Microsoft.Identity.Client Namespace

Contains classes, structs, and interfaces that support access to attributes of a client.

Classes

AbstractAcquireTokenParameterBuilder<T>

Base class for builders of token requests, which attempt to acquire a token based on the provided parameters.

AbstractApplicationBuilder<T>
AbstractClientAppBaseAcquireTokenParameterBuilder<T>

Base class for parameter builders common to public client application and confidential client application token acquisition operations

AbstractConfidentialClientAcquireTokenParameterBuilder<T>

Base class for confidential client application token request builders

AbstractPublicClientAcquireTokenParameterBuilder<T>

Base class for public client application token request builders

AccountExtensions

Extension methods for IAccount

AccountId

An identifier for an account in a specific tenant. Returned by IAccount.HomeAccountId

AcquireTokenByAuthorizationCodeParameterBuilder

Builder for AcquireTokenByAuthorizationCode

AcquireTokenByIntegratedWindowsAuthParameterBuilder

Builder for AcquireTokenByIntegratedWindowsAuth

AcquireTokenByRefreshTokenParameterBuilder

Parameter builder for the AcquireTokenByRefreshToken(IEnumerable<String>, String) method. See https://aka.ms/msal-net-migration-adal2-msal2

AcquireTokenByUsernamePasswordParameterBuilder

Parameter builder for the Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByUsernamePassword(System.Collections.Generic.IEnumerable{System.String},System.String,System.Security.SecureString) operation. See https://aka.ms/msal-net-up

AcquireTokenForClientParameterBuilder

Builder for AcquireTokenForClient (used in client credential flows, in daemon applications). See https://aka.ms/msal-net-client-credentials

AcquireTokenInteractiveParameterBuilder

Builder for an Interactive token request. See https://aka.ms/msal-net-acquire-token-interactively

AcquireTokenOnBehalfOfParameterBuilder

Builder for AcquireTokenOnBehalfOf (OBO flow) See https://aka.ms/msal-net-on-behalf-of

AcquireTokenSilentParameterBuilder

Parameter builder for the Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount) operation. See https://aka.ms/msal-net-acquiretokensilent

AcquireTokenWithDeviceCodeParameterBuilder

Parameters builder for the Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenWithDeviceCode(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task}) operation. See https://aka.ms/msal-net-device-code-flow

ApplicationOptions

Base class for options objects with string values loadable from a configuration file (for instance a JSON file, as in an asp.net configuration scenario) See https://aka.ms/msal-net-application-configuration See also derived classes PublicClientApplicationOptions and ConfidentialClientApplicationOptions

AuthenticationResult

Contains the results of one token acquisition operation.

AuthenticationResultMetadata

Contains metadata of the authentication result. Metrics for additional MSAL-wide metrics.

ClientApplicationBase
ClientAssertionCertificate

Containing certificate used to create client assertion.

ClientCredential

Meant to be used in confidential client applications. Allows developers to pass either client secret or client assertion certificate of their application.

ConfidentialClientApplication

Class to be used for confidential client applications like Web Apps/API.

ConfidentialClientApplicationBuilder
ConfidentialClientApplicationOptions

Configuration options for a confidential client application (web app / web API / daemon app). See https://aka.ms/msal-net/application-configuration

DeviceCodeResult

This object is returned as part of the device code flow and has information intended to be shown to the user about where to navigate to login and what the device code needs to be entered on that device. See https://aka.ms/msal-device-code-flow.

EmbeddedWebViewOptions

Options for using the modern Windows embedded browser WebView2. For more details see https://aka.ms/msal-net-webview2

GetAuthorizationRequestUrlParameterBuilder

NOTE: a few of the methods in AbstractAcquireTokenParameterBuilder (e.g. account) don't make sense here. Do we want to create a further base that contains ALL of the common methods, and then have another one including account, etc that are only used for AcquireToken?

Logger

MSAL Logger class that allows developers to configure log level, configure callbacks etc.

Metrics

MSAL-wide metrics.

MsalClientException

This exception class represents errors that are local to the library or the device.

MsalError

Error code returned as a property in MsalException

MsalException

The exception type thrown when an error occurs during token acquisition.

MsalServiceException

The exception type thrown when service returns and error response or other networking errors occur.

MsalThrottledServiceException

Exception type thrown when MSAL detects that an application is trying to acquire a token too often, as a result of:

  • A previous request resulted in an HTTP response containing a Retry-After header which was not followed.
  • A previous request resulted in an HTTP 429 or 5xx, which indicates a problem with the server.

The properties of this exception are identical to the original exception

For more details see https://aka.ms/msal-net-throttling

MsalThrottledUiRequiredException

Exception type thrown when MSAL detects that an application is trying to acquire a token even though an MsalUiRequiredException was recently thrown. To mitigate this, when a MsalUiRequiredException is encountered, the application should switch to acquiring a token interactively. To better understand why the MsalUiRequiredException was thrown, inspect the Microsoft.Identity.Client.MsalUiRequiredException.Classification property.

The properties of this exception are identical to the original exception

For more details see https://aka.ms/msal-net-throttling

MsalUiRequiredException

This exception class is to inform developers that UI interaction is required for authentication to succeed.

OsCapabilitiesExtensions

Extension methods

PublicClientApplication

Class to be used for native applications (Desktop/UWP/iOS/Android).

PublicClientApplicationBuilder
PublicClientApplicationOptions

Configuration options for a public client application (desktop/mobile app). See https://aka.ms/msal-net/application-configuration

SystemWebViewOptions

Options for using the default OS browser as a separate process to handle interactive auth. MSAL will be listening for the OS browser to finish authenticating, but it cannot close the browser. It can however respond with a 200 OK message or a 302 Redirect, which can be configured here. For more details see https://aka.ms/msal-net-os-browser

Telemetry
TenantProfile

Represents an account in a specific tenant. The same account can exist in its home tenant and also as a guest in multiple other tenants. Access tokens and Id Tokens are tenant specific and this object provides high level information about all the ID tokens associated with the account.

TokenCache

Token cache class used by ConfidentialClientApplication and PublicClientApplication to store access and refresh tokens.

TokenCacheNotificationArgs

Contains parameters used by the MSAL call accessing the cache.

TraceTelemetryConfig

A simple ITelemetryConfig implementation that writes data using System.Diagnostics.Trace.

UIParent
UserAssertion

Credential type containing an assertion representing user credential.

WindowsBrokerOptions

Advanced options for using the Windows 10 broker. For more details see https://aka.ms/msal-net-wam

WwwAuthenticateParameters

Parameters returned by the WWW-Authenticate header. This allows for dynamic scenarios such as claim challenge, CAE, CA auth context. See https://aka.ms/msal-net/wwwAuthenticate.

Structs

Prompt

Structure containing static members that you can use to specify how the interactive overrides of AcquireTokenAsync in IPublicClientApplication should prompt the user.

UIBehavior

Indicates how AcquireToken should prompt the user.

Interfaces

IAccount

The IAccount interface represents information about a single account. The same user can be present in different tenants, that is, a user can have multiple accounts. An IAccount is returned in the AuthenticationResult.Microsoft.Identity.Client.AuthenticationResult.Account property, and can be used as parameters of PublicClientApplication and ConfidentialClientApplication methods acquiring tokens such as Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)

IAppConfig

Configuration properties used to build a public or confidential client application.

IByRefreshToken
IClientApplicationBase

Component containing common validation methods

IConfidentialClientApplication

Component to be used for confidential client applications like Web Apps/API.

IConfidentialClientApplicationWithCertificate

Component to be used with confidential client applications like web apps/APIs. This component supports Subject Name + Issuer authentication in order to help, in the future, Azure AD certificates rollover.

IMsalHttpClientFactory

Factory responsible for creating HttpClient .Net recommends to use a single instance of HttpClient.

IPublicClientApplication

Component to be used for native applications (Desktop/UWP/iOS/Android).

ITelemetryConfig
ITelemetryEventPayload

Data that represents a single snapshot in the series of events that are collected

ITokenCache

This is the interface that implements the public access to cache operations. With CacheV2, this should only be necessary if the caller is persisting the cache in their own store, since this will provide the serialize/deserialize and before/after notifications used in that scenario. See https://aka.ms/aka.ms/msal-net-token-cache-serialization

ITokenCacheSerializer

This interface will be available in TokenCacheNotificationArgs callback to enable serialization/deserialization of the cache.

IUser

Contains information of a single user. This information is used for token cache lookup and enforcing the user session on STS authorize endpont.

Enums

AadAuthorityAudience

Specifies which Microsoft accounts can be used for sign-in with a given application. See https://aka.ms/msal-net-application-configuration

AzureCloudInstance
LogLevel

Level of the log messages. For details see https://aka.ms/msal-net-logging

TelemetryAudienceType

Describes the types of audiences for telemetry. AudienceType

TokenSource

Specifies the source of the access and Id tokens in the authentication result.

UiRequiredExceptionClassification

Details about the cause of an MsalUiRequiredException, giving a hint about what the user can expect when they go through interactive authentication. See https://aka.ms/msal-net-UiRequiredException for details.

Delegates

LogCallback

Callback delegate that allows the developer to consume logs handle them in a custom manner.

Telemetry.Receiver
TokenCache.TokenCacheNotification

Notification for certain token cache interactions during token acquisition.

TokenCacheCallback

Notification for certain token cache interactions during token acquisition. This delegate is used in particular to provide a custom token cache serialization. See https://aka.ms/aka.ms/msal-net-token-cache-serialization