PublicClientApplication class
The PublicClientApplication class is the object exposed by the library to perform authentication and authorization functions in Single Page Applications to obtain JWT tokens as described in the OAuth 2.0 Authorization Code Flow with PKCE specification.
- Extends
Constructors
| Public |
Methods
| acquire |
Silently acquire an access token for a given set of scopes. Returns currently processing promise if parallel requests are made. |
| login |
Use when initiating the login process via opening a popup window in the user's browser |
| login |
Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute. IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. |
Inherited Methods
| acquire |
This function redeems an authorization code (passed as code) from the eSTS token endpoint. This authorization code should be acquired server-side using a confidential client to acquire a spa_code. This API is not indended for normal authorization code acquisition and redemption. Redemption of this authorization code will not require PKCE, as it was acquired by a confidential client. |
| acquire |
Use when you want to obtain an access_token for your API via opening a popup window in the user's browser |
| acquire |
Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute. IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. |
| add |
Adds event callbacks to array |
| add |
Registers a callback to receive performance events. |
| disable |
Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window |
| enable |
Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window |
| get |
Returns the signed in account matching homeAccountId. (the account object is created at the time of successful login) or null when no matching account is found |
| get |
Returns the signed in account matching localAccountId. (the account object is created at the time of successful login) or null when no matching account is found |
| get |
Returns the signed in account matching username. (the account object is created at the time of successful login) or null when no matching account is found. This API is provided for convenience but getAccountById should be used for best reliability |
| get |
Gets the currently active account |
| get |
Returns all accounts that MSAL currently has data for. (the account object is created at the time of successful login) or empty array when no accounts are found |
| get |
Returns the configuration object |
| get |
Returns the logger instance |
| get |
Gets the token cache for the application. |
| handle |
Event handler function which allows users to fire events after the PublicClientApplication object has loaded during redirect flows. This should be invoked on all page loads involved in redirect auth flows. |
| initialize() | Initializer function to perform async startup tasks such as connecting to WAM extension |
| initialize |
Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc. |
| logout(End |
Deprecated logout function. Use logoutRedirect or logoutPopup instead |
| logout |
Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server |
| logout |
Use to log out the current user, and redirect the user to the postLogoutRedirectUri.
Default behaviour is to redirect the user to |
| remove |
Removes callback with provided id from callback array |
| remove |
Removes a callback registered with addPerformanceCallback. |
| set |
Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account. |
| set |
Replaces the default logger set in configurations with new Logger with new configurations |
| set |
Sets navigation client |
| sso |
This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work:
For the cases where interaction is required, you cannot send a request with prompt=none. If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as you session on the server still exists. |
Constructor Details
PublicClientApplication(Configuration)
new PublicClientApplication(configuration: Configuration)Parameters
- configuration
- Configuration
object for the MSAL PublicClientApplication instance
Method Details
acquireTokenSilent(SilentRequest)
Silently acquire an access token for a given set of scopes. Returns currently processing promise if parallel requests are made.
function acquireTokenSilent(request: SilentRequest): Promise<AuthenticationResult>Parameters
- request
- SilentRequest
Returns
Promise<AuthenticationResult>
- a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the <xref:AuthResponse> object
loginPopup(PopupRequest)
Use when initiating the login process via opening a popup window in the user's browser
function loginPopup(request?: PopupRequest): Promise<AuthenticationResult>Parameters
- request
- PopupRequest
Returns
Promise<AuthenticationResult>
A promise that is fulfilled when this function has completed, or rejected if an error was raised.
loginRedirect(RedirectRequest)
Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute. IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function.
function loginRedirect(request?: RedirectRequest): Promise<void>Parameters
- request
- RedirectRequest
Returns
Promise<void>
Inherited Method Details
acquireTokenByCode(AuthorizationCodeRequest)
This function redeems an authorization code (passed as code) from the eSTS token endpoint. This authorization code should be acquired server-side using a confidential client to acquire a spa_code. This API is not indended for normal authorization code acquisition and redemption. Redemption of this authorization code will not require PKCE, as it was acquired by a confidential client.
function acquireTokenByCode(request: AuthorizationCodeRequest): Promise<AuthenticationResult>Parameters
- request
- AuthorizationCodeRequest
Returns
Promise<AuthenticationResult>
A promise that is fulfilled when this function has completed, or rejected if an error was raised.
Inherited From ClientApplication.acquireTokenByCode
acquireTokenPopup(PopupRequest)
Use when you want to obtain an access_token for your API via opening a popup window in the user's browser
function acquireTokenPopup(request: PopupRequest): Promise<AuthenticationResult>Parameters
- request
- PopupRequest
Returns
Promise<AuthenticationResult>
A promise that is fulfilled when this function has completed, or rejected if an error was raised.
Inherited From ClientApplication.acquireTokenPopup
acquireTokenRedirect(RedirectRequest)
Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute. IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function.
function acquireTokenRedirect(request: RedirectRequest): Promise<void>Parameters
- request
- RedirectRequest
Returns
Promise<void>
Inherited From ClientApplication.acquireTokenRedirect
addEventCallback(EventCallbackFunction)
Adds event callbacks to array
function addEventCallback(callback: EventCallbackFunction): string | nullParameters
- callback
- EventCallbackFunction
Returns
string | null
Inherited From ClientApplication.addEventCallback
addPerformanceCallback(PerformanceCallbackFunction)
Registers a callback to receive performance events.
function addPerformanceCallback(callback: PerformanceCallbackFunction): stringParameters
- callback
-
PerformanceCallbackFunction
Returns
string
Inherited From ClientApplication.addPerformanceCallback
disableAccountStorageEvents()
Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window
function disableAccountStorageEvents()Inherited From ClientApplication.disableAccountStorageEvents
enableAccountStorageEvents()
Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window
function enableAccountStorageEvents()Inherited From ClientApplication.enableAccountStorageEvents
getAccountByHomeId(string)
Returns the signed in account matching homeAccountId. (the account object is created at the time of successful login) or null when no matching account is found
function getAccountByHomeId(homeAccountId: string): AccountInfo | nullParameters
- homeAccountId
-
string
Returns
AccountInfo | null
The account object stored in MSAL
Inherited From ClientApplication.getAccountByHomeId
getAccountByLocalId(string)
Returns the signed in account matching localAccountId. (the account object is created at the time of successful login) or null when no matching account is found
function getAccountByLocalId(localAccountId: string): AccountInfo | nullParameters
- localAccountId
-
string
Returns
AccountInfo | null
The account object stored in MSAL
Inherited From ClientApplication.getAccountByLocalId
getAccountByUsername(string)
Returns the signed in account matching username. (the account object is created at the time of successful login) or null when no matching account is found. This API is provided for convenience but getAccountById should be used for best reliability
function getAccountByUsername(userName: string): AccountInfo | nullParameters
- userName
-
string
Returns
AccountInfo | null
The account object stored in MSAL
Inherited From ClientApplication.getAccountByUsername
getActiveAccount()
Gets the currently active account
function getActiveAccount(): AccountInfo | nullReturns
AccountInfo | null
Inherited From ClientApplication.getActiveAccount
getAllAccounts()
Returns all accounts that MSAL currently has data for. (the account object is created at the time of successful login) or empty array when no accounts are found
function getAllAccounts(): AccountInfo[]Returns
AccountInfo[]
Array of account objects in cache
Inherited From ClientApplication.getAllAccounts
getConfiguration()
Returns the configuration object
function getConfiguration(): BrowserConfigurationReturns
Inherited From ClientApplication.getConfiguration
getLogger()
Returns the logger instance
function getLogger(): LoggerReturns
Logger
Inherited From ClientApplication.getLogger
getTokenCache()
Gets the token cache for the application.
function getTokenCache(): ITokenCacheReturns
Inherited From ClientApplication.getTokenCache
handleRedirectPromise(string)
Event handler function which allows users to fire events after the PublicClientApplication object has loaded during redirect flows. This should be invoked on all page loads involved in redirect auth flows.
function handleRedirectPromise(hash?: string): Promise<AuthenticationResult | null>Parameters
- hash
-
string
Hash to process. Defaults to the current value of window.location.hash. Only needs to be provided explicitly if the response to be handled is not contained in the current value.
Returns
Promise<AuthenticationResult | null>
Token response or null. If the return value is null, then no auth redirect was detected.
Inherited From ClientApplication.handleRedirectPromise
initialize()
Initializer function to perform async startup tasks such as connecting to WAM extension
function initialize(): Promise<void>Returns
Promise<void>
Inherited From ClientApplication.initialize
initializeWrapperLibrary(WrapperSKU, string)
Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc.
function initializeWrapperLibrary(sku: WrapperSKU, version: string)Parameters
- sku
- WrapperSKU
- version
-
string
Inherited From ClientApplication.initializeWrapperLibrary
logout(EndSessionRequest)
Warning
This API is now deprecated.
Deprecated logout function. Use logoutRedirect or logoutPopup instead
function logout(logoutRequest?: EndSessionRequest): Promise<void>Parameters
- logoutRequest
- EndSessionRequest
Returns
Promise<void>
Inherited From ClientApplication.logout
logoutPopup(EndSessionPopupRequest)
Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server
function logoutPopup(logoutRequest?: EndSessionPopupRequest): Promise<void>Parameters
- logoutRequest
- EndSessionPopupRequest
Returns
Promise<void>
Inherited From ClientApplication.logoutPopup
logoutRedirect(EndSessionRequest)
Use to log out the current user, and redirect the user to the postLogoutRedirectUri.
Default behaviour is to redirect the user to window.location.href.
function logoutRedirect(logoutRequest?: EndSessionRequest): Promise<void>Parameters
- logoutRequest
- EndSessionRequest
Returns
Promise<void>
Inherited From ClientApplication.logoutRedirect
removeEventCallback(string)
Removes callback with provided id from callback array
function removeEventCallback(callbackId: string)Parameters
- callbackId
-
string
Inherited From ClientApplication.removeEventCallback
removePerformanceCallback(string)
Removes a callback registered with addPerformanceCallback.
function removePerformanceCallback(callbackId: string): booleanParameters
- callbackId
-
string
Returns
boolean
Inherited From ClientApplication.removePerformanceCallback
setActiveAccount(AccountInfo | null)
Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account.
function setActiveAccount(account: AccountInfo | null)Parameters
- account
-
AccountInfo | null
Inherited From ClientApplication.setActiveAccount
setLogger(Logger)
Replaces the default logger set in configurations with new Logger with new configurations
function setLogger(logger: Logger)Parameters
- logger
-
Logger
Logger instance
Inherited From ClientApplication.setLogger
setNavigationClient(INavigationClient)
Sets navigation client
function setNavigationClient(navigationClient: INavigationClient)Parameters
- navigationClient
- INavigationClient
Inherited From ClientApplication.setNavigationClient
ssoSilent(SsoSilentRequest)
This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work:
- Any browser using a form of Intelligent Tracking Prevention
- If there is not an established session with the service In these cases, the request must be done inside a popup or full frame redirect.
For the cases where interaction is required, you cannot send a request with prompt=none.
If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as you session on the server still exists.
function ssoSilent(request: SsoSilentRequest): Promise<AuthenticationResult>Parameters
- request
- SsoSilentRequest
Returns
Promise<AuthenticationResult>
A promise that is fulfilled when this function has completed, or rejected if an error was raised.
Inherited From ClientApplication.ssoSilent