Class AcquireTokenOnBehalfOfParameterBuilder

Namespace

Microsoft.Identity.Client

Assembly

Microsoft.Identity.Client.dll

Builder for AcquireTokenOnBehalfOf (OBO flow) See https://aka.ms/msal-net-on-behalf-of

public sealed class AcquireTokenOnBehalfOfParameterBuilder : AbstractConfidentialClientAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>

Inheritance

object

BaseAbstractAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>

AbstractAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>

AbstractConfidentialClientAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>

AcquireTokenOnBehalfOfParameterBuilder

Inherited Members

AbstractConfidentialClientAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>.ExecuteAsync(CancellationToken)

AbstractConfidentialClientAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>.WithProofOfPossession(PoPAuthenticationConfiguration)

AbstractAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>.WithClaims(string)

AbstractAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>.WithExtraQueryParameters(string)

AbstractAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>.WithTenantId(string)

AbstractAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>.WithTenantIdFromAuthority(Uri)

AbstractAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>.WithAdfsAuthority(string, bool)

AbstractAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>.WithB2CAuthority(string)

BaseAbstractAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>.ExecuteAsync()

BaseAbstractAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>.WithCorrelationId(Guid)

BaseAbstractAcquireTokenParameterBuilder<AcquireTokenOnBehalfOfParameterBuilder>.WithExtraQueryParameters(Dictionary<string, string>)

object.GetType()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Extension Methods

AcquireTokenParameterBuilderExtensions.WithExtraHttpHeaders<T>(AbstractAcquireTokenParameterBuilder<T>, IDictionary<string, string>)

AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest<T>(AbstractAcquireTokenParameterBuilder<T>, Func<OnBeforeTokenRequestData, Task>)

AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters<T>(AbstractAcquireTokenParameterBuilder<T>, IEnumerable<string>)

AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId<T>(AbstractAcquireTokenParameterBuilder<T>, string, string)

Methods

Validate()

Validates the parameters of the AcquireToken operation.

protected override void Validate()

Exceptions

MsalClientException

WithCcsRoutingHint(string)

To help with resiliency, the AAD backup authentication system operates as an AAD backup. This will provide the AAD backup authentication system with a routing hint to help improve performance during authentication.

public AcquireTokenOnBehalfOfParameterBuilder WithCcsRoutingHint(string userName)

Parameters

userName string

Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com

Returns

AcquireTokenOnBehalfOfParameterBuilder

The builder to chain the .With methods

WithCcsRoutingHint(string, string)

To help with resiliency, the AAD backup authentication system operates as an AAD backup. This will provide the AAD backup authentication system with a routing hint to help improve performance during authentication.

public AcquireTokenOnBehalfOfParameterBuilder WithCcsRoutingHint(string userObjectIdentifier, string tenantIdentifier)

Parameters

userObjectIdentifier string

GUID which is unique to the user, parsed from the client_info.

tenantIdentifier string

GUID format of the tenant ID, parsed from the client_info.

Returns

AcquireTokenOnBehalfOfParameterBuilder

The builder to chain the .With methods

WithForceRefresh(bool)

Specifies if the client application should ignore access tokens when reading the token cache. New tokens will still be written to the token cache. By default the token is taken from the the user token cache (forceRefresh=false)

public AcquireTokenOnBehalfOfParameterBuilder WithForceRefresh(bool forceRefresh)

Parameters

forceRefresh bool

If true, ignore any access token in the user token cache and attempt to acquire new access token using the refresh token for the account if one is available. The default is false

Returns

AcquireTokenOnBehalfOfParameterBuilder

The builder to chain the .With methods

Remarks

Do not use this flag except in well understood cases. Identity Providers will throttle clients that issue too many similar token requests.

WithSendX5C(bool)

Applicable to first-party applications only, this method also allows to specify if the x5c claim should be sent to Azure AD. Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD: this method will send the certificate chain to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni

public AcquireTokenOnBehalfOfParameterBuilder WithSendX5C(bool withSendX5C)

Parameters

withSendX5C bool

true if the x5c should be sent. Otherwise false. The default is false

Returns

AcquireTokenOnBehalfOfParameterBuilder

The builder to chain the .With methods