClientApplication.enableAccountStorageEvents

getAccountByHomeId(string)

Returns the signed in account matching homeAccountId. (the account object is created at the time of successful login) or null when no matching account is found

function getAccountByHomeId(homeAccountId: string): AccountInfo | null

Parameters

homeAccountId: string

Returns

AccountInfo | null

The account object stored in MSAL

Inherited From ClientApplication.getAccountByHomeId

getAccountByLocalId(string)

Returns the signed in account matching localAccountId. (the account object is created at the time of successful login) or null when no matching account is found

function getAccountByLocalId(localAccountId: string): AccountInfo | null

Parameters

localAccountId: string

Returns

AccountInfo | null

The account object stored in MSAL

Inherited From ClientApplication.getAccountByLocalId

getAccountByUsername(string)

Returns the signed in account matching username. (the account object is created at the time of successful login) or null when no matching account is found. This API is provided for convenience but getAccountById should be used for best reliability

function getAccountByUsername(userName: string): AccountInfo | null

Parameters

userName: string

Returns

AccountInfo | null

The account object stored in MSAL

Inherited From ClientApplication.getAccountByUsername

getActiveAccount()

Gets the currently active account

function getActiveAccount(): AccountInfo | null

Returns

AccountInfo | null

Inherited From ClientApplication.getActiveAccount

getAllAccounts()

Returns all accounts that MSAL currently has data for. (the account object is created at the time of successful login) or empty array when no accounts are found

function getAllAccounts(): AccountInfo[]

Returns

AccountInfo[]

Array of account objects in cache

Inherited From ClientApplication.getAllAccounts

getConfiguration()

Returns the configuration object

function getConfiguration(): BrowserConfiguration

Returns

BrowserConfiguration

Inherited From ClientApplication.getConfiguration

getLogger()

Returns the logger instance

function getLogger(): Logger

Returns

Logger

Inherited From ClientApplication.getLogger

getTokenCache()

Gets the token cache for the application.

function getTokenCache(): ITokenCache

Returns

ITokenCache

Inherited From ClientApplication.getTokenCache

handleRedirectPromise(string)

Event handler function which allows users to fire events after the PublicClientApplication object has loaded during redirect flows. This should be invoked on all page loads involved in redirect auth flows.

function handleRedirectPromise(hash?: string): Promise<AuthenticationResult | null>

Parameters

hash: string

Hash to process. Defaults to the current value of window.location.hash. Only needs to be provided explicitly if the response to be handled is not contained in the current value.

Returns

Promise<AuthenticationResult | null>

Token response or null. If the return value is null, then no auth redirect was detected.

Inherited From ClientApplication.handleRedirectPromise

initialize()

Initializer function to perform async startup tasks such as connecting to WAM extension

function initialize(): Promise<void>

Returns

Promise<void>

Inherited From ClientApplication.initialize

initializeWrapperLibrary(WrapperSKU, string)

Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc.

function initializeWrapperLibrary(sku: WrapperSKU, version: string)

Parameters

sku: WrapperSKU

version: string

Inherited From ClientApplication.initializeWrapperLibrary

logout(EndSessionRequest)

Warning

This API is now deprecated.

Deprecated logout function. Use logoutRedirect or logoutPopup instead

function logout(logoutRequest?: EndSessionRequest): Promise<void>

Parameters

logoutRequest: EndSessionRequest

Returns

Promise<void>

Inherited From ClientApplication.logout

logoutPopup(EndSessionPopupRequest)

Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server

function logoutPopup(logoutRequest?: EndSessionPopupRequest): Promise<void>

Parameters

logoutRequest: EndSessionPopupRequest

Returns

Promise<void>

Inherited From ClientApplication.logoutPopup

logoutRedirect(EndSessionRequest)

Use to log out the current user, and redirect the user to the postLogoutRedirectUri. Default behaviour is to redirect the user to window.location.href.

function logoutRedirect(logoutRequest?: EndSessionRequest): Promise<void>

Parameters

logoutRequest: EndSessionRequest

Returns

Promise<void>

Inherited From ClientApplication.logoutRedirect

removeEventCallback(string)

Removes callback with provided id from callback array

function removeEventCallback(callbackId: string)

Parameters

callbackId: string

Inherited From ClientApplication.removeEventCallback

removePerformanceCallback(string)

Removes a callback registered with addPerformanceCallback.

function removePerformanceCallback(callbackId: string): boolean

Parameters

callbackId: string

Returns

boolean

Inherited From ClientApplication.removePerformanceCallback

setActiveAccount(AccountInfo | null)

Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account.

function setActiveAccount(account: AccountInfo | null)

Parameters

account: AccountInfo | null

Inherited From ClientApplication.setActiveAccount

setLogger(Logger)

Replaces the default logger set in configurations with new Logger with new configurations

function setLogger(logger: Logger)

Parameters

logger: Logger

Logger instance

Inherited From ClientApplication.setLogger

setNavigationClient(INavigationClient)

Sets navigation client

function setNavigationClient(navigationClient: INavigationClient)

Parameters

navigationClient: INavigationClient

Inherited From ClientApplication.setNavigationClient

ssoSilent(SsoSilentRequest)

This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work:

Any browser using a form of Intelligent Tracking Prevention
If there is not an established session with the service In these cases, the request must be done inside a popup or full frame redirect.

For the cases where interaction is required, you cannot send a request with prompt=none.

If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as you session on the server still exists.

function ssoSilent(request: SsoSilentRequest): Promise<AuthenticationResult>

Parameters

request: SsoSilentRequest

Returns

Promise<AuthenticationResult>

A promise that is fulfilled when this function has completed, or rejected if an error was raised.

Inherited From ClientApplication.ssoSilent