AcquireTokenOnBehalfOfParameterBuilder Class

Definition

Builder for AcquireTokenOnBehalfOf (OBO flow) See https://aka.ms/msal-net-on-behalf-of

public sealed class AcquireTokenOnBehalfOfParameterBuilder : Microsoft.Identity.Client.AbstractConfidentialClientAcquireTokenParameterBuilder<Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder>
type AcquireTokenOnBehalfOfParameterBuilder = class
    inherit AbstractConfidentialClientAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>
Public NotInheritable Class AcquireTokenOnBehalfOfParameterBuilder
Inherits AbstractConfidentialClientAcquireTokenParameterBuilder(Of AcquireTokenOnBehalfOfParameterBuilder)
Inheritance

Methods

ExecuteAsync()

Executes the Token request asynchronously.

(Inherited from BaseAbstractAcquireTokenParameterBuilder<T>)
ExecuteAsync(CancellationToken)

Executes the Token request asynchronously, with a possibility of cancelling the asynchronous method.

(Inherited from AbstractConfidentialClientAcquireTokenParameterBuilder<T>)
Validate()

Validates the parameters of the AcquireToken operation.

(Inherited from AbstractConfidentialClientAcquireTokenParameterBuilder<T>)
WithAdfsAuthority(String, Boolean)

Adds a known Authority corresponding to an ADFS server. See https://aka.ms/msal-net-adfs.

(Inherited from AbstractAcquireTokenParameterBuilder<T>)
WithAuthority(AadAuthorityAudience, Boolean)
Obsolete.

Important: Use WithTenantId or WithTenantIdFromAuthority instead, or WithB2CAuthority for B2C authorities.

Adds a known Azure AD authority to the application to sign-in users specifying the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.

(Inherited from AbstractAcquireTokenParameterBuilder<T>)
WithAuthority(AzureCloudInstance, AadAuthorityAudience, Boolean)
Obsolete.

Adds a known Azure AD authority to the application to sign-in users specifying the cloud instance and the sign-in audience. See https://aka.ms/msal-net-application-configuration.

(Inherited from AbstractAcquireTokenParameterBuilder<T>)
WithAuthority(AzureCloudInstance, Guid, Boolean)
Obsolete.

Important: Use WithTenantId or WithTenantIdFromAuthority instead, or WithB2CAuthority for B2C authorities.

Adds a known Azure AD authority to the application to sign-in users from a single organization (single tenant application) described by its cloud instance and its tenant ID. See https://aka.ms/msal-net-application-configuration.

(Inherited from AbstractAcquireTokenParameterBuilder<T>)
WithAuthority(AzureCloudInstance, String, Boolean)
Obsolete.

Important: Use WithTenantId or WithTenantIdFromAuthority instead, or WithB2CAuthority for B2C authorities.

Adds a known Azure AD authority to the application to sign-in users from a single organization (single tenant application) described by its cloud instance and its domain name or tenant ID. See https://aka.ms/msal-net-application-configuration.

(Inherited from AbstractAcquireTokenParameterBuilder<T>)
WithAuthority(String, Boolean)
Obsolete.

Important: Use WithTenantId or WithTenantIdFromAuthority instead, or WithB2CAuthority for B2C authorities.

Specific authority for which the token is requested. Passing a different value than configured at the application constructor narrows down the selection to a specific tenant. This does not change the configured value in the application. This is specific to applications managing several accounts (like a mail client with several mailboxes). See https://aka.ms/msal-net-application-configuration.

(Inherited from AbstractAcquireTokenParameterBuilder<T>)
WithAuthority(String, Guid, Boolean)
Obsolete.

Important: Use WithTenantId or WithTenantIdFromAuthority instead, or WithB2CAuthority for B2C authorities.

Adds a known Azure AD authority to the application to sign-in users from a single organization (single tenant application) specified by its tenant ID. See https://aka.ms/msal-net-application-configuration.

(Inherited from AbstractAcquireTokenParameterBuilder<T>)
WithAuthority(String, String, Boolean)
Obsolete.

Important: Use WithTenantId or WithTenantIdFromAuthority instead, or WithB2CAuthority for B2C authorities.

Adds a known Azure AD authority to the application to sign-in users from a single organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.

(Inherited from AbstractAcquireTokenParameterBuilder<T>)
WithB2CAuthority(String)

Adds a known authority corresponding to an Azure AD B2C policy. See https://aka.ms/msal-net-b2c-specificities

(Inherited from AbstractAcquireTokenParameterBuilder<T>)
WithCcsRoutingHint(String, String)

To help with resiliency, the AAD backup authentication system operates as an AAD backup. This will provide the AAD backup authentication system with a routing hint to help improve performance during authentication.

WithCcsRoutingHint(String)

To help with resiliency, the AAD backup authentication system operates as an AAD backup. This will provide the AAD backup authentication system with a routing hint to help improve performance during authentication.

WithClaims(String)

Sets claims in the query. Use when the AAD admin has enabled conditional access. Acquiring the token normally will result in a MsalUiRequiredException with the Claims property set. Retry the token acquisition, and use this value in the WithClaims(String) method. See https://aka.ms/msal-exceptions for details as well as https://aka.ms/msal-net-claim-challenge.

(Inherited from AbstractAcquireTokenParameterBuilder<T>)
WithCorrelationId(Guid)

Sets the correlation id to be used in the authentication request. Used to track a request in the logs of both the SDK and the Identity Provider service. If not set, a random one will be generated.

(Inherited from BaseAbstractAcquireTokenParameterBuilder<T>)
WithExtraQueryParameters(Dictionary<String,String>)

Sets Extra Query Parameters for the query string in the HTTP authentication request.

(Inherited from BaseAbstractAcquireTokenParameterBuilder<T>)
WithExtraQueryParameters(String)

Sets Extra Query Parameters for the query string in the HTTP authentication request.

(Inherited from AbstractAcquireTokenParameterBuilder<T>)
WithForceRefresh(Boolean)

Specifies if the client application should ignore access tokens when reading the token cache. New tokens will still be written to the token cache. By default the token is taken from the the user token cache (forceRefresh=false)

WithProofOfPossession(PoPAuthenticationConfiguration)

Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token. PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows. See https://aka.ms/msal-net-pop

(Inherited from AbstractConfidentialClientAcquireTokenParameterBuilder<T>)
WithScopes(IEnumerable<String>)

Specifies which scopes to request. This method is used when your application needs to specify the scopes needed to call a protected API. See https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent to learn more about scopes, permissions and consent, and https://docs.microsoft.com/azure/active-directory/develop/msal-v1-app-scopes to learn how to create scopes for legacy applications which used to expose OAuth2 permissions.

(Inherited from AbstractAcquireTokenParameterBuilder<T>)
WithSendX5C(Boolean)

Applicable to first-party applications only, this method also allows to specify if the x5c claim should be sent to Azure AD. Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD: this method will send the certificate chain to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni

WithTenantId(String)

Overrides the tenant ID specified in the authority at the application level. This operation preserves the authority host (environment).

If an authority was not specified at the application level, the default used is https://login.microsoftonline.com/common.

(Inherited from AbstractAcquireTokenParameterBuilder<T>)
WithTenantIdFromAuthority(Uri)

Extracts the tenant ID from the provided authority URI and overrides the tenant ID specified in the authority at the application level. This operation preserves the authority host (environment) provided to the application builder. If an authority was not provided to the application builder, this method will replace the tenant ID in the default authority - https://login.microsoftonline.com/common.

(Inherited from AbstractAcquireTokenParameterBuilder<T>)

Extension Methods

WithExtraHttpHeaders<T>(AbstractAcquireTokenParameterBuilder<T>, IDictionary<String,String>)

Adds additional Http Headers to the token request.

OnBeforeTokenRequest<T>(AbstractAcquireTokenParameterBuilder<T>, Func<OnBeforeTokenRequestData,Task>)

Intervenes in the request pipeline, by executing a user provided delegate before MSAL makes the token request. The delegate can modify the request payload by adding or removing body parameters and headers. OnBeforeTokenRequestData

WithAdditionalCacheParameters<T>(AbstractAcquireTokenParameterBuilder<T>, IEnumerable<String>)

Specifies additional parameters acquired from authentication responses to be cached with the access token that are normally not included in the cache object. these values can be read from the AdditionalResponseParameters parameter.

WithAuthenticationExtension<T>(AbstractAcquireTokenParameterBuilder<T>, MsalAuthenticationExtension)

Enables client applications to provide a custom authentication operation to be used in the token acquisition request.

WithProofOfPosessionKeyId<T>(AbstractAcquireTokenParameterBuilder<T>, String, String)

Binds the token to a key in the cache.No cryptographic operations is performed on the token.

WithSearchInCacheForLongRunningProcess(AcquireTokenOnBehalfOfParameterBuilder, Boolean)

Only affects InitiateLongRunningProcessInWebApi(IEnumerable<String>, String, String). When enabled, mimics MSAL 4.50.0 and below behavior - checks in cache for cached tokens first, and if not found, then uses user assertion to request new tokens from AAD. When disabled (default behavior), doesn't search in cache, but uses the user assertion to retrieve tokens from AAD.

Applies to