Class AcquireTokenSilentParameterBuilder

Namespace

Microsoft.Identity.Client

Assembly

Microsoft.Identity.Client.dll

Base class for parameter builders common to public client application and confidential client application token acquisition operations

public sealed class AcquireTokenSilentParameterBuilder : AbstractClientAppBaseAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>

Inheritance

object

BaseAbstractAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>

AbstractAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>

AbstractClientAppBaseAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>

AcquireTokenSilentParameterBuilder

Inherited Members

AbstractClientAppBaseAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>.ExecuteAsync(CancellationToken)

AbstractAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>.WithClaims(string)

AbstractAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>.WithExtraQueryParameters(string)

AbstractAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>.WithTenantId(string)

AbstractAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>.WithTenantIdFromAuthority(Uri)

AbstractAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>.WithAdfsAuthority(string, bool)

AbstractAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>.WithB2CAuthority(string)

BaseAbstractAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>.ExecuteAsync()

BaseAbstractAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>.WithCorrelationId(Guid)

BaseAbstractAcquireTokenParameterBuilder<AcquireTokenSilentParameterBuilder>.WithExtraQueryParameters(Dictionary<string, string>)

object.GetType()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Extension Methods

AcquireTokenParameterBuilderExtensions.WithExtraHttpHeaders<T>(AbstractAcquireTokenParameterBuilder<T>, IDictionary<string, string>)

AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest<T>(AbstractAcquireTokenParameterBuilder<T>, Func<OnBeforeTokenRequestData, Task>)

AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithAdditionalCacheParameters<T>(AbstractAcquireTokenParameterBuilder<T>, IEnumerable<string>)

AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId<T>(AbstractAcquireTokenParameterBuilder<T>, string, string)

SSHExtensions.WithSSHCertificateAuthenticationScheme(AcquireTokenSilentParameterBuilder, string, string)

Methods

Validate()

Validates the parameters of the AcquireToken operation.

protected override void Validate()

WithForceRefresh(bool)

Specifies if the client application should ignore access tokens when reading the token cache. Refresh tokens will still be used. Any new tokens from the Identity Provider will still be written to the token cache. By default the token is taken from the the user token cache (forceRefresh=false)

public AcquireTokenSilentParameterBuilder WithForceRefresh(bool forceRefresh)

Parameters

forceRefresh bool

If true, ignore any access token in the user token cache and attempt to acquire new access token using the refresh token for the account if one is available. This can be useful in the case when the application developer wants to make sure that conditional access policies are applied immediately, rather than after the expiration of the access token. The default is false

Returns

AcquireTokenSilentParameterBuilder

The builder to chain the .With methods

Remarks

Avoid unnecessarily setting forceRefresh to true true in order to avoid negatively affecting the performance of your application

WithProofOfPossession(PoPAuthenticationConfiguration)

Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token. PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows. See https://aka.ms/msal-net-pop

public AcquireTokenSilentParameterBuilder WithProofOfPossession(PoPAuthenticationConfiguration popAuthenticationConfiguration)

Parameters

popAuthenticationConfiguration PoPAuthenticationConfiguration

Configuration properties used to construct a Proof-of-Possession request.

Returns

AcquireTokenSilentParameterBuilder

Remarks

• An Authentication header is automatically added to the request.
• The PoP token is bound to the HTTP request, more specifically to the HTTP method (GET, POST, etc.) and to the Uri (path and query, but not query parameters).
• MSAL creates, reads and stores a key in memory that will be cycled every 8 hours.
• This is an experimental API. The method signature may change in the future without involving a major version upgrade.

WithProofOfPossession(string, HttpMethod, Uri)

Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token. PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows. Note that only the host and path parts of the request URI will be bound. See https://aka.ms/msal-net-pop

public AcquireTokenSilentParameterBuilder WithProofOfPossession(string nonce, HttpMethod httpMethod, Uri requestUri)

Parameters

nonce string

Nonce of the protected resource (RP) which will be published as part of the WWWAuthenticate header associated with a 401 HTTP response or as part of the AuthorityInfo header associated with 200 response. Set it here to make it part of the Signed HTTP Request part of the POP token.

httpMethod HttpMethod

The HTTP method ("GET", "POST" etc.) method that will be bound to the token. If set to null, the PoP token will not be bound to the method. Corresponds to the "m" part of the a signed HTTP request.

requestUri Uri

The URI to bind the signed HTTP request to.

Returns

AcquireTokenSilentParameterBuilder

The builder.

Remarks

• An Authentication header is automatically added to the request.
• The PoP token is bound to the HTTP request, more specifically to the HTTP method (GET, POST, etc.) and to the Uri (path and query, but not query parameters).
• MSAL creates, reads and stores a key in memory that will be cycled every 8 hours.
• On confidential clients, this is an experimental API. The method signature may change in the future without involving a major version upgrade.
• Broker is required to use Proof-of-Possession on public clients.

WithSendX5C(bool)

Applicable to first-party applications only, this method also allows to specify if the x5c claim should be sent to Azure AD. Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD: this method will send the certificate chain to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni

public AcquireTokenSilentParameterBuilder WithSendX5C(bool withSendX5C)

Parameters

withSendX5C bool

true if the x5c should be sent. Otherwise false. The default is false

Returns

AcquireTokenSilentParameterBuilder

The builder to chain the .With methods