IdentityApplicationOptions Class

Definition

Namespace:

Microsoft.Identity.Abstractions

Assembly:

Microsoft.Identity.Abstractions.dll

Package:

Microsoft.Identity.Abstractions v7.1.0

Options for configuring authentication in a web app, web API or daemon app.

This class contains configuration properties for any OAuth 2.0 identity provider. For Azure AD specific options see the derived class: MicrosoftIdentityApplicationOptions. This class and its derived class are usually used as options, that are deserialized from a configuration file like appsettings.json

public class IdentityApplicationOptions

type IdentityApplicationOptions = class

Public Class IdentityApplicationOptions

Inheritance

Object

IdentityApplicationOptions

Derived

Microsoft.Identity.Abstractions.MicrosoftIdentityApplicationOptions

Constructors

IdentityApplicationOptions()

Properties

AllowWebApiToBeAuthorizedByACL	Web APIs called on behalf of a user can validate a token based on scopes (representing delegated permissions). Web APIs called by daemon applications can validate a token based on roles (representing app permissions). By default, the web API will validate the presence of roles and scopes. You can set this property to false to use the ACL-based authorization pattern for the client (daemon) to the web API. If using ACL-based authorization, the implementation will not throw if roles or scopes are not in the Claims. For details see https://aka.ms/ms-identity-web/daemon-ACL.
Audience	In a web API, audience of the tokens that will be accepted by the web API. If your web API accepts several audiences, see Audiences.
Audiences	In a web API, accepted audiences for the tokens received by the web API. See also Audience. The audience is the intended recipient of the token. You can usually assume that the ApplicationID of your web API is a valid audience. It can, in general be any of the App ID URIs (or resource identitfier) you defined for your application during its registration in the Azure portal.
Authority	Gets or sets the authority to use when calling the identity provider. For AzureAD or Azure AD B2C, rather use Instance and TenantId. For Microsoft Entra External IDs, use the authority of the form https://subdomain.ciamlogin.com.
ClientCredentials	Description of the client credentials that the app provides to prove its identity to the IdP, See CredentialSource for the list of supported credential types.
ClientId	Gets or sets the 'client_id' (application ID) as it appears in the application registration. This is the string representation of a GUID.
EnablePiiLogging	Flag used to enable/disable logging of Personally Identifiable Information (PII). PII logs are never written to default outputs. Default is set to false, which ensures that your application is compliant with GDPR. You can set it to true for advanced debugging requiring PII.
ExtraQueryParameters	Sets query parameters for the query string in the HTTP request to the IdP. This parameter is useful if you want to send the request to a specific test slice, or a particular dc.
TokenDecryptionCredentials	Description of the credentials (usually certificates) used to decrypt an encrypted token in a web API.