Microsoft.Identity.Client.2.5.0-preview/Microsoft.Identity.Client.xml
|
<?xml version="1.0"?>
<doc> <assembly> <name>Microsoft.Identity.Client</name> </assembly> <members> <member name="T:Microsoft.Identity.Client.Account"> <summary> Contains information of a single account. A user can be present in multiple directories and thus have multiple accounts. This information is used for token cache lookup and enforcing the user session on the STS authorize endpoint. </summary> </member> <member name="M:Microsoft.Identity.Client.Account.#ctor(System.String,System.String,System.String)"> <summary> Constructor </summary> <param name="homeAccountId">Home account id in "uid.utid" format; can be null, for example when migrating the ADAL v3 cache</param> <param name="username">UPN style , can be null</param> <param name="environment">Identity provider for this account, e.g. <c>login.microsoftonline.com</c></param> </member> <member name="T:Microsoft.Identity.Client.AccountId"> <summary> An identifier for an account in a specific tenant. Returned by <see cref="P:IAccount.HomeAccountId"/> </summary> </member> <member name="P:Microsoft.Identity.Client.AccountId.Identifier"> <summary> Unique identifier for the account </summary> <remarks> For Azure AD, the identifier is the concatenation of <see cref="P:Microsoft.Identity.Client.AccountId.ObjectId"/> and <see cref="P:Microsoft.Identity.Client.AccountId.TenantId"/> separated by a dot. Contrary to what was happening in ADAL.NET, these two segments are no longer base64 encoded. </remarks> </member> <member name="P:Microsoft.Identity.Client.AccountId.ObjectId"> <summary> For Azure AD, a string representation for a Guid which is the Object ID of the user owning the account in the tenant </summary> </member> <member name="P:Microsoft.Identity.Client.AccountId.TenantId"> <summary> For Azure AD, a string representation for a Guid, which is the ID of the tenant where the account resides. </summary> </member> <member name="M:Microsoft.Identity.Client.AccountId.#ctor(System.String,System.String,System.String)"> <summary> Constructor of an AccountId </summary> <param name="identifier">Unique identifier for the account.</param> <param name="objectId">A string representation for a GUID which is the ID of the user owning the account in the tenant</param> <param name="tenantId">A string representation for a GUID, which is the ID of the tenant where the account resides</param> </member> <member name="M:Microsoft.Identity.Client.AccountId.Equals(System.Object)"> <summary> Two accounts are equal when their <see cref="P:Microsoft.Identity.Client.AccountId.Identifier"/> properties match </summary> </member> <member name="M:Microsoft.Identity.Client.AccountId.GetHashCode"> <summary> GetHashCode implementation to match <see cref="M:Microsoft.Identity.Client.AccountId.Equals(System.Object)"/> </summary> </member> <member name="M:Microsoft.Identity.Client.AccountId.ToString"> <summary> Textual description of an <see cref="T:Microsoft.Identity.Client.AccountId"/> </summary> </member> <member name="T:Microsoft.Identity.Client.AuthenticationResult"> <summary> Contains the results of one token acquisition operation in <see cref="T:Microsoft.Identity.Client.PublicClientApplication"/> or <see cref="T:ConfidentialClientApplication"/>. For details see https://aka.ms/msal-net-authenticationresult </summary> </member> <member name="M:Microsoft.Identity.Client.AuthenticationResult.#ctor(System.String,System.Boolean,System.String,System.DateTimeOffset,System.DateTimeOffset,System.String,Microsoft.Identity.Client.IAccount,System.String,System.Collections.Generic.IEnumerable{System.String})"> <summary> Constructor meant to help application developers test their apps. Allows mocking of authentication flows. App developers should never new-up <see cref="T:Microsoft.Identity.Client.AuthenticationResult"/> in product code. </summary> </member> <member name="P:Microsoft.Identity.Client.AuthenticationResult.AccessToken"> <summary> Access Token that can be used as a bearer token to access protected web APIs </summary> </member> <member name="P:Microsoft.Identity.Client.AuthenticationResult.IsExtendedLifeTimeToken"> <summary> In case when Azure AD has an outage, to be more resilient, it can return tokens with an expiration time, and also with an extended expiration time. The tokens are then automatically refreshed by MSAL when the time is more than the expiration time, except when ExtendedLifeTimeEnabled is true and the time is less than the extended expiration time. This goes in pair with Web APIs middleware which, when this extended life time is enabled, can accept slightly expired tokens. Client applications accept extended life time tokens only if the ExtendedLifeTimeEnabled Boolean is set to true on ClientApplicationBase. </summary> </member> <member name="P:Microsoft.Identity.Client.AuthenticationResult.UniqueId"> <summary> Gets the Unique Id of the account. It can be null. When the <see cref="P:Microsoft.Identity.Client.AuthenticationResult.IdToken"/> is not <c>null</c>, this is its ID, that is its ObjectId claim, or if that claim is <c>null</c>, the Subject claim. </summary> </member> <member name="P:Microsoft.Identity.Client.AuthenticationResult.ExpiresOn"> <summary> Gets the point in time in which the Access Token returned in the <see cref="P:Microsoft.Identity.Client.AuthenticationResult.AccessToken"/> property ceases to be valid. This value is calculated based on current UTC time measured locally and the value expiresIn received from the service. </summary> </member> <member name="P:Microsoft.Identity.Client.AuthenticationResult.ExtendedExpiresOn"> <summary> Gets the point in time in which the Access Token returned in the AccessToken property ceases to be valid in MSAL's extended LifeTime. This value is calculated based on current UTC time measured locally and the value ext_expiresIn received from the service. </summary> </member> <member name="P:Microsoft.Identity.Client.AuthenticationResult.TenantId"> <summary> Gets an identifier for the Azure AD tenant from which the token was acquired. This property will be null if tenant information is not returned by the service. </summary> </member> <member name="P:Microsoft.Identity.Client.AuthenticationResult.Account"> <summary> Gets the account information. Some elements in <see cref="T:Microsoft.Identity.Client.IAccount"/> might be null if not returned by the service. The account can be passed back in some API overloads to identify which account should be used such as <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> or <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.RemoveAsync(Microsoft.Identity.Client.IAccount)"/> for instance </summary> </member> <member name="P:Microsoft.Identity.Client.AuthenticationResult.IdToken"> <summary> Gets the Id Token if returned by the service or null if no Id Token is returned. </summary> </member> <member name="P:Microsoft.Identity.Client.AuthenticationResult.Scopes"> <summary> Gets the granted scope values returned by the service. </summary> </member> <member name="M:Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader"> <summary> Creates the content for an HTTP authorization header from this authentication result, so that you can call a protected API </summary> <returns>Created authorization header of the form "Bearer {AccessToken}"</returns> <example> Here is how you can call a protected API from this authentication result (in the <c>result</c> variable): <code> HttpClient client = new HttpClient(); client.DefaultRequestHeaders.Add("Authorization", result.CreateAuthorizationHeader()); HttpResponseMessage r = await client.GetAsync(urlOfTheProtectedApi); </code> </example> </member> <member name="P:Microsoft.Identity.Client.AuthenticationResult.User"> <summary> In MSAL.NET 1.x, returned the user who signed in to get the authentication result. From MSAL 2.x rather use <see cref="P:Microsoft.Identity.Client.AuthenticationResult.Account"/> instead. See https://aka.ms/msal-net-2-released for more details. </summary> </member> <member name="T:Microsoft.Identity.Client.ClientApplicationBase"> <Summary> Abstract class containing common API methods and properties. Both <see cref="T:Microsoft.Identity.Client.PublicClientApplication"/> and <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> extend this class. For details see https://aka.ms/msal-net-client-applications </Summary> <Summary> Abstract class containing common API methods and properties. Both <see cref="T:PublicClientApplication"/> and <see cref="T:ConfidentialClientApplication"/> extend this class. For details see https://aka.ms/msal-net-client-applications </Summary> </member> <member name="F:Microsoft.Identity.Client.ClientApplicationBase.DefaultAuthority"> <Summary> Default Authority used for interactive calls. </Summary> </member> <member name="M:Microsoft.Identity.Client.ClientApplicationBase.#ctor(System.String,System.String,System.String,System.Boolean,Microsoft.Identity.Core.Http.IHttpManager,Microsoft.Identity.Core.Telemetry.ITelemetryManager)"> <summary> Constructor of the base application </summary> <param name="clientId">Client ID (also known as <i>Application ID</i>) of the application as registered in the application registration portal (https://aka.ms/msal-net-register-app)</param> <param name="authority">URL of the security token service (STS) from which MSAL.NET will acquire the tokens. Usual authorities endpoints for the Azure public Cloud are: <list type="bullet"> <item><description><c>https://login.microsoftonline.com/tenant/</c> where <c>tenant</c> is the tenant ID of the Azure AD tenant or a domain associated with this Azure AD tenant, in order to sign-in users of a specific organization only</description></item> <item><description><c>https://login.microsoftonline.com/common/</c> to sign-in users with any work and school accounts or Microsoft personal account</description></item> <item><description><c>https://login.microsoftonline.com/organizations/</c> to sign-in users with any work and school accounts</description></item> <item><description><c>https://login.microsoftonline.com/consumers/</c> to sign-in users with only personal Microsoft accounts (live)</description></item> </list> Note that this setting needs to be consistent with what is declared in the application registration portal </param> <param name="redirectUri">also named <i>Reply URI</i>, the redirect URI is the URI where the STS will call back the application with the security token. For details see https://aka.ms/msal-net-client-applications</param> <param name="validateAuthority">Boolean telling MSAL.NET if the authority needs to be verified against a list of known authorities. This should be set to <c>false</c> for Azure AD B2C authorities as those are customer specific (a list of known B2C authorities cannot be maintained by MSAL.NET</param> <param name="httpManager"></param> <param name="telemetryManager"></param> </member> <member name="P:Microsoft.Identity.Client.ClientApplicationBase.Component"> <summary> Identifier of the component (libraries/SDK) consuming MSAL.NET. This will allow for disambiguation between MSAL usage by the app vs MSAL usage by component libraries. </summary> </member> <member name="P:Microsoft.Identity.Client.ClientApplicationBase.Authority"> <Summary> Gets the URL of the authority, or security token service (STS) from which MSAL.NET will acquire security tokens The return value of this property is either the value provided by the developer in the constructor of the application, or otherwise the value of the <see cref="F:Microsoft.Identity.Client.ClientApplicationBase.DefaultAuthority"/> static member (that is <c>https://login.microsoftonline.com/common/</c>) </Summary> </member> <member name="P:Microsoft.Identity.Client.ClientApplicationBase.ClientId"> <summary> Gets the Client ID (also known as <i>Application ID</i>) of the application as registered in the application registration portal (https://aka.ms/msal-net-register-app) and as passed in the constructor of the application </summary> </member> <member name="P:Microsoft.Identity.Client.ClientApplicationBase.RedirectUri"> <summary> The redirect URI (also known as Reply URI or Reply URL), is the URI at which Azure AD will contact back the application with the tokens. This redirect URI needs to be registered in the app registration (https://aka.ms/msal-net-register-app). In MSAL.NET, <see cref="T:PublicClientApplication"/> define the following default RedirectUri values: <list type="bullet"> <item><description><c>urn:ietf:wg:oauth:2.0:oob</c> for desktop (.NET Framework and .NET Core) applications</description></item> <item><description><c>msal{ClientId}</c> for Xamarin iOS and Xamarin Android (as this will be used by the system web browser by default on these platforms to call back the application) </description></item> </list> These default URIs could change in the future. In <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>, this can be the URL of the Web application / Web API. </summary> <remarks>This is especially important when you deploy an application that you have initially tested locally; you then need to add the reply URL of the deployed application in the application registration portal</remarks> </member> <member name="P:Microsoft.Identity.Client.ClientApplicationBase.SliceParameters"> <summary> Sets or Gets a custom query parameters that may be sent to the STS for dogfood testing or debugging. This is a string of segments of the form <c>key=value</c> separated by an ampersand character. Unless requested otherwise by Microsoft support, this parameter should not be set by application developers as it may have adverse effect on the application. This property is also concatenated to the <c>extraQueryParameter</c> parameters of token acquisition operations. </summary> </member> <member name="P:Microsoft.Identity.Client.ClientApplicationBase.UserTokenCache"> <Summary> Token Cache instance for storing User tokens. </Summary> </member> <member name="P:Microsoft.Identity.Client.ClientApplicationBase.ValidateAuthority"> <summary> Gets/sets a boolean value telling the application if the authority needs to be verified against a list of known authorities. The default value is <c>true</c>. It should currently be set to <c>false</c> for Azure AD B2C authorities as those are customer specific (a list of known B2C authorities cannot be maintained by MSAL.NET). This property can be set just after the construction of the application and before an operation acquiring a token or interacting with the STS. </summary> </member> <member name="P:Microsoft.Identity.Client.ClientApplicationBase.ExtendedLifeTimeEnabled"> <summary> ExtendedLifeTimeEnabled is a Boolean that first party applications (read Office) can set to true in case when the STS has an outage, to be more resilient. </summary> </member> <member name="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountsAsync"> <summary> Returns all the available <see cref="T:Microsoft.Identity.Client.IAccount">accounts</see> in the user token cache for the application. </summary> </member> <member name="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountAsync(System.String)"> <summary> Get the <see cref="T:Microsoft.Identity.Client.IAccount"/> by its identifier among the accounts available in the token cache. </summary> <param name="accountId">Account identifier. The identifier is typically value of the <see cref="P:Microsoft.Identity.Client.AccountId.Identifier"/> property of <see cref="T:Microsoft.Identity.Client.AccountId"/>. You typically get the account id from an <see cref="T:Microsoft.Identity.Client.IAccount"/> by using the <see cref="P:Microsoft.Identity.Client.IAccount.HomeAccountId"/> property> </param> </member> <member name="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"> <summary> Attempts to acquire an access token for the <paramref name="account"/> from the user token cache. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account for which the token is requested. <see cref="T:Microsoft.Identity.Client.IAccount"/></param> <returns>An <see cref="T:Microsoft.Identity.Client.AuthenticationResult"/> containing the requested token</returns> <exception cref="T:Microsoft.Identity.Client.MsalUiRequiredException">can be thrown in the case where an interaction is required with the end user of the application, for instance so that the user consents, or re-signs-in (for instance if the password expired), or performs two factor authentication</exception> <remarks> The access token is considered a match if it contains <b>at least</b> all the requested scopes. This means that an access token with more scopes than requested could be returned as well. If the access token is expired or close to expiration (within a 5 minute window), then the cached refresh token (if available) is used to acquire a new access token by making a silent network call. See https://aka.ms/msal-net-acquiretokensilent for more details </remarks> </member> <member name="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,System.String,System.Boolean)"> <summary> Attempts to acquire an access token for the <paramref name="account"/> from the user token cache, with advanced parameters controlling network call. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account for which the token is requested. <see cref="T:Microsoft.Identity.Client.IAccount"/></param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured in the application constructor narrows down the selection to a specific tenant. This does not change the configured value in the application. This is specific to applications managing several accounts (like a mail client with several mailboxes)</param> <param name="forceRefresh">If <c>true</c>, ignore any access token in the cache and attempt to acquire new access token using the refresh token for the account if this one is available. This can be useful in the case when the application developer wants to make sure that conditional access policies are applied immediately, rather than after the expiration of the access token</param> <returns>An <see cref="T:Microsoft.Identity.Client.AuthenticationResult"/> containing the requested access token</returns> <exception cref="T:Microsoft.Identity.Client.MsalUiRequiredException">can be thrown in the case where an interaction is required with the end user of the application, for instance, if no refresh token was in the cache, or the user needs to consent, or re-sign-in (for instance if the password expired), or performs two factor authentication</exception> <remarks> The access token is considered a match if it contains <b>at least</b> all the requested scopes. This means that an access token with more scopes than requested could be returned as well. If the access token is expired or close to expiration (within a 5 minute window), then the cached refresh token (if available) is used to acquire a new access token by making a silent network call. See https://aka.ms/msal-net-acquiretokensilent for more details </remarks> </member> <member name="M:Microsoft.Identity.Client.ClientApplicationBase.RemoveAsync(Microsoft.Identity.Client.IAccount)"> <summary> Removes all tokens in the cache for the specified account. </summary> <param name="account">Instance of the account that needs to be removed</param> </member> <member name="P:Microsoft.Identity.Client.ClientApplicationBase.Users"> <summary> In MSAL 1.x returned an enumeration of <see cref="T:Microsoft.Identity.Client.IUser"/>. From MSAL 2.x, use <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountsAsync"/> instead. See https://aka.ms/msal-net-2-released for more details. </summary> </member> <member name="M:Microsoft.Identity.Client.ClientApplicationBase.GetUser(System.String)"> <summary> In MSAL 1.x, return a user from its identifier. From MSAL 2.x, use <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountsAsync"/> instead. See https://aka.ms/msal-net-2-released for more details. </summary> <param name="identifier">Identifier of the user to retrieve</param> <returns>the user in the cache with the identifier passed as an argument</returns> </member> <member name="M:Microsoft.Identity.Client.ClientApplicationBase.Remove(Microsoft.Identity.Client.IUser)"> <summary> In MSAL 1.x removed a user from the cache. From MSAL 2.x, use <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.RemoveAsync(Microsoft.Identity.Client.IAccount)"/> instead. See https://aka.ms/msal-net-2-released for more details. </summary> <param name="user">User to remove from the cache</param> </member> <member name="T:Microsoft.Identity.Client.MsalClientException"> <summary> This exception class represents errors that are local to the library or the device. Contrary to <see cref="T:Microsoft.Identity.Client.MsalServiceException"/> which represent errors happening from the Azure AD service or the network. For more details, see https://aka.ms/msal-net-exceptions </summary> </member> <member name="F:Microsoft.Identity.Client.MsalClientException.MultipleTokensMatchedError"> <summary> Multiple Tokens were matched. <para>What happens?</para>This exception happens in the case of applications managing several identitities, when calling <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> or one of its overrides and the user token cache contains multiple tokens for this client application and the the specified Account, but from different authorities. <para>Mitigation [App Development]</para>specify the authority to use in the acquire token operation </summary> </member> <member name="F:Microsoft.Identity.Client.MsalClientException.NonHttpsRedirectNotSupported"> <summary> Non HTTPS redirects are not supported <para>What happens?</para>This error happens when you have registered a non-https redirect URI for the public client application other than <c>urn:ietf:wg:oauth:2.0:oob</c> <para>Mitigation [App registration and development]</para>Register in the application a Reply URL starting with "https://" </summary> </member> <member name="F:Microsoft.Identity.Client.MsalClientException.NetworkNotAvailableError"> <summary> The request could not be preformed because the network is down. <para>Mitigation [App development]</para> In the application you could either inform the user that there are network issues or retry later </summary> </member> <member name="F:Microsoft.Identity.Client.MsalClientException.DuplicateQueryParameterError"> <summary> Duplicate query parameter was found in extraQueryParameters. <para>What happens?</para> You have used <see cref="P:Microsoft.Identity.Client.ClientApplicationBase.SliceParameters"/> or the <c>extraQueryParameter</c> of overrides of token acquisition operations in public client and confidential client application and are passing a parameter which is already present in the URL (either because you had it in another way, or the library added it). <para>Mitigation [App Development]</para> RemoveAccount the duplicate parameter from <see cref="P:Microsoft.Identity.Client.ClientApplicationBase.SliceParameters"/> or the token acquisition override. </summary> <seealso cref="P:ClientApplicationBase.SliceParameters"/> <seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.GetAuthorizationRequestUrlAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.String,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)"/> </member> <member name="F:Microsoft.Identity.Client.MsalClientException.AuthenticationUiFailedError"> <summary> The request could not be performed because of a failure in the UI flow. <para>What happens?</para>The library failed to invoke the Web View required to perform interactive authentication. The exception might include the reason <para>Mitigation</para>If the exception includes the reason, you could inform the user. This might be, for instance, a browser implementing chrome tabs is missing on the Android phone (that's only an example: this exception can apply to other platforms as well) </summary> </member> <member name="F:Microsoft.Identity.Client.MsalClientException.AuthenticationCanceledError"> <summary> Authentication canceled. <para>What happens?</para>The user had canceled the authentication, for instance by closing the authentication dialog <para>Mitigation</para>None, you cannot get a token to call the protected API. You might want to inform the user </summary> </member> <member name="F:Microsoft.Identity.Client.MsalClientException.JsonParseError"> <summary> JSON parsing failed. <para>What happens?</para>A Json blob read from the token cache or received from the STS was not parseable. This can happen when reading the token cache, or receiving an IDToken from the STS. <para>Mitigation</para>Make sure that the token cache was not tampered </summary> </member> <member name="F:Microsoft.Identity.Client.MsalClientException.InvalidJwtError"> <summary> JWT was invalid. <para>What happens?</para>The library expected a JWT (for instance a token from the cache, or received from the STS), but the format is invalid <para>Mitigation</para>Make sure that the token cache was not tampered </summary> </member> <member name="F:Microsoft.Identity.Client.MsalClientException.StateMismatchError"> <summary> State returned from the STS was different from the one sent by the library <para>What happens?</para>The library sends to the STS a state associated to a request, and expects the reply to be consistent. This errors indicates that the reply is not associated with the request. This could indicate an attempt to replay a response <para>Mitigation</para> None </summary> </member> <member name="F:Microsoft.Identity.Client.MsalClientException.TenantDiscoveryFailedError"> <summary> Tenant discovery failed. <para>What happens?</para>While reading the openid configuration associated with the authority, the Authorize endpoint, or Token endpoint, or the Issuer was not found <para>Mitigation</para>This indicates and authority which is not Open ID Connect compliant. Specify a different authority in the constructor of the application, or the token acquisition override /// </summary> </member> <member name="F:Microsoft.Identity.Client.MsalClientException.PlatformNotSupported"> <summary> The library is loaded on a platform which is not supported. </summary> </member> <member name="M:Microsoft.Identity.Client.MsalClientException.#ctor(System.String)"> <summary> Initializes a new instance of the exception class with a specified error code. </summary> <param name="errorCode"> The error code returned by the service or generated by client. This is the code you can rely on for exception handling.</param> </member> <member name="M:Microsoft.Identity.Client.MsalClientException.#ctor(System.String,System.String)"> <summary> Initializes a new instance of the exception class with a specified error code and error message. </summary> <param name="errorCode"> The error code returned by the service or generated by client. This is the code you can rely on for exception handling. </param> <param name="errorMessage">The error message that explains the reason for the exception.</param> </member> <member name="M:Microsoft.Identity.Client.MsalClientException.#ctor(System.String,System.String,System.Exception)"> <summary> Initializes a new instance of the exception class with a specified error code, error message and inner exception. </summary> <param name="errorCode"> The error code returned by the service or generated by client. This is the code you can rely on for exception handling. </param> <param name="errorMessage">The error message that explains the reason for the exception.</param> <param name="innerException"></param> </member> <member name="T:Microsoft.Identity.Client.MsalError"> <summary> Error code returned as a property in MsalException </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.AuthenticationFailed"> <summary> Authentication failed. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.AuthorityValidationFailed"> <summary> Authority validation failed. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.InvalidOwnerWindowType"> <summary> Invalid owner window type. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.InvalidAuthorityType"> <summary> Invalid authority type. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.InvalidServiceUrl"> <summary> Invalid service URL. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.EncodedTokenTooLong"> <summary> Encoded token too long. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.NoDataFromSts"> <summary> No data from STS. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.UserMismatch"> <summary> User Mismatch. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.FailedToRefreshToken"> <summary> Failed to refresh token. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.RedirectUriValidationFailed"> <summary> RedirectUri validation failed. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.AuthenticationUiFailed"> <summary> The request could not be preformed because of an unknown failure in the UI flow. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.NonHttpsRedirectNotSupported"> <summary> Non https redirect failed </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.InternalError"> <summary> Internal error </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.AccessingWsMetadataExchangeFailed"> <summary> Accessing WS Metadata Exchange Failed. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.FederatedServiceReturnedError"> <summary> Federated service returned error. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.UserRealmDiscoveryFailed"> <summary> User Realm Discovery Failed. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.MissingFederationMetadataUrl"> <summary> Federation Metadata Url is missing for federated user. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.ParsingWsMetadataExchangeFailed"> <summary> Parsing WS Metadata Exchange Failed. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.WsTrustEndpointNotFoundInMetadataDocument"> <summary> WS-Trust Endpoint Not Found in Metadata Document. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.ParsingWsTrustResponseFailed"> <summary> Parsing WS-Trust Response Failed. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.UnknownUserType"> <summary> Unknown User Type. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.UnknownUser"> <summary> Unknown User. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.GetUserNameFailed"> <summary> Failed to get user name. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.PasswordRequiredForManagedUserError"> <summary> Password is required for managed user. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.InvalidRequest"> <summary> Request is invalid. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.UapCannotFindDomainUser"> <summary> Cannot access the user from the OS (UWP) </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.UapCannotFindUpn"> <summary> Cannot get the user from the OS (UWP) </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.NonParsableOAuthError"> <summary> An error response was returned by the OAuth2 server and it could not be parsed </summary> </member> <member name="F:Microsoft.Identity.Client.MsalError.CodeExpired"> <summary> In the context of Device code flow (See https://aka.ms/msal-net-device-code-flow), this error happens when the device code expired before the user signed-in on another device (this is usually after 15 mins). Mitigation: None. Inform the user that they took too long to sign-in at the provided URL and enter the provided code. </summary> </member> <member name="T:Microsoft.Identity.Client.MsalException"> <summary> Base exception type thrown when an error occurs during token acquisition. For more details, see https://aka.ms/msal-net-exceptions </summary> <remarks>Avoid throwing this exception. Instead throw the more specialized <see cref="T:Microsoft.Identity.Client.MsalClientException"/> or <see cref="T:Microsoft.Identity.Client.MsalServiceException"/> </remarks> </member> <member name="F:Microsoft.Identity.Client.MsalException.UnknownError"> <summary> Unknown Error occured. <para>Mitigation</para> None. You might want to inform the end user. </summary> </member> <member name="M:Microsoft.Identity.Client.MsalException.#ctor"> <summary> Initializes a new instance of the exception class. </summary> </member> <member name="M:Microsoft.Identity.Client.MsalException.#ctor(System.String)"> <summary> Initializes a new instance of the exception class with a specified error code. </summary> <param name="errorCode"> The error code returned by the service or generated by client. This is the code you can rely on for exception handling. </param> </member> <member name="M:Microsoft.Identity.Client.MsalException.#ctor(System.String,System.String)"> <summary> Initializes a new instance of the exception class with a specified error code and error message. </summary> <param name="errorCode"> The error code returned by the service or generated by client. This is the code you can rely on for exception handling. </param> <param name="errorMessage">The error message that explains the reason for the exception.</param> </member> <member name="M:Microsoft.Identity.Client.MsalException.#ctor(System.String,System.String,System.Exception)"> <summary> Initializes a new instance of the exception class with a specified error code and a reference to the inner exception that is the cause of this exception. </summary> <param name="errorCode"> The error code returned by the service or generated by client. This is the code you can rely on for exception handling. </param> <param name="errorMessage">The error message that explains the reason for the exception.</param> <param name="innerException"> The exception that is the cause of the current exception, or a null reference if no inner exception is specified. </param> </member> <member name="P:Microsoft.Identity.Client.MsalException.ErrorCode"> <summary> Gets the protocol error code returned by the service or generated by client. This is the code you can rely on for exception handling. Values for this code are typically provided in constant strings in the derived exceptions types with explanations of mitigation. </summary> </member> <member name="M:Microsoft.Identity.Client.MsalException.ToString"> <summary> Creates and returns a string representation of the current exception. </summary> <returns>A string representation of the current exception.</returns> </member> <member name="T:Microsoft.Identity.Client.MsalExceptionFactory"> <summary> Implementation of the <see cref="T:Microsoft.Identity.Core.CoreExceptionFactory"/> that throws <see cref="T:Microsoft.Identity.Client.MsalException"/> </summary> </member> <member name="M:Microsoft.Identity.Client.MsalExceptionFactory.GetClientException(System.String,System.String,System.Exception)"> <summary> Throws an MsalClient exception </summary> <param name="errorCode">The error code</param> <param name="errorMessage">A user friendly message</param> <param name="innerException">Optionally an inner exception</param> <remarks>The error code should be made available in MSAL through a public constant</remarks> </member> <member name="M:Microsoft.Identity.Client.MsalExceptionFactory.GetServiceException(System.String,System.String,Microsoft.Identity.Core.Http.IHttpWebResponse)"> <summary> Throws an <see cref="T:Microsoft.Identity.Client.MsalClientException"/> exception </summary> <param name="errorCode">The error code</param> <param name="errorMessage">A user friendly message</param> <param name="httpResponse"></param> </member> <member name="M:Microsoft.Identity.Client.MsalExceptionFactory.GetServiceException(System.String,System.String,Microsoft.Identity.Core.ExceptionDetail)"> <summary> Throws an <see cref="T:Microsoft.Identity.Client.MsalClientException"/> exception </summary> <param name="errorCode">The error code</param> <param name="errorMessage">A user friendly message</param> <param name="exceptionDetail">More exception params</param> </member> <member name="M:Microsoft.Identity.Client.MsalExceptionFactory.GetServiceException(System.String,System.String,System.Exception,Microsoft.Identity.Core.ExceptionDetail)"> <summary> Throw an <see cref="T:Microsoft.Identity.Client.MsalServiceException"/> exception </summary> </member> <member name="M:Microsoft.Identity.Client.MsalExceptionFactory.GetUiRequiredException(System.String,System.String,System.Exception,Microsoft.Identity.Core.ExceptionDetail)"> <summary> Throw an <see cref="T:Microsoft.Identity.Client.MsalUiRequiredException"/> </summary> </member> <member name="T:Microsoft.Identity.Client.MsalServiceException"> <summary> Exception type thrown when service returns an error response or other networking errors occur. For more details, see https://aka.ms/msal-net-exceptions </summary> </member> <member name="F:Microsoft.Identity.Client.MsalServiceException.ServiceNotAvailable"> <summary> Service is unavailable and returned HTTP error code within the range of 500-599 <para>Mitigation</para> you can retry after a delay. Note that the retry-after header is not yet surfaced in MSAL.NET (on the backlog) </summary> </member> <member name="F:Microsoft.Identity.Client.MsalServiceException.RequestTimeout"> <summary> The Http Request to the STS timed out. <para>Mitigation</para> you can retry after a delay. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalServiceException.UpnRequired"> <summary> Upn required <para>What happens?</para> An override of a token acquisition operation was called in <see cref="T:PublicClientApplication"/> which takes a <c>loginHint</c> as a parameters, but this login hint was not using the UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c> expected by the service <para>Remediation</para> Make sure in your code that you enforce <c>loginHint</c> to be a UPN </summary> </member> <member name="F:Microsoft.Identity.Client.MsalServiceException.MissingPassiveAuthEndpoint"> <summary> No passive auth endpoint was found in the OIDC configuration of the authority <para>What happens?</para> When the libraries go to the authority and get its open id connect configuration it expects to find a Passive Auth Endpoint entry, and could not find it. <para>remediation</para> Check that the authority configured for the application, or passed on some overrides of token acquisition tokens supporting authority override is correct </summary> </member> <member name="F:Microsoft.Identity.Client.MsalServiceException.InvalidAuthority"> <summary> Invalid authority <para>What happens</para> When the library attempts to discover the authority and get the endpoints it needs to acquire a token, it got an un-authorize HTTP code or an unexpected response <para>remediation</para> Check that the authority configured for the application, or passed on some overrides of token acquisition tokens supporting authority override is correct </summary> </member> <member name="M:Microsoft.Identity.Client.MsalServiceException.#ctor(System.String,System.String)"> <summary> Initializes a new instance of the exception class with a specified error code, error message and a reference to the inner exception that is the cause of this exception. </summary> <param name="errorCode"> The protocol error code returned by the service or generated by client. This is the code you can rely on for exception handling. </param> <param name="errorMessage">The error message that explains the reason for the exception.</param> </member> <member name="M:Microsoft.Identity.Client.MsalServiceException.#ctor(System.String,System.String,System.Int32)"> <summary> Initializes a new instance of the exception class with a specified error code, error message and a reference to the inner exception that is the cause of this exception. </summary> <param name="errorCode"> The protocol error code returned by the service or generated by the client. This is the code you can rely on for exception handling. </param> <param name="errorMessage">The error message that explains the reason for the exception.</param> <param name="statusCode">Status code of the resposne received from the service.</param> </member> <member name="M:Microsoft.Identity.Client.MsalServiceException.#ctor(System.String,System.String,System.Exception)"> <summary> Initializes a new instance of the exception class with a specified error code, error message and a reference to the inner exception that is the cause of this exception. </summary> <param name="errorCode"> The protocol error code returned by the service or generated by the client. This is the code you can rely on for exception handling. </param> <param name="errorMessage">The error message that explains the reason for the exception.</param> <param name="innerException"> The exception that is the cause of the current exception, or a null reference if no inner exception is specified. </param> </member> <member name="M:Microsoft.Identity.Client.MsalServiceException.#ctor(System.String,System.String,System.Int32,System.Exception)"> <summary> Initializes a new instance of the exception class with a specified error code, error message and a reference to the inner exception that is the cause of this exception. </summary> <param name="errorCode"> The protocol error code returned by the service or generated by the client. This is the code you can rely on for exception handling. </param> <param name="errorMessage">The error message that explains the reason for the exception.</param> <param name="statusCode">Status code of the resposne received from the service.</param> <param name="innerException"> The exception that is the cause of the current exception, or a null reference if no inner exception is specified. </param> </member> <member name="M:Microsoft.Identity.Client.MsalServiceException.#ctor(System.String,System.String,System.Int32,System.String,System.Exception)"> <summary> Initializes a new instance of the exception class with a specified error code, error message and a reference to the inner exception that is the cause of this exception. </summary> <param name="errorCode"> The protocol error code returned by the service or generated by the client. This is the code you can rely on for exception handling. </param> <param name="errorMessage">The error message that explains the reason for the exception.</param> <param name="statusCode">The status code of the request.</param> <param name="claims">The claims challenge returned back from the service.</param> <param name="innerException"> The exception that is the cause of the current exception, or a null reference if no inner exception is specified. </param> </member> <member name="P:Microsoft.Identity.Client.MsalServiceException.StatusCode"> <summary> Gets the status code returned from http layer. This status code is either the <c>HttpStatusCode</c> in the inner <see cref="T:System.Net.Http.HttpRequestException"/> response or the the NavigateError Event Status Code in a browser based flow (See http://msdn.microsoft.com/en-us/library/bb268233(v=vs.85).aspx). You can use this code for purposes such as implementing retry logic or error investigation. </summary> </member> <member name="P:Microsoft.Identity.Client.MsalServiceException.Claims"> <summary> Additional claims requested by the service. When this property is not null or empty, this means that the service requires the user to provide additional claims, such as doing two factor authentication. The are two cases: <list type="bullent"> <item><description> If your application is a <see cref="T:Microsoft.Identity.Client.PublicClientApplication"/>, you should just call an override of <see cref="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIBehavior,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)"/> in <see cref="T:Microsoft.Identity.Client.PublicClientApplication"/> having an <c>extraQueryParameter</c> argument, and add the following string <c>$"claims={ex.Claims}"</c> to the extraQueryParameters, where ex is an instance of this exception. </description></item> <item>><description>If your application is a <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>, (therefore doing the On-Behalf-Of flow), you should throw an Http unauthorize exception with a message containing the claims</description></item> </list> For more details see https://aka.ms/msal-net-claim-challenge </summary> </member> <member name="P:Microsoft.Identity.Client.MsalServiceException.ResponseBody"> <summary> Raw response body received from the server. </summary> </member> <member name="P:Microsoft.Identity.Client.MsalServiceException.Headers"> <summary> Contains the http headers from the server response that indicated an error. </summary> <remarks> When the server returns a 429 Too Many Requests error, a Retry-After should be set. It is important to read and respect the time specified in the Retry-After header to avoid a retry storm. </remarks> </member> <member name="M:Microsoft.Identity.Client.MsalServiceException.ToString"> <summary> Creates and returns a string representation of the current exception. </summary> <returns>A string representation of the current exception.</returns> </member> <member name="T:Microsoft.Identity.Client.MsalUiRequiredException"> <summary> This exception class is to inform developers that UI interaction is required for authentication to succeed. It's thrown when calling <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> or one of its overrides, and when the token does not exists in the cache, or the user needs to provide more content, or perform multiple factor authentication based on Azure AD policies, etc.. For more details, see https://aka.ms/msal-net-exceptions </summary> </member> <member name="F:Microsoft.Identity.Client.MsalUiRequiredException.InvalidGrantError"> <summary> Standard OAuth2 protocol error code. It indicates to the libray that the application needs to expose the UI to the user so that the user does an interactive action in order to get a new token. <para>Mitigation:</para> If your application is a <see cref="T:PublicClientApplication"/> call one of the <c>AcquireTokenAsync</c> overrides to perform an interactive authentication. If your application is a <see cref="T:ConfidentialClientApplication"/> chances are that the Claims member of the exception is not empty. See <see cref="P:MsalServiceException.Claims"/> for the right mitigation </summary> </member> <member name="F:Microsoft.Identity.Client.MsalUiRequiredException.NoTokensFoundError"> <summary> <para>Mitigation:</para> If your application is a <see cref="T:Microsoft.Identity.Client.PublicClientApplication"/> call one of the <c>AcquireTokenAsync</c> overrides so that the user of your application signs-in and accepts consent. If your application is a <see cref="T:ConfidentialClientApplication"/>. If it's a Web App you should have previously called <see cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenByAuthorizationCodeAsync(System.String,System.Collections.Generic.IEnumerable{System.String})"/> as described in https://aka.ms/msal-net-authorization-code. This error should not happen in Web APIs. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalUiRequiredException.UserNullError"> <summary> This error code comes back from <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> calls when a null user is passed as the <c>account</c> parameter. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalUiRequiredException.TokenCacheNullError"> <summary> This error code comes back from <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> calls when the user cache had not been set in the application constructor. </summary> </member> <member name="F:Microsoft.Identity.Client.MsalUiRequiredException.NoPromptFailedError"> <summary> One of two conditions was encountered: <list type="bullet"> <item><description>The <c>UIBehavior.Never</c> UI behavior was passed in an interactive token call, but the constraint could not be honored because user interaction is required, for instance because the user needs to re-sign-in, give consent for more scopes, or perform multiple factor authentication. </description></item> <item><description> An error occurred during a silent web authentication that prevented the authentication flow from completing in a short enough time frame. </description></item> </list> <para>Remediation:</para>call one of the <c>AcquireTokenAsync</c> overrides so that the user of your application signs-in and accepts consent. </summary> </member> <member name="M:Microsoft.Identity.Client.MsalUiRequiredException.#ctor(System.String,System.String)"> <summary> Initializes a new instance of the exception class with a specified error code and error message. </summary> <param name="errorCode"> The error code returned by the service or generated by the client. This is the code you can rely on for exception handling. </param> <param name="errorMessage">The error message that explains the reason for the exception.</param> </member> <member name="M:Microsoft.Identity.Client.MsalUiRequiredException.#ctor(System.String,System.String,System.Exception)"> <summary> Initializes a new instance of the exception class with a specified error code, error message and inner exception indicating the root cause. </summary> <param name="errorCode"> The error code returned by the service or generated by the client. This is the code you can rely on for exception handling. </param> <param name="errorMessage">The error message that explains the reason for the exception.</param> <param name="innerException">Represents the root cause of the exception.</param> </member> <member name="T:Microsoft.Identity.Client.IAccount"> <summary> The IAccount interface represents information about a single account. The same user can be present in different tenants, that is, a user can have multiple accounts. An <c>IAccount</c> is returned in the <see cref="T:Microsoft.Identity.Client.AuthenticationResult"/>.<see cref="P:Microsoft.Identity.Client.AuthenticationResult.Account"/> property, and can be used as parameters of PublicClientApplication and ConfidentialClientApplication methods acquiring tokens such as <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> </summary> </member> <member name="P:Microsoft.Identity.Client.IAccount.Username"> <summary> Gets a string containing the displayable value in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c>. This can be null. </summary> <remarks>This property replaces the <c>DisplayableId</c> property of <c>IUser</c> in previous versions of MSAL.NET</remarks> </member> <member name="P:Microsoft.Identity.Client.IAccount.Environment"> <summary> Gets a string containing the identity provider for this account, e.g. <c>login.microsoftonline.com</c>. </summary> <remarks>This property replaces the <c>IdentityProvider</c> property of <c>IUser</c> in previous versions of MSAL.NET except that IdentityProvider was a URL with information about the tenant (in addition to the cloud environment), whereas Environement is only the <see cref="P:System.Uri.Host"/></remarks> </member> <member name="P:Microsoft.Identity.Client.IAccount.HomeAccountId"> <summary> AccountId of the home account for the user. This uniquely identifies the user across AAD tenants. </summary> <remarks>Can be null, for example if this account was migrated to MSAL.NET from ADAL.NET v3's token cache</remarks> </member> <member name="T:Microsoft.Identity.Client.IClientApplicationBase"> <Summary> Abstract class containing common API methods and properties. Both <see cref="T:PublicClientApplication"/> and <see cref="T:ConfidentialClientApplication"/> extend this class. For details see https://aka.ms/msal-net-client-applications </Summary> <Summary> Interface defining common API methods and properties. Both <see cref="T:PublicClientApplication"/> and <see cref="T:ConfidentialClientApplication"/> extend this class. For details see https://aka.ms/msal-net-client-applications </Summary> </member> <member name="P:Microsoft.Identity.Client.IClientApplicationBase.Component"> <summary> Identifier of the component (libraries/SDK) consuming MSAL.NET. This will allow for disambiguation between MSAL usage by the app vs MSAL usage by component libraries. </summary> </member> <member name="P:Microsoft.Identity.Client.IClientApplicationBase.Authority"> <Summary> Gets the URL of the authority, or the security token service (STS) from which MSAL.NET will acquire security tokens. The return value of this propety is either the value provided by the developer in the constructor of the application, or otherwise the value of the <see cref="P:Microsoft.Identity.Client.ClientApplicationBase.Authority"/> static member (that is <c>https://login.microsoftonline.com/common/</c>) </Summary> </member> <member name="P:Microsoft.Identity.Client.IClientApplicationBase.ClientId"> <summary> Gets the Client ID (also known as Application ID) of the application as registered in the application registration portal (https://aka.ms/msal-net-register-app) and as passed in the constructor of the application. </summary> </member> <member name="P:Microsoft.Identity.Client.IClientApplicationBase.RedirectUri"> <summary> The redirect URI (also known as Reply URI or Reply URL), is the URI at which Azure AD will contact back the application with the tokens. This redirect URI needs to be registered in the app registration (https://aka.ms/msal-net-register-app) In MSAL.NET, <see cref="T:PublicClientApplication"/> define the following default RedirectUri values: <list type="bullet"> <item><description><c>urn:ietf:wg:oauth:2.0:oob</c> for desktop (.NET Framework and .NET Core) applications</description></item> <item><description><c>msal{ClientId}</c> for Xamarin iOS and Xamarin Android (as this will be used by the system web browser by default on these platforms to call back the application) </description></item> </list> These default URIs could change in the future. In <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>, this can be the URL of the Web application / Web API. </summary> <remarks>This is especially important when you deploy an application that you have initially tested locally; you then need to add the reply URL of the deployed application in the application registration portal. </remarks> </member> <member name="P:Microsoft.Identity.Client.IClientApplicationBase.ValidateAuthority"> <summary> Gets a boolean value telling the application if the authority needs to be verified against a list of known authorities. The default value is <c>true</c>. It should currently be set to <c>false</c> for Azure AD B2C authorities as those are customer specific (a list of known B2C authorities cannot be maintained by MSAL.NET) </summary> </member> <member name="M:Microsoft.Identity.Client.IClientApplicationBase.GetAccountsAsync"> <summary> Returns all the available <see cref="T:Microsoft.Identity.Client.IAccount">accounts</see> in the user token cache for the application. </summary> </member> <member name="P:Microsoft.Identity.Client.IClientApplicationBase.SliceParameters"> <summary> Sets or Gets a custom query parameters that may be sent to the STS for dogfood testing or debugging. This is a string of segments of the form <c>key=value</c> separated by an ampersand character. Unless requested otherwise, this parameter should not be set by application developers as it may have adverse effect on the application. </summary> </member> <member name="M:Microsoft.Identity.Client.IClientApplicationBase.GetAccountAsync(System.String)"> <summary> Get the <see cref="T:Microsoft.Identity.Client.IAccount"/> by its identifier among the accounts available in the token cache. </summary> <param name="identifier">Account identifier. The value of the identifier will probably have been stored value from the value of the <see cref="P:Microsoft.Identity.Client.AccountId.Identifier"/> property of <see cref="T:Microsoft.Identity.Client.AccountId"/>. You typically get the account id from an <see cref="T:Microsoft.Identity.Client.IAccount"/> by using the <see cref="P:Microsoft.Identity.Client.IAccount.HomeAccountId"/> property></param> </member> <member name="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"> <summary> Attempts to acquire an access token for the <paramref name="account"/> from the user token cache. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account for which the token is requested. <see cref="T:Microsoft.Identity.Client.IAccount"/></param> <returns>An <see cref="T:Microsoft.Identity.Client.AuthenticationResult"/> containing the requested token</returns> <exception cref="T:Microsoft.Identity.Client.MsalUiRequiredException">can be thrown in the case where an interaction is required with the end user of the application, for instance so that the user consents, or re-signs-in (for instance if the password expirred), or performs two factor authentication</exception> <remarks> The access token is considered a match if it contains <b>at least</b> all the requested scopes. This means that an access token with more scopes than requested could be returned as well. If the access token is expired or close to expiration (within 5 minute window), then the cached refresh token (if available) is used to acquire a new access token by making a silent network call. See https://aka.ms/msal-net-acuiretokensilent for more details </remarks> </member> <member name="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,System.String,System.Boolean)"> <summary> Attempts to acquire and access token for the <paramref name="account"/> from the user token cache, with advanced parameters making a network call. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account for which the token is requested. <see cref="T:Microsoft.Identity.Client.IAccount"/></param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured in the application constructor narrows down the selection of tenants for which to get a tenant, but does not change the configured value</param> <param name="forceRefresh">If <c>true</c>, the will ignore the access token in the cache and attempt to acquire new access token using the refresh token for the account if this one is available. This can be useful in the case when the application developer wants to make sure that conditional access policies are applies immediately, rather than after the expiration of the access token</param> <returns>An <see cref="T:Microsoft.Identity.Client.AuthenticationResult"/> containing the requested token</returns> <exception cref="T:Microsoft.Identity.Client.MsalUiRequiredException">can be thrown in the case where an interaction is required with the end user of the application, for instance, if no refresh token was in the cache, or the user needs to consents, or re-sign-in (for instance if the password expirred), or performs two factor authentication</exception> <remarks> The access token is considered a match if it contains <b>at least</b> all the requested scopes. This means that an access token with more scopes than requested could be returned as well. If the access token is expired or close to expiration (within 5 minute window), then the cached refresh token (if available) is used to acquire a new access token by making a silent network call. See https://aka.ms/msal-net-acquiretokensilent for more details </remarks> </member> <member name="M:Microsoft.Identity.Client.IClientApplicationBase.RemoveAsync(Microsoft.Identity.Client.IAccount)"> <summary> Removes all tokens in the cache for the specified account. </summary> <param name="account">instance of the account that needs to be removed</param> </member> <member name="P:Microsoft.Identity.Client.IClientApplicationBase.Users"> <summary> In MSAL 1.x returned an enumeration of <see cref="T:Microsoft.Identity.Client.IUser"/>. From MSAL 2.x, use <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.GetAccountsAsync"/> instead. See https://aka.ms/msal-net-2-released for more details. </summary> </member> <member name="M:Microsoft.Identity.Client.IClientApplicationBase.GetUser(System.String)"> <summary> In MSAL 1.x, return a user from its identifier. From MSAL 2.x, use <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.GetAccountsAsync"/> instead. See https://aka.ms/msal-net-2-released for more details. </summary> <param name="identifier">Identifier of the user to retrieve</param> <returns>the user in the cache with the identifier passed as an argument</returns> </member> <member name="M:Microsoft.Identity.Client.IClientApplicationBase.Remove(Microsoft.Identity.Client.IUser)"> <summary> In MSAL 1.x removed a user from the cache. From MSAL 2.x, use <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.RemoveAsync(Microsoft.Identity.Client.IAccount)"/> instead. See https://aka.ms/msal-net-2-released for more details. </summary> <param name="user">User to remove from the cache</param> </member> <member name="T:Microsoft.Identity.Client.Internal.ModuleInitializer"> <summary> Initializes the MSAL module. This can be considered an entry point into MSAL for initialization purposes. </summary> <remarks> The CLR defines a module initializer, however this is not implemented in C# and to use this it would require IL weaving, which does not seem to work on all target frameworks. Instead, call <see cref="M:Microsoft.Identity.Client.Internal.ModuleInitializer.EnsureModuleInitialized" /> from static ctors of public entry points. </remarks> </member> <member name="M:Microsoft.Identity.Client.Internal.ModuleInitializer.EnsureModuleInitialized"> <summary> Handle all the initialization of singletons, factories, statics etc. Initialization will only happen once. </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.ModuleInitializer.ForceModuleInitializationTestOnly"> <summary> Force initialization of the module, ignoring any previous initializations. Only TESTS should call this method. </summary> <remarks> Tests can access the internals of the module and modify the initialization pattern, so it is acceptable for tests to reinitialize the module. </remarks> </member> <member name="M:Microsoft.Identity.Client.Internal.Requests.RequestValidationHelper.ValidateClientAssertion(Microsoft.Identity.Client.Internal.Requests.AuthenticationRequestParameters)"> <summary> Determines whether or not the cached client assertion can be used again for the next authentication request by checking it's values against incoming request parameters. </summary> <param name="clientAssertionParameters">Incoming client assertion parameters containing cached client assertion</param> <returns>Returns true if the previously cached client assertion is valid</returns> </member> <member name="T:Microsoft.Identity.Client.Internal.Requests.IntegratedWindowsAuthRequest"> <summary> Handles requests that are non-interactive. Currently MSAL supports Integrated Windows Auth (IWA). </summary> </member> <member name="T:Microsoft.Identity.Client.Internal.Requests.UsernamePasswordRequest"> <summary> Handles requests that are non-interactive. Currently MSAL supports Integrated Windows Auth. </summary> </member> <member name="T:Microsoft.Identity.Client.Internal.UI.WebBrowserNavigateErrorEventHandler"> <summary> </summary> </member> <member name="F:Microsoft.Identity.Client.Internal.UI.SilentWebUI.NavigationWaitMiliSecs"> <summary> This is how long we allow between completed navigations. </summary> </member> <member name="F:Microsoft.Identity.Client.Internal.UI.SilentWebUI.NavigationOverallTimeout"> <summary> This is how long all redirect navigations are allowed to run for before a graceful termination of the entire browser based authentication process is attempted. </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.SilentWebUI.WaitForCompletionOrTimeout(System.Threading.Thread)"> <summary> Waits on the UI Thread to complete normally for NavigationOverallTimeout. After it attempts shutdown the UI thread graceful followed by aborting the thread if a graceful shutdown is not successful. </summary> <param name="uiThread"></param> <returns>Returns true if the UI thread completed on its own before the timeout. Otherwise false.</returns> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.SilentWebUI.OnAuthenticate"> <summary> Callers expect the call to show the authentication dialog to be synchronous. This is easy in the interactive case as ShowDialog is a synchronous call. However, ShowDialog will always show the dialog. It can not be hidden. So it can not be used in the silent case. Instead we need to do the equivalent of creating our own modal dialog. We start a new thread, launch an invisible window on that thread. The original calling thread blocks until the secondary UI thread completes. </summary> <returns></returns> </member> <member name="T:Microsoft.Identity.Client.Internal.UI.SilentWindowsFormsAuthenticationDialog"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.SilentWindowsFormsAuthenticationDialog.#ctor(System.Object)"> <summary> </summary> </member> <member name="P:Microsoft.Identity.Client.Internal.UI.SilentWindowsFormsAuthenticationDialog.NavigationWaitMiliSecs"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.SilentWindowsFormsAuthenticationDialog.CloseBrowser"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.SilentWindowsFormsAuthenticationDialog.SuppressBrowserSubDialogs"> <summary> Make sure that the browser control does not surface any of it's own dialogs. For instance bad certificate or javascript error dialogs. </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.SilentWindowsFormsAuthenticationDialog.WebBrowserNavigatingHandler(System.Object,System.Windows.Forms.WebBrowserNavigatingEventArgs)"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.SilentWindowsFormsAuthenticationDialog.SignalDone(System.Exception)"> <summary> This method must only be called from the UI thread. Since this is the callers opportunity to call dispose on this object. Calling Dispose must be done on the same thread on which this object was constructed. </summary> <param name="exception"></param> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.SilentWindowsFormsAuthenticationDialog.OnClosingUrl"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.SilentWindowsFormsAuthenticationDialog.OnNavigationCanceled(System.Int32)"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.SilentWindowsFormsAuthenticationDialog.Dispose(System.Boolean)"> <summary> </summary> </member> <member name="T:Microsoft.Identity.Client.Internal.UI.WebBrowserNavigateErrorEventArgs"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WebBrowserNavigateErrorEventArgs.#ctor(System.String,System.String,System.Int32,System.Object)"> <summary> </summary> </member> <member name="P:Microsoft.Identity.Client.Internal.UI.WebBrowserNavigateErrorEventArgs.TargetFrameName"> <summary> </summary> </member> <member name="P:Microsoft.Identity.Client.Internal.UI.WebBrowserNavigateErrorEventArgs.Url"> <summary> </summary> </member> <member name="P:Microsoft.Identity.Client.Internal.UI.WebBrowserNavigateErrorEventArgs.StatusCode"> <summary> </summary> </member> <member name="P:Microsoft.Identity.Client.Internal.UI.WebBrowserNavigateErrorEventArgs.WebBrowserActiveXInstance"> <summary> </summary> </member> <member name="T:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase"> <summary> </summary> </member> <member name="P:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.ownerWindow"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.#ctor(System.Object)"> <summary> </summary> </member> <member name="P:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.WebBrowser"> <summary> Gets Web Browser control used by the dialog. </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.WebBrowserNavigatingHandler(System.Object,System.Windows.Forms.WebBrowserNavigatingEventArgs)"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.WebBrowserNavigateErrorHandler(System.Object,Microsoft.Identity.Client.Internal.UI.WebBrowserNavigateErrorEventArgs)"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.OnClosingUrl"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.OnNavigationCanceled(System.Int32)"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.OnAuthenticate"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.InvokeHandlingOwnerWindow(System.Action)"> <summary> Some calls need to be made on the UI thread and this is the central place to check if we have an owner window and if so, ensure we invoke on that proper thread. </summary> <param name="action"></param> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.Dispose(System.Boolean)"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.CreateExceptionForAuthenticationUiFailed(System.Int32)"> <summary> </summary> </member> <member name="T:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.DpiHelper"> <summary> </summary> </member> <member name="P:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.DpiHelper.ZoomPercent"> <summary> </summary> </member> <member name="T:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialogBase.NativeMethods"> <summary> </summary> </member> <member name="T:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialog"> <summary> The browser dialog used for user authentication </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialog.#ctor(System.Object)"> <summary> Default constructor </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialog.OnAuthenticate"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialog.ShowBrowser"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialog.WebBrowserNavigatingHandler(System.Object,System.Windows.Forms.WebBrowserNavigatingEventArgs)"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialog.OnClosingUrl"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Client.Internal.UI.WindowsFormsWebAuthenticationDialog.OnNavigationCanceled(System.Int32)"> <summary> </summary> </member> <member name="T:Microsoft.Identity.Client.IPublicClientApplication"> <summary> Interface to be used with desktop or mobile applications (Desktop / UWP / Xamarin.iOS / Xamarin.Android). public client applications are not trusted to safely keep application secrets, and therefore they only access Web APIs in the name of the user only (they only support public client flows). For details see https://aka.ms/msal-net-client-applications </summary> <summary> Interface to be used with desktop or mobile applications (Desktop / UWP / Xamarin.iOS / Xamarin.Android). public client applications are not trusted to safely keep application secrets, and therefore they only access Web APIs in the name of the user only (they only support public client flows). For details see https://aka.ms/msal-net-client-applications </summary> <summary> Interface to be used with desktop or mobile applications (Desktop / UWP / Xamarin.iOS / Xamarin.Android). public client applications are not trusted to safely keep application secrets, and therefore they only access Web APIs in the name of the user only (they only support public client flows). For details see https://aka.ms/msal-net-client-applications </summary> <summary> Interface to be used with desktop or mobile applications (Desktop / UWP / Xamarin.iOS / Xamarin.Android). public client applications are not trusted to safely keep application secrets, and therefore they only access Web APIs in the name of the user only (they only support public client flows). For details see https://aka.ms/msal-net-client-applications </summary> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String})"> <summary> Interactive request to acquire token for the specified scopes. The user is required to select an account </summary> <param name="scopes">Scopes requested to access a protected API</param> <returns>Authentication result containing a token for the requested scopes and account</returns> <remarks>The user will be signed-in interactively if needed, and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.</remarks> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String)"> <summary> Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed based on the <paramref name="loginHint"/> </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"> <summary> Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed based on the provided <paramref name="account"/> </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIBehavior,System.String)"> <summary> Interactive request to acquire token for a login with control of the UI behavior and possiblity of passing extra query parameters like additional claims </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.UIBehavior,System.String)"> <summary> Interactive request to acquire token for an account with control of the UI behavior and possiblity of passing extra query parameters like additional claims </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIBehavior,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)"> <summary> Interactive request to acquire token for a given login, with the possibility of controlling the user experience, passing extra query parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application </summary> <param name="scopes">scopes requested to access a protected API</param> <param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="extraScopesToConsent">scopes that you can request the end user to consent upfront, in addition to the scopes for the protected Web API for which you want to acquire a security token.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.UIBehavior,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)"> <summary> Interactive request to acquire token for a given account, with the possibility of controlling the user experience, passing extra query parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="extraScopesToConsent">Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected Web API for which you want to acquire a security token.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for the specified scopes. The interactive window will be parented to the specified window. The user will be required to select an account </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> <remarks>The user will be signed-in interactively if needed, and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.</remarks> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for the specified scopes. The interactive window will be parented to the specified window. . The user will need to sign-in but an account will be proposed based on the <paramref name="loginHint"/> </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and login</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed based on the provided <paramref name="account"/> </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIBehavior,System.String,Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for a login with control of the UI behavior and possiblity of passing extra query parameters like additional claims </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.UIBehavior,System.String,Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for an account with control of the UI behavior and possiblity of passing extra query parameters like additional claims </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIBehavior,System.String,System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for a given login, with the possibility of controlling the user experience, passing extra query parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="extraScopesToConsent">Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected Web API for which you want to acquire a security token.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.UIBehavior,System.String,System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for a given account, with the possibility of controlling the user experience, passing extra query parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="extraScopesToConsent">Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected Web API for which you want to acquire a security token.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByIntegratedWindowsAuthAsync(System.Collections.Generic.IEnumerable{System.String})"> <summary> Non-interactive request to acquire a security token for the signed-in user in Windows, via Integrated Windows Authentication. See https://aka.ms/msal-net-iwa. The account used in this overrides is pulled from the operating system as the current user principal name </summary> <remarks> On Windows Universal Platform, the following capabilities need to be provided: Enterprise Authentication, Private Networks (Client and Server), User Account Information </remarks> <param name="scopes">Scopes requested to access a protected API</param> <returns>Authentication result containing a token for the requested scopes and for the currently logged-in user in Windows</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByIntegratedWindowsAuthAsync(System.Collections.Generic.IEnumerable{System.String},System.String)"> <summary> Non-interactive request to acquire a security token for the signed-in user in Windows, via Integrated Windows Authentication. See https://aka.ms/msal-net-iwa. The account used in this overrides is pulled from the operating system as the current user principal name </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="username">Identifier of the user account for which to acquire a token with Integrated Windows authentication. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com</param> <returns>Authentication result containing a token for the requested scopes and for the currently logged-in user in Windows</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByUsernamePasswordAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.Security.SecureString)"> <summary> Non-interactive request to acquire a security token from the authority, via Username/Password Authentication. See https://aka.ms/msal-net-up. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="username">Identifier of the user application requests token on behalf. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com</param> <param name="securePassword">User password.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})"> <summary> Acquires a security token on a device without a Web browser, by letting the user authenticate on another device. This is done in two steps: <list type="bullet"> <item><description>the method first acquires a device code from the authority and returns it to the caller via the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user to direct them to authenticate (to a specific URL, with a code)</description></item> <item><description>The method then proceeds to poll for the security token which is granted upon successful login by the user based on the device code information</description></item> </list> See https://aka.ms/msal-device-code-flow. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="deviceCodeResultCallback">Callback containing information to show the user about how to authenticate and enter the device code.</param> <returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})"> <summary> Acquires a security token on a device without a Web browser, by letting the user authenticate on another device, with possiblity of passing extra parameters. This is done in two steps: <list type="bullet"> <item><description>the method first acquires a device code from the authority and returns it to the caller via the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user to direct them to authenticate (to a specific URL, with a code)</description></item> <item><description>The method then proceeds to poll for the security token which is granted upon successful login by the user based on the device code information</description></item> </list> See https://aka.ms/msal-device-code-flow. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="deviceCodeResultCallback">Callback containing information to show the user about how to authenticate and enter the device code.</param> <returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task},System.Threading.CancellationToken)"> <summary> Acquires a security token on a device without a Web browser, by letting the user authenticate on another device, with possiblity of cancelling the token acquisition before it times out. This is done in two steps: <list type="bullet"> <item><description>the method first acquires a device code from the authority and returns it to the caller via the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user to direct them to authenticate (to a specific URL, with a code)</description></item> <item><description>The method then proceeds to poll for the security token which is granted upon successful login by the user based on the device code information. This step is cancelable</description></item> </list> See https://aka.ms/msal-device-code-flow. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="deviceCodeResultCallback">The callback containing information to show the user about how to authenticate and enter the device code.</param> <param name="cancellationToken">A CancellationToken which can be triggered to cancel the operation in progress.</param> <returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns> </member> <member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task},System.Threading.CancellationToken)"> <summary> Acquires a security token on a device without a Web browser, by letting the user authenticate on another device, with possiblity of passing extra query parameters and cancelling the token acquisition before it times out. This is done in two steps: <list type="bullet"> <item><description>the method first acquires a device code from the authority and returns it to the caller via the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user to direct them to authenticate (to a specific URL, with a code)</description></item> <item><description>The method then proceeds to poll for the security token which is granted upon successful login by the user based on the device code information. This step is cancelable</description></item> </list> See https://aka.ms/msal-device-code-flow. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="deviceCodeResultCallback">The callback containing information to show the user about how to authenticate and enter the device code.</param> <param name="cancellationToken">A CancellationToken which can be triggered to cancel the operation in progress.</param> <returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns> </member> <member name="T:Microsoft.Identity.Client.LogCallback"> <summary> Callback delegate that allows application developers to consume logs, and handle them in a custom manner. This callback is set on the <see cref="P:Microsoft.Identity.Client.Logger.LogCallback"/> member of the <see cref="T:Microsoft.Identity.Client.Logger"/> static class. If <see cref="P:Microsoft.Identity.Client.Logger.PiiLoggingEnabled"/> is set to <c>true</c>, this method will receive the messages twice: once with the <c>containsPii</c> parameter equals <c>false</c> and the message without PII, and a second time with the <c>containsPii</c> parameter equals to <c>true</c> and the message might contain PII. In some cases (when the message does not contain PII), the message will be the same. For details see https://aka.ms/msal-net-logging </summary> <param name="level">Log level of the log message to process</param> <param name="message">Pre-formatted log message</param> <param name="containsPii">Indicates if the log message contains Organizational Identifiable Information (OII) or Personally Identifiable Information (PII) nor not. If <see cref="P:Microsoft.Identity.Client.Logger.PiiLoggingEnabled"/> is set to <c>false</c> then this value is always false. Otherwise it will be <c>true</c> when the message contains PII.</param> <seealso cref="T:Microsoft.Identity.Client.Logger"/> </member> <member name="T:Microsoft.Identity.Client.LogLevel"> <summary> Level of the log messages. For details see https://aka.ms/msal-net-logging </summary> </member> <member name="F:Microsoft.Identity.Client.LogLevel.Error"> <summary> Error Log level </summary> </member> <member name="F:Microsoft.Identity.Client.LogLevel.Warning"> <summary> Warning Log level </summary> </member> <member name="F:Microsoft.Identity.Client.LogLevel.Info"> <summary> Information Log level </summary> </member> <member name="F:Microsoft.Identity.Client.LogLevel.Verbose"> <summary> Verbose Log level </summary> </member> <member name="T:Microsoft.Identity.Client.Logger"> <summary> Static class that allows application developers to set a callback to handle logs, specify the level of logs desired and if they accept to log Personally Identifiable Information (PII) or not </summary> <example> <code> private static void Log(LogLevel level, string message, bool containsPii) { if (containsPii) { Console.ForegroundColor = ConsoleColor.Red; } Console.WriteLine($"{level} {message}"); Console.ResetColor(); } private async Task CallProtectedApiWithLoggingAsync(string[] args) { PublicClientApplication application = new PublicClientApplication(clientID); Logger.LogCallback = Log; Logger.Level = LogLevel.Info; Logger.PiiLoggingEnabled = true; AuthenticationResult result = await application.AcquireTokenAsync( new string[] { "User.Read" }); ... } </code> </example> </member> <member name="P:Microsoft.Identity.Client.Logger.LogCallback"> <summary> Callback instance that you can set in your app to consume and publish logs in a custom manner. If <see cref="P:Microsoft.Identity.Client.Logger.PiiLoggingEnabled"/> is set to <c>true</c>, this method will receive the messages twice: once with the <c>containsPii</c> parameter equals <c>false</c> and the message without PII, and a second time with the <c>containsPii</c> parameter equals to <c>true</c> and the message might contain PII. In some cases (when the message does not contain PII), the message will be the same. <para/> For details see https://aka.ms/msal-net-logging </summary> <exception cref="T:System.ArgumentException">will be thrown if the LogCallback was already set</exception> </member> <member name="P:Microsoft.Identity.Client.Logger.Level"> <summary> Enables you to configure the level of logging you want. The default value is <see cref="F:Microsoft.Identity.Client.LogLevel.Info"/>. Setting it to <see cref="F:Microsoft.Identity.Client.LogLevel.Error"/> will only get errors Setting it to <see cref="F:Microsoft.Identity.Client.LogLevel.Warning"/> will get errors and warning, etc.. </summary> </member> <member name="P:Microsoft.Identity.Client.Logger.PiiLoggingEnabled"> <summary> Flag to enable/disable logging of Personally Identifiable data (PII) data. PII logs are never written to default outputs like Console, Logcat or NSLog Default is set to <c>false</c>, which ensures that your application is compliant with GDPR. You can set it to <c>true</c> for advanced debugging requiring PII </summary> <seealso cref="P:Microsoft.Identity.Client.Logger.DefaultLoggingEnabled"/> </member> <member name="P:Microsoft.Identity.Client.Logger.DefaultLoggingEnabled"> <summary> Flag to enable/disable logging to platform defaults. In Desktop/UWP, Event Tracing is used. In iOS, NSLog is used. In android, logcat is used. The default value is <c>false</c> </summary> </member> <member name="T:Microsoft.Identity.Client.IUser"> <summary> In MSAL.NET 1.x, was representing a User. From MSAL 2.x use <see cref="T:Microsoft.Identity.Client.IAccount"/> which represents an account (a user has several accounts). See https://aka.ms/msal-net-2-released for more details. </summary> </member> <member name="P:Microsoft.Identity.Client.IUser.DisplayableId"> <summary> In MSAL.NET 1.x was the displayable ID of a user. From MSAL 2.x use the <see cref="P:Microsoft.Identity.Client.IAccount.Username"/> of an account. See https://aka.ms/msal-net-2-released for more details </summary> </member> <member name="P:Microsoft.Identity.Client.IUser.Name"> <summary> In MSAL.NET 1.x was the name of the user (which was not very useful as the concatenation of some claims). From MSAL 2.x rather use <see cref="P:Microsoft.Identity.Client.IAccount.Username"/>. See https://aka.ms/msal-net-2-released for more details. </summary> </member> <member name="P:Microsoft.Identity.Client.IUser.IdentityProvider"> <summary> In MSAL.NET 1.x was the URL of the identity provider (e.g. https://login.microsoftonline.com/tenantId). From MSAL.NET 2.x use <see cref="P:Microsoft.Identity.Client.IAccount.Environment"/> which retrieves the host only (e.g. login.microsoftonline.com). See https://aka.ms/msal-net-2-released for more details. </summary> </member> <member name="P:Microsoft.Identity.Client.IUser.Identifier"> <summary> In MSAL.NET 1.x was an identifier for the user in the guest tenant. From MSAL.NET 2.x, use <see cref="P:Microsoft.Identity.Client.IAccount.HomeAccountId"/><see cref="P:Microsoft.Identity.Client.AccountId.Identifier"/> to get the user identifier (globally unique accross tenants). See https://aka.ms/msal-net-2-released for more details. </summary> </member> <member name="T:Microsoft.Identity.Client.TokenCacheNotificationArgs"> <summary> Contains parameters used by the MSAL call accessing the cache. See also <see cref="T:TokenCacheExtensions"/> which contains extension methods to customize the cache serialization </summary> </member> <member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.User"> <summary> In MSAL.NET 1.x, returned the user who signed in to get the authentication result. From MSAL 2.x rather use <see cref="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.Account"/> instead. See https://aka.ms/msal-net-2-released for more details. </summary> </member> <member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.TokenCache"> <summary> Gets teh <see cref="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.TokenCache"/> involved in the transaction </summary> </member> <member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.ClientId"> <summary> Gets the ClientId (application ID) of the application involved in the cache transaction </summary> </member> <member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.Account"> <summary> Gets the account involved in the cache transaction. </summary> </member> <member name="T:Microsoft.Identity.Client.PublicClientApplication"> <Summary> Abstract class containing common API methods and properties. For details see https://aka.ms/msal-net-client-applications </Summary> <summary> Class to be used to acquire tokens in desktop or mobile applications (Desktop / UWP / Xamarin.iOS / Xamarin.Android). public client applications are not trusted to safely keep application secrets, and therefore they only access Web APIs in the name of the user only (they only support public client flows). For details see https://aka.ms/msal-net-client-applications </summary> <remarks> <list type="bullet"> <item><description>Contrary to <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>, public clients are unable to hold configuration time secrets, and as a result have no client secret</description></item> <item><description>the redirect URL is pre-proposed by the library. It does not need to be passed in the constructor</description></item> <item><description>.NET Core does not support UI, and therefore this platform does not provide the interactive token acquisition methods</description></item> </list> </remarks> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenByUsernamePasswordAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)"> <summary> In ADAL.NET, acquires security token from the authority, using the username/password authentication, with the password sent in clear. In MSAL 2.x, only the method that accepts a SecureString parameter is supported. See https://aka.ms/msal-net-up for more details. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="username">Identifier of the user application requests token on behalf.</param> <param name="password">User password.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.#ctor(System.String)"> <summary> Consutructor of the application. It will use https://login.microsoftonline.com/common as the default authority. </summary> <param name="clientId">Client ID (also known as App ID) of the application as registered in the application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED</param> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.#ctor(System.String,System.String)"> <summary> Consutructor of the application. </summary> <param name="clientId">Client ID (also named Application ID) of the application as registered in the application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED</param> <param name="authority">Authority of the security token service (STS) from which MSAL.NET will acquire the tokens. Usual authorities are: <list type="bullet"> <item><description><c>https://login.microsoftonline.com/tenant/</c>, where <c>tenant</c> is the tenant ID of the Azure AD tenant or a domain associated with this Azure AD tenant, in order to sign-in user of a specific organization only</description></item> <item><description><c>https://login.microsoftonline.com/common/</c> to signing users with any work and school accounts or Microsoft personal account</description></item> <item><description><c>https://login.microsoftonline.com/organizations/</c> to signing users with any work and school accounts</description></item> <item><description><c>https://login.microsoftonline.com/consumers/</c> to signing users with only personal Microsoft account (live)</description></item> </list> Note that this setting needs to be consistent with what is declared in the application registration portal </param> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String})"> <summary> Interactive request to acquire token for the specified scopes. The user is required to select an account </summary> <param name="scopes">Scopes requested to access a protected API</param> <returns>Authentication result containing a token for the requested scopes and account</returns> <remarks>The user will be signed-in interactively if needed, and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.</remarks> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String)"> <summary> Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed based on the <paramref name="loginHint"/> </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"> <summary> Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed based on the provided <paramref name="account"/> </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIBehavior,System.String)"> <summary> Interactive request to acquire token for a login with control of the UI behavior and possiblity of passing extra query parameters like additional claims </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.UIBehavior,System.String)"> <summary> Interactive request to acquire token for an account with control of the UI behavior and possiblity of passing extra query parameters like additional claims </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIBehavior,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)"> <summary> Interactive request to acquire token for a given login, with the possibility of controlling the user experience, passing extra query parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="extraScopesToConsent">Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected Web API for which you want to acquire a security token.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.UIBehavior,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)"> <summary> Interactive request to acquire token for a given account, with the possibility of controlling the user experience, passing extra query parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="extraScopesToConsent">Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected Web API for which you want to acquire a security token.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for the specified scopes. The interactive window will be parented to the specified window. The user will be required to select an account </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> <remarks>The user will be signed-in interactively if needed, and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.</remarks> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for the specified scopes. The interactive window will be parented to the specified window. The user will need to sign-in but an account will be proposed based on the <paramref name="loginHint"/> </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and login</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed based on the provided <paramref name="account"/> </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIBehavior,System.String,Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for a login with control of the UI behavior and possiblity of passing extra query parameters like additional claims </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.UIBehavior,System.String,Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for an account with control of the UI behavior and possiblity of passing extra query parameters like additional claims </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIBehavior,System.String,System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for a given login, with the possibility of controlling the user experience, passing extra query parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="extraScopesToConsent">scopes that you can request the end user to consent upfront, in addition to the scopes for the protected Web API for which you want to acquire a security token.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.UIBehavior,System.String,System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIParent)"> <summary> Interactive request to acquire token for a given account, with the possibility of controlling the user experience, passing extra query parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param> <param name="behavior">Designed interactive experience for the user.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="extraScopesToConsent">scopes that you can request the end user to consent upfront, in addition to the scopes for the protected Web API for which you want to acquire a security token.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.#ctor(System.String,System.String,Microsoft.Identity.Client.TokenCache)"> <summary> Constructor to create application instance. This constructor is only available for Desktop and NetCore apps </summary> <param name="clientId">Client id of the application</param> <param name="authority">Default authority to be used for the application</param> <param name="userTokenCache">Instance of TokenCache.</param> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenByIntegratedWindowsAuthAsync(System.Collections.Generic.IEnumerable{System.String})"> <summary> Non-interactive request to acquire a security token for the signed-in user in Windows, via Integrated Windows Authentication. See https://aka.ms/msal-net-iwa. The account used in this overrides is pulled from the operating system as the current user principal name </summary> <remarks> On Windows Universal Platform, the following capabilities need to be provided: Enterprise Authentication, Private Networks (Client and Server), User Account Information Supported on .net desktop and UWP </remarks> <param name="scopes">Scopes requested to access a protected API</param> <returns>Authentication result containing a token for the requested scopes and for the currently logged-in user in Windows</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenByIntegratedWindowsAuthAsync(System.Collections.Generic.IEnumerable{System.String},System.String)"> <summary> Non-interactive request to acquire a security token for the signed-in user in Windows, via Integrated Windows Authentication. See https://aka.ms/msal-net-iwa. The account used in this overrides is pulled from the operating system as the current user principal name </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="username">Identifier of the user account for which to acquire a token with Integrated Windows authentication. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com</param> <returns>Authentication result containing a token for the requested scopes and for the currently logged-in user in Windows</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenByUsernamePasswordAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.Security.SecureString)"> <summary> Non-interactive request to acquire a security token from the authority, via Username/Password Authentication. Available only on .net desktop and .net core. See https://aka.ms/msal-net-up for details. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="username">Identifier of the user application requests token on behalf. Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com</param> <param name="securePassword">User password.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})"> <summary> Acquires a security token on a device without a Web browser, by letting the user authenticate on another device. This is done in two steps: <list type="bullet"> <item><description>the method first acquires a device code from the authority and returns it to the caller via the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user to direct them to authenticate (to a specific URL, with a code)</description></item> <item><description>The method then proceeds to poll for the security token which is granted upon successful login by the user based on the device code information</description></item> </list> See https://aka.ms/msal-device-code-flow. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="deviceCodeResultCallback">Callback containing information to show the user about how to authenticate and enter the device code.</param> <returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})"> <summary> Acquires a security token on a device without a Web browser, by letting the user authenticate on another device, with possiblity of passing extra parameters. This is done in two steps: <list type="bullet"> <item><description>the method first acquires a device code from the authority and returns it to the caller via the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user to direct them to authenticate (to a specific URL, with a code)</description></item> <item><description>The method then proceeds to poll for the security token which is granted upon successful login by the user based on the device code information</description></item> </list> See https://aka.ms/msal-device-code-flow. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="deviceCodeResultCallback">Callback containing information to show the user about how to authenticate and enter the device code.</param> <returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task},System.Threading.CancellationToken)"> <summary> Acquires a security token on a device without a Web browser, by letting the user authenticate on another device, with possiblity of cancelling the token acquisition before it times out. This is done in two steps: <list type="bullet"> <item><description>the method first acquires a device code from the authority and returns it to the caller via the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user to direct them to authenticate (to a specific URL, with a code)</description></item> <item><description>The method then proceeds to poll for the security token which is granted upon successful login by the user based on the device code information. This step is cancelable</description></item> </list> See https://aka.ms/msal-device-code-flow. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="deviceCodeResultCallback">The callback containing information to show the user about how to authenticate and enter the device code.</param> <param name="cancellationToken">A CancellationToken which can be triggered to cancel the operation in progress.</param> <returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns> </member> <member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task},System.Threading.CancellationToken)"> <summary> Acquires a security token on a device without a Web browser, by letting the user authenticate on another device, with possiblity of passing extra query parameters and cancelling the token acquisition before it times out. This is done in two steps: <list type="bullet"> <item><description>the method first acquires a device code from the authority and returns it to the caller via the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user to direct them to authenticate (to a specific URL, with a code)</description></item> <item><description>The method then proceeds to poll for the security token which is granted upon successful login by the user based on the device code information. This step is cancelable</description></item> </list> See https://aka.ms/msal-device-code-flow. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="deviceCodeResultCallback">The callback containing information to show the user about how to authenticate and enter the device code.</param> <param name="cancellationToken">A CancellationToken which can be triggered to cancel the operation in progress.</param> <returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns> </member> <member name="T:Microsoft.Identity.Client.Telemetry"> <summary> Handler enabling your application to send telemetry to your telemetry service or subscription (for instance Microsoft Application Insights). To enable telemetry in your application, you get the singleton instance of <c>Telemetry</c> by using <see cref="M:Microsoft.Identity.Client.Telemetry.GetInstance" />, you set the delegate that will process the telemetry events by calling <see cref="M:Microsoft.Identity.Client.Telemetry.RegisterReceiver(Microsoft.Identity.Client.Telemetry.Receiver)" />, and you decide if you want to receive telemetry events only in case of failure or all the time, by setting the <see cref="P:Microsoft.Identity.Client.Telemetry.TelemetryOnFailureOnly" /> boolean. </summary> </member> <member name="T:Microsoft.Identity.Client.Telemetry.Receiver"> <summary> Delegate telling the signature of your callbacks that will send telemetry information to your telemetry service </summary> <param name="events">Dictionary of key/values pair</param> </member> <member name="M:Microsoft.Identity.Client.Telemetry.GetInstance"> <summary> Get the instance of the Telemetry helper for MSAL.NET </summary> <returns>a unique instance of <see cref="T:Microsoft.Identity.Client.Telemetry" /></returns> </member> <member name="P:Microsoft.Identity.Client.Telemetry.TelemetryOnFailureOnly"> <summary> Gets or sets a boolean that indicates if telemetry should be generated on failures only (<c>true</c>) or all the time (<c>false</c>) </summary> </member> <member name="M:Microsoft.Identity.Client.Telemetry.RegisterReceiver(Microsoft.Identity.Client.Telemetry.Receiver)"> <summary> Registers one delegate that will send telemetry information to your telemetry service </summary> <param name="r">Receiver delegate. See <see cref="T:Microsoft.Identity.Client.Telemetry.Receiver" /></param> </member> <member name="T:Microsoft.Identity.Client.TokenCache"> <summary> Token cache storing access and refresh tokens for accounts This class is used in the constructors of <see cref="T:Microsoft.Identity.Client.PublicClientApplication"/> and <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>. In the case of ConfidentialClientApplication, two instances are used, one for the user token cache, and one for the application token cache (in the case of applications using the client credential flows). See also <see cref="T:Microsoft.Identity.Client.TokenCacheExtensions"/> which contains extension methods used to customize the cache serialization </summary> </member> <member name="M:Microsoft.Identity.Client.TokenCache.#ctor"> <summary> Constructor </summary> </member> <member name="T:Microsoft.Identity.Client.TokenCache.TokenCacheNotification"> <summary> Notification for certain token cache interactions during token acquisition. This delegate is used in particular to provide a custom token cache serialization </summary> <param name="args">Arguments related to the cache item impacted</param> </member> <member name="P:Microsoft.Identity.Client.TokenCache.BeforeAccess"> <summary> Notification method called before any library method accesses the cache. </summary> </member> <member name="P:Microsoft.Identity.Client.TokenCache.BeforeWrite"> <summary> Notification method called before any library method writes to the cache. This notification can be used to reload the cache state from a row in database and lock that row. That database row can then be unlocked in the <see cref="P:Microsoft.Identity.Client.TokenCache.AfterAccess"/>notification. </summary> </member> <member name="P:Microsoft.Identity.Client.TokenCache.AfterAccess"> <summary> Notification method called after any library method accesses the cache. </summary> </member> <member name="P:Microsoft.Identity.Client.TokenCache.HasStateChanged"> <summary> Gets or sets the flag indicating whether the state of the cache has changed. MSAL methods set this flag after any change. Caller applications should reset the flag after serializing and persisting the state of the cache. </summary> </member> <member name="M:Microsoft.Identity.Client.TokenCache.SaveAccesTokenCacheItem(Microsoft.Identity.Core.Cache.MsalAccessTokenCacheItem,Microsoft.Identity.Core.Cache.MsalIdTokenCacheItem)"> <summary> Only used by dev test apps </summary> </member> <member name="M:Microsoft.Identity.Client.TokenCache.SaveRefreshTokenCacheItem(Microsoft.Identity.Core.Cache.MsalRefreshTokenCacheItem,Microsoft.Identity.Core.Cache.MsalIdTokenCacheItem)"> <summary> Only used by dev test apps </summary> <param name="msalRefreshTokenCacheItem"></param> <param name="msalIdTokenCacheItem"></param> </member> <member name="T:Microsoft.Identity.Client.UIBehavior"> <summary> Stucture containing static members that you can use to specify how the interactive overrides of AcquireTokenAsync in <see cref="T:Microsoft.Identity.Client.PublicClientApplication"/> should prompt the user. </summary> <remarks>Only the .NET Framework platforms allows <c>UIBehavior.Never</c></remarks> </member> <member name="F:Microsoft.Identity.Client.UIBehavior.SelectAccount"> <summary> AcquireToken will send <c>prompt=select_account</c> to Azure AD's authorize endpoint which would present to the user a list of accounts from which one can be selected for authentication. </summary> </member> <member name="F:Microsoft.Identity.Client.UIBehavior.ForceLogin"> <summary> The user will be prompted for credentials by the service. It is achieved by sending <c>prompt=login</c> to the Azure AD service. </summary> </member> <member name="F:Microsoft.Identity.Client.UIBehavior.Consent"> <summary> The user will be prompted to consent even if consent was granted before. It is achieved by sending <c>prompt=consent</c> to Azure AD. </summary> </member> <member name="F:Microsoft.Identity.Client.UIBehavior.Never"> <summary> Only available on .NET platform. AcquireToken will send <c>prompt=attempt_none</c> to Azure AD's authorize endpoint and the library will use a hidden webview (and its cookies) to authenticate the user. This can fail, and in that case a <see cref="T:Microsoft.Identity.Client.MsalUiRequiredException"/> will be thrown. </summary> </member> <member name="M:Microsoft.Identity.Client.UIBehavior.Equals(System.Object)"> <summary> Equals method override to compare UIBehavior structs </summary> <param name="obj">object to compare against</param> <returns>true if object are equal.</returns> </member> <member name="M:Microsoft.Identity.Client.UIBehavior.GetHashCode"> <summary> Override to compute hashcode </summary> <returns>hash code of the PromptValue</returns> </member> <member name="M:Microsoft.Identity.Client.UIBehavior.op_Equality(Microsoft.Identity.Client.UIBehavior,Microsoft.Identity.Client.UIBehavior)"> <summary> operator overload to equality check </summary> <param name="x">first value</param> <param name="y">second value</param> <returns>true if the objects are equal</returns> </member> <member name="M:Microsoft.Identity.Client.UIBehavior.op_Inequality(Microsoft.Identity.Client.UIBehavior,Microsoft.Identity.Client.UIBehavior)"> <summary> operator overload to equality check </summary> <param name="x">first value</param> <param name="y">second value</param> <returns>true if the objects are not equal</returns> </member> <member name="T:Microsoft.Identity.Client.UIParent"> <summary> Contains UI properties for interactive flows, such as the parent window (on Windows), or the parent activity (on Xamarin.Android), and which browser to use (on Xamarin.Android and Xamarin.iOS) </summary> </member> <member name="M:Microsoft.Identity.Client.UIParent.#ctor"> <summary> Default constructor. </summary> </member> <member name="M:Microsoft.Identity.Client.UIParent.#ctor(System.Object)"> <summary> Initializes an instance for a provided parent window. </summary> <param name="ownerWindow">Parent window object reference. OPTIONAL. The expected parent window are either of type <see cref="T:System.Windows.Forms.IWin32Window"/> or <see cref="T:System.IntPtr"/> (for window handle)</param> </member> <member name="T:Microsoft.Identity.Client.UserAssertion"> <seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)"/> and <see cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion,System.String)"/> </member> <member name="M:Microsoft.Identity.Client.UserAssertion.#ctor(System.String)"> <summary> Constructor from a JWT assertion. For other assertion types (SAML), use the other constructor <see cref="M:Microsoft.Identity.Client.UserAssertion.#ctor(System.String,System.String)"/> </summary> <param name="jwtBearerToken">JWT bearer token used to access the Web application itself</param> </member> <member name="M:Microsoft.Identity.Client.UserAssertion.#ctor(System.String,System.String)"> <summary> Constructor of a UserAssertion specifying the assertionType in addition to the assertion </summary> <param name="assertion">Assertion representing the user.</param> <param name="assertionType">Type of the assertion representing the user. Accepted types are currently: <list type="bullet"> <item>urn:ietf:params:oauth:grant-type:jwt-bearer<term></term><description>JWT bearer token. Passing this is equivalent to using the other (simpler) constructor</description></item> <item>urn:ietf:params:oauth:grant-type:saml1_1-bearer<term></term><description>SAML 1.1 bearer token</description></item> <item>urn:ietf:params:oauth:grant-type:jwt-bearer<term></term><description>SAML 2 bearer token</description></item> </list></param> </member> <member name="P:Microsoft.Identity.Client.UserAssertion.Assertion"> <summary> Gets the assertion. </summary> </member> <member name="P:Microsoft.Identity.Client.UserAssertion.AssertionType"> <summary> Gets the assertion type. </summary> </member> <member name="T:Microsoft.Identity.Client.CryptographyHelper"> <summary> Helper class for cryptographic operations </summary> </member> <member name="M:Microsoft.Identity.Client.CryptographyHelper.SignWithCertificate(System.String,System.Security.Cryptography.X509Certificates.X509Certificate2)"> <summary> Signs a message with a provided certificate </summary> <param name="message">Message to sign</param> <param name="certificate">X509 certificate to use</param> <returns>Signed message</returns> </member> <member name="M:Microsoft.Identity.Client.CryptographyHelper.GetCryptoProviderForSha256(System.Security.Cryptography.X509Certificates.X509Certificate2)"> <summary> Create a <see cref="T:System.Security.Cryptography.RSACryptoServiceProvider"/> using the private key from the given <see cref="T:System.Security.Cryptography.X509Certificates.X509Certificate2"/>. </summary> <param name="certificate">Certificate including private key with which to initialize the <see cref="T:System.Security.Cryptography.RSACryptoServiceProvider"/> with</param> <returns><see cref="T:System.Security.Cryptography.RSACryptoServiceProvider"/> initialized with private key from <paramref name="certificate"/></returns> </member> <member name="T:Microsoft.Identity.Client.StaTaskScheduler"> <summary>Provides a scheduler that uses STA threads.</summary> </member> <member name="F:Microsoft.Identity.Client.StaTaskScheduler._threads"> <summary>The STA threads used by the scheduler.</summary> </member> <member name="F:Microsoft.Identity.Client.StaTaskScheduler._tasks"> <summary>Stores the queued tasks to be executed by our pool of STA threads.</summary> </member> <member name="M:Microsoft.Identity.Client.StaTaskScheduler.#ctor(System.Int32)"> <summary>Initializes a new instance of the StaTaskScheduler class with the specified concurrency level.</summary> <param name="numberOfThreads">The number of threads that should be created and used by this scheduler.</param> </member> <member name="P:Microsoft.Identity.Client.StaTaskScheduler.MaximumConcurrencyLevel"> <summary>Gets the maximum concurrency level supported by this scheduler.</summary> </member> <member name="M:Microsoft.Identity.Client.StaTaskScheduler.Dispose"> <summary> Cleans up the scheduler by indicating that no more tasks will be queued. This method blocks until all threads successfully shutdown. </summary> </member> <member name="M:Microsoft.Identity.Client.StaTaskScheduler.QueueTask(System.Threading.Tasks.Task)"> <summary>Queues a Task to be executed by this scheduler.</summary> <param name="task">The task to be executed.</param> </member> <member name="M:Microsoft.Identity.Client.StaTaskScheduler.GetScheduledTasks"> <summary>Provides a list of the scheduled tasks for the debugger to consume.</summary> <returns>An enumerable of all tasks currently scheduled.</returns> </member> <member name="M:Microsoft.Identity.Client.StaTaskScheduler.TryExecuteTaskInline(System.Threading.Tasks.Task,System.Boolean)"> <summary>Determines whether a Task may be inlined.</summary> <param name="task">The task to be executed.</param> <param name="taskWasPreviouslyQueued">Whether the task was previously queued.</param> <returns>true if the task was successfully inlined; otherwise, false.</returns> </member> <member name="T:Microsoft.Identity.Client.TokenCacheExtensions"> <summary> Extension methods used to subscribe to cache serialization events, and to effectively serialize and deserialize the cache </summary> <remarks>New in MSAL.NET 2.x: it's now possible to deserialize the token cache in two formats, the ADAL V3 legacy token cache format, and the new unified cache format, common to ADAL.NET, MSAL.NET, and other libraries on the same platform (MSAL.objc, on iOS)</remarks> </member> <member name="M:Microsoft.Identity.Client.TokenCacheExtensions.SetBeforeAccess(Microsoft.Identity.Client.TokenCache,Microsoft.Identity.Client.TokenCache.TokenCacheNotification)"> <summary> Sets a delegate to be notified before any library method accesses the cache. This gives an option to the delegate to deserialize a cache entry for the application and accounts specified in the <see cref="T:Microsoft.Identity.Client.TokenCacheNotificationArgs"/>. See https://aka.ms/msal-net-token-cache-serialization </summary> <param name="tokencache">Token cache that will be accessed</param> <param name="beforeAccess">Delegate set in order to handle the cache deserialiation</param> <remarks>In the case where the delegate is used to deserialize the cache, it might want to call <see cref="M:Microsoft.Identity.Client.TokenCacheExtensions.Deserialize(Microsoft.Identity.Client.TokenCache,System.Byte[])"/></remarks> </member> <member name="M:Microsoft.Identity.Client.TokenCacheExtensions.SetAfterAccess(Microsoft.Identity.Client.TokenCache,Microsoft.Identity.Client.TokenCache.TokenCacheNotification)"> <summary> Sets a delegate to be notified after any library method accesses the cache. This gives an option to the delegate to serialize a cache entry for the application and accounts specified in the <see cref="T:Microsoft.Identity.Client.TokenCacheNotificationArgs"/>. See https://aka.ms/msal-net-token-cache-serialization </summary> <param name="tokencache">Token cache that was accessed</param> <param name="afterAccess">Delegate set in order to handle the cache serialization in the case where the <see cref="P:Microsoft.Identity.Client.TokenCache.HasStateChanged"/> member of the cache is <c>true</c></param> <remarks>In the case where the delegate is used to serialize the cache entierely (not just a row), it might want to call <see cref="M:Microsoft.Identity.Client.TokenCacheExtensions.Serialize(Microsoft.Identity.Client.TokenCache)"/></remarks> </member> <member name="M:Microsoft.Identity.Client.TokenCacheExtensions.SetBeforeWrite(Microsoft.Identity.Client.TokenCache,Microsoft.Identity.Client.TokenCache.TokenCacheNotification)"> <summary> Sets a delegate called before any library method writes to the cache. This gives an option to the delegate to reload the cache state from a row in database and lock that row. That database row can then be unlocked in the delegate registered with <see cref="M:Microsoft.Identity.Client.TokenCacheExtensions.SetAfterAccess(Microsoft.Identity.Client.TokenCache,Microsoft.Identity.Client.TokenCache.TokenCacheNotification)"/> </summary> <param name="tokencache">Token cache that will be accessed</param> <param name="beforeWrite">Delegate set in order to prepare the cache serialization</param> </member> <member name="M:Microsoft.Identity.Client.TokenCacheExtensions.Deserialize(Microsoft.Identity.Client.TokenCache,System.Byte[])"> <summary> Deserializes the token cache from a serialization blob in the unified cache format </summary> <param name="tokenCache">Token cache to deserialize (to fill-in from the state)</param> <param name="unifiedState">Array of bytes containing serialized Msal cache data</param> <remarks> <paramref name="unifiedState"/>Is a Json blob containing access tokens, refresh tokens, id tokens and accounts information. </remarks> </member> <member name="M:Microsoft.Identity.Client.TokenCacheExtensions.DeserializeUnifiedAndAdalCache(Microsoft.Identity.Client.TokenCache,Microsoft.Identity.Core.Cache.CacheData)"> <summary> Deserializes the token cache from a serialization blob in both format (ADAL V3 format, and unified cache format) </summary> <param name="tokenCache">Token cache to deserialize (to fill-in from the state)</param> <param name="cacheData">Array of bytes containing serialicache data</param> </member> <member name="M:Microsoft.Identity.Client.TokenCacheExtensions.Serialize(Microsoft.Identity.Client.TokenCache)"> <summary> Serializes the entire token cache, in the unified cache format only </summary> <param name="tokenCache">Token cache to serialize</param> <returns>array of bytes containing the serialized unified cache</returns> </member> <member name="M:Microsoft.Identity.Client.TokenCacheExtensions.SerializeUnifiedAndAdalCache(Microsoft.Identity.Client.TokenCache)"> <summary> Serializes the entire token cache in both the ADAL V3 and unified cache formats. </summary> <param name="tokenCache">Token cache to serialize</param> <returns>Serialized token cache <see cref="T:Microsoft.Identity.Core.Cache.CacheData"/></returns> </member> <member name="T:Microsoft.Identity.Client.DeviceCodeResult"> <summary> This object is returned as part of the device code flow and has information intended to be shown to the user about where to navigate to login and what the device code needs to be entered on that device. See https://aka.ms/msal-device-code-flow. </summary> <seealso cref="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})"> and the other overrides </seealso> </member> <member name="P:Microsoft.Identity.Client.DeviceCodeResult.UserCode"> <summary> User code returned by the service </summary> </member> <member name="P:Microsoft.Identity.Client.DeviceCodeResult.DeviceCode"> <summary> Device code returned by the service </summary> </member> <member name="P:Microsoft.Identity.Client.DeviceCodeResult.VerificationUrl"> <summary> Verification URL where the user must navigate to authenticate using the device code and credentials. </summary> </member> <member name="P:Microsoft.Identity.Client.DeviceCodeResult.ExpiresOn"> <summary> Time when the device code will expire. </summary> </member> <member name="P:Microsoft.Identity.Client.DeviceCodeResult.Interval"> <summary> Polling interval time to check for completion of authentication flow. </summary> </member> <member name="P:Microsoft.Identity.Client.DeviceCodeResult.Message"> <summary> User friendly text response that can be used for display purpose. </summary> </member> <member name="P:Microsoft.Identity.Client.DeviceCodeResult.ClientId"> <summary> Identifier of the client requesting device code. </summary> </member> <member name="P:Microsoft.Identity.Client.DeviceCodeResult.Scopes"> <summary> List of the scopes that would be held by token. </summary> </member> <member name="T:Microsoft.Identity.Client.ClientAssertionCertificate"> <summary> Certificate for a client assertion. This class is used in one of the constructors of <see cref="T:Microsoft.Identity.Client.ClientCredential"/>. ClientCredential is itself used in the constructor of <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> to pass to Azure AD a shared secret (registered in the Azure AD application) </summary> <seealso cref="M:Microsoft.Identity.Client.ClientCredential.#ctor(Microsoft.Identity.Client.ClientAssertionCertificate)"/> for the constructor of <seealso cref="T:Microsoft.Identity.Client.ClientCredential"/> with a certificate, and <seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.#ctor(System.String,System.String,Microsoft.Identity.Client.ClientCredential,Microsoft.Identity.Client.TokenCache,Microsoft.Identity.Client.TokenCache)"/> <remarks>To understand the difference between public client applications and confidential client applications, see https://aka.ms/msal-net-client-applications</remarks> </member> <member name="M:Microsoft.Identity.Client.ClientAssertionCertificate.#ctor(System.Security.Cryptography.X509Certificates.X509Certificate2)"> <summary> Constructor to create certificate information used in <see cref="M:Microsoft.Identity.Client.ClientCredential.#ctor(Microsoft.Identity.Client.ClientAssertionCertificate)"/> to instantiate a <see cref="T:Microsoft.Identity.Client.ClientCredential"/> used in the constructors of <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> </summary> <param name="certificate">The X509 certificate used as credentials to prove the identity of the application to Azure AD.</param> </member> <member name="P:Microsoft.Identity.Client.ClientAssertionCertificate.MinKeySizeInBits"> <summary> Gets minimum X509 certificate key size in bits </summary> </member> <member name="P:Microsoft.Identity.Client.ClientAssertionCertificate.Certificate"> <summary> Gets the X509 certificate used as credentials to prove the identity of the application to Azure AD. </summary> </member> <member name="T:Microsoft.Identity.Client.ClientCredential"> <summary> Meant to be used in confidential client applications, an instance of <c>ClientCredential</c> is passed to the constructors of (<see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>) as credentials proving that the application (the client) is what it claims it is. These credentials can be either a client secret (an application password) or a certificate. This class has one constructor for each case. These crendentials are added in the application registration portal (in the secret section). </summary> </member> <member name="M:Microsoft.Identity.Client.ClientCredential.#ctor(Microsoft.Identity.Client.ClientAssertionCertificate)"> <summary> Constructor of client (application) credentials from a <see cref="T:Microsoft.Identity.Client.ClientAssertionCertificate"/> </summary> <param name="certificate">contains information about the certificate previously shared with AAD at application registration to prove the identity of the application (the client) requesting the tokens.</param> </member> <member name="M:Microsoft.Identity.Client.ClientCredential.#ctor(System.String)"> <summary> Constructor of client (application) credentials from a client secret, also known as the application password. </summary> <param name="secret">Secret string previously shared with AAD at application registration to prove the identity of the application (the client) requesting the tokens.</param> </member> <member name="T:Microsoft.Identity.Client.ConfidentialClientApplication"> <summary> Class to be used for confidential client applications (Web Apps, Web APIs, and daemon applications). </summary> <remarks> Confidential client applications are typically applications which run on servers (Web Apps, Web API, or even service/daemon applications). They are considered difficult to access, and therefore capable of keeping an application secret (hold configuration time secrets as these values would be difficult for end users to extract). A web app is the most common confidential client. The clientId is exposed through the web browser, but the secret is passed only in the back channel and never directly exposed. For details see https://aka.ms/msal-net-client-applications </remarks> </member> <member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.#ctor(System.String,System.String,Microsoft.Identity.Client.ClientCredential,Microsoft.Identity.Client.TokenCache,Microsoft.Identity.Client.TokenCache)"> <summary> Constructor for a confidential client application requesting tokens with the default authority (<see cref="F:Microsoft.Identity.Client.ClientApplicationBase.DefaultAuthority"/>) </summary> <param name="clientId">Client ID (also known as App ID) of the application as registered in the application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED</param> <param name="redirectUri">URL where the STS will call back the application with the security token. REQUIRED</param> <param name="clientCredential">Credential, previously shared with Azure AD during the application registration and proving the identity of the application. An instance of <see cref="P:Microsoft.Identity.Client.ConfidentialClientApplication.ClientCredential"/> can be created either from an application secret, or a certificate. REQUIRED.</param> <param name="userTokenCache">Token cache for saving user tokens. Can be set to null if the confidential client application only uses the Client Credentials grants (that is requests token in its own name and not in the name of users). Otherwise should be provided. REQUIRED</param> <param name="appTokenCache">Token cache for saving application (that is client token). Can be set to <c>null</c> except if the application uses the client credentials grants</param> <remarks> See https://aka.ms/msal-net-client-applications for a description of confidential client applications (and public client applications) Client credential grants are overrides of <see cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenForClientAsync(System.Collections.Generic.IEnumerable{System.String})"/> </remarks> <seealso cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> which enables app developers to specify the authority </member> <member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.#ctor(System.String,System.String,System.String,Microsoft.Identity.Client.ClientCredential,Microsoft.Identity.Client.TokenCache,Microsoft.Identity.Client.TokenCache)"> <summary> Constructor for a confidential client application requesting tokens with a specified authority </summary> <param name="clientId">Client ID (also named Application ID) of the application as registered in the application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED</param> <param name="authority">Authority of the security token service (STS) from which MSAL.NET will acquire the tokens. Usual authorities are: <list type="bullet"> <item><description><c>https://login.microsoftonline.com/tenant/</c>, where <c>tenant</c> is the tenant ID of the Azure AD tenant or a domain associated with this Azure AD tenant, in order to sign-in users of a specific organization only</description></item> <item><description><c>https://login.microsoftonline.com/common/</c> to sign-in users with any work and school accounts or Microsoft personal accounts</description></item> <item><description><c>https://login.microsoftonline.com/organizations/</c> to sign-in users with any work and school accounts</description></item> <item><description><c>https://login.microsoftonline.com/consumers/</c> to sign-in users with only personal Microsoft accounts(live)</description></item> </list> Note that this setting needs to be consistent with what is declared in the application registration portal </param> <param name="redirectUri">URL where the STS will call back the application with the security token. REQUIRED</param> <param name="clientCredential">Credential, previously shared with Azure AD during the application registration and proving the identity of the application. An instance of <see cref="P:Microsoft.Identity.Client.ConfidentialClientApplication.ClientCredential"/> can be created either from an application secret, or a certificate. REQUIRED.</param> <param name="userTokenCache">Token cache for saving user tokens. Can be set to null if the confidential client application only uses the Client Credentials grants (that is requests token in its own name and not in the name of users). Otherwise should be provided. REQUIRED</param> <param name="appTokenCache">Token cache for saving application (that is client token). Can be set to <c>null</c> except if the application uses the client credentials grants</param> <remarks> See https://aka.ms/msal-net-client-applications for a description of confidential client applications (and public client applications) Client credential grants are overrides of <see cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenForClientAsync(System.Collections.Generic.IEnumerable{System.String})"/> </remarks> <seealso cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> which enables app developers to create a confidential client application requesting tokens with the default authority. </member> <member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)"> <summary> Acquires an access token for this application (usually a Web API) from the authority configured in the application, in order to access another downstream protected Web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of). This confidential client application was itself called with a token which will be provided in the <paramref name="userAssertion">userAssertion</paramref> parameter. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="userAssertion">Instance of <see cref="T:Microsoft.Identity.Client.UserAssertion"/> containing credential information about the user on behalf of whom to get a token.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> <seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion,System.String)"/> for the on-behalf-of flow when specifying the authority </member> <member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion,System.String)"> <summary> Acquires an access token for this application (usually a Web API) from a specific authority, in order to access another downstream protected Web API on behalf of a user (See https://aka.ms/msal-net-on-behalf-of). This confidential client application was itself called with a token which will be provided in the <paramref name="userAssertion">userAssertion</paramref> parameter. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="userAssertion">Instance of <see cref="T:Microsoft.Identity.Client.UserAssertion"/> containing credential information about the user on behalf of whom to get a token.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <returns>Authentication result containing a token for the requested scopes and account</returns> <seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)"/> for the on-behalf-of flow without specifying the authority </member> <member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.Microsoft#Identity#Client#IConfidentialClientApplicationWithCertificate#AcquireTokenOnBehalfOfWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)"> <summary> Acquires an access token for this application (usually a Web API) from the authority configured in the application, in order to access another downstream protected Web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of). This confidential client application was itself called with a token which will be provided in the <paramref name="userAssertion">userAssertion</paramref> parameter. This override sends the certificate, which helps certificate rotation in Azure AD </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="userAssertion">Instance of <see cref="T:Microsoft.Identity.Client.UserAssertion"/> containing credential information about the user on behalf of whom to get a token.</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.Microsoft#Identity#Client#IConfidentialClientApplicationWithCertificate#AcquireTokenOnBehalfOfWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion,System.String)"> <summary> Acquires an access token for this application (usually a Web API) from a specific authority, in order to access another downstream protected Web API on behalf of a user (See https://aka.ms/msal-net-on-behalf-of). This confidential client application was itself called with a token which will be provided in the This override sends the certificate, which helps certificate rotation in Azure AD <paramref name="userAssertion">userAssertion</paramref> parameter. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="userAssertion">Instance of <see cref="T:Microsoft.Identity.Client.UserAssertion"/> containing credential information about the user on behalf of whom to get a token.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <returns>Authentication result containing a token for the requested scopes and account</returns> </member> <member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenByAuthorizationCodeAsync(System.String,System.Collections.Generic.IEnumerable{System.String})"> <summary> Acquires a security token from the authority configured in the app using the authorization code previously received from the STS. It uses the OAuth 2.0 authorization code flow (See https://aka.ms/msal-net-authorization-code). It's usually used in Web Apps (for instance ASP.NET / ASP.NET Core Web apps) which sign-in users, and therefore receive an authorization code. This method does not lookup the token cache, but stores the result in it, so it can be looked up using other methods such as <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/>. </summary> <param name="authorizationCode">The authorization code received from service authorization endpoint.</param> <param name="scopes">Scopes requested to access a protected API</param> <returns>Authentication result containing token of the user for the requested scopes</returns> </member> <member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenForClientAsync(System.Collections.Generic.IEnumerable{System.String})"> <summary> Acquires a token from the authority configured in the app, for the confidential client itself (in the name of no user) using the client credentials flow. (See https://aka.ms/msal-net-client-credentials) </summary> <param name="scopes">scopes requested to access a protected API. For this flow (client credentials), the scopes should be of the form "{ResourceIdUri/.default}" for instance <c>https://management.azure.net/.default</c> or, for Microsoft Graph, <c>https://graph.microsoft.com/.default</c> as the requested scopes are really defined statically at application registration in the portal, and cannot be overriden in the application. See also </param> <returns>Authentication result containing the token of the user for the requested scopes</returns> </member> <member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenForClientAsync(System.Collections.Generic.IEnumerable{System.String},System.Boolean)"> <summary> Acquires a token from the authority configured in the app, for the confidential client itself (in the name of no user) using the client credentials flow. (See https://aka.ms/msal-net-client-credentials) </summary> <param name="scopes">Scopes requested to access a protected API. For this flow (client credentials), the scopes should be of the form "{ResourceIdUri/.default}" for instance <c>https://management.azure.net/.default</c> or, for Microsoft Graph, <c>https://graph.microsoft.com/.default</c> as the requested scopes are really defined statically at application registration in the portal, and cannot be overriden in the application</param> <param name="forceRefresh">If <c>true</c>, API will ignore the access token in the cache and attempt to acquire new access token using client credentials. This override can be used in case the application knows that conditional access policies changed</param> <returns>Authentication result containing token of the user for the requested scopes</returns> </member> <member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.Microsoft#Identity#Client#IConfidentialClientApplicationWithCertificate#AcquireTokenForClientWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String})"> <summary> Acquires token from the service for the confidential client using the client credentials flow. (See https://aka.ms/msal-net-client-credentials) This method enables application developers to achieve easy certificate roll-over in Azure AD: this method will send the public certificate to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or powershell/CLI operation) </summary> <param name="scopes">Scopes requested to access a protected API</param> <returns>Authentication result containing application token for the requested scopes</returns> </member> <member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.Microsoft#Identity#Client#IConfidentialClientApplicationWithCertificate#AcquireTokenForClientWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String},System.Boolean)"> <summary> Acquires token from the service for the confidential client using the client credentials flow. (See https://aka.ms/msal-net-client-credentials) This method attempts to look up valid access token in the cache unless<paramref name="forceRefresh"/> is true This method enables application developers to achieve easy certificate roll-over in Azure AD: this method will send the public certificate to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or powershell/CLI operation) </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="forceRefresh">If TRUE, API will ignore the access token in the cache and attempt to acquire new access token using client credentials</param> <returns>Authentication result containing application token for the requested scopes</returns> </member> <member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.GetAuthorizationRequestUrlAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)"> <summary> Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in the user's name. The URL targets the /authorize endpoint of the authority configured in the application. This override enables you to specify a login hint and extra query parameter. </summary> <param name="scopes">Scopes requested to access a protected API</param> <param name="loginHint">Identifier of the user. Generally a UPN. This can be empty</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <returns>URL of the authorize endpoint including the query parameters.</returns> </member> <member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.GetAuthorizationRequestUrlAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.String,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)"> <summary> Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in the user's name. The URL targets the /authorize endpoint of the authority specified as the <paramref name="authority"/> parameter. This override enables you to specify a redirectUri, login hint extra query parameters, extra scope to consent (which are not for the same resource as the <paramref name="scopes"/>), and an authority. </summary> <param name="scopes">Scopes requested to access a protected API (a resource)</param> <param name="redirectUri">Address to return to upon receiving a response from the authority.</param> <param name="loginHint">Identifier of the user. Generally a UPN.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. The parameter can be null.</param> <param name="extraScopesToConsent">Scopes for additional resources (other than the resource for which <paramref name="scopes"/> are requested), which a developer can request the user to consent to upfront.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <returns>URL of the authorize endpoint including the query parameters.</returns> </member> <member name="T:Microsoft.Identity.Client.IConfidentialClientApplication"> <summary> Component to be used with confidential client applications like Web Apps/API. </summary> </member> <member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)"> <summary> Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of) </summary> <param name="scopes">Array of scopes requested for resource</param> <param name="userAssertion">Instance of UserAssertion containing user's token.</param> <returns>Authentication result containing token of the user for the requested scopes</returns> </member> <member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion,System.String)"> <summary> Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of) </summary> <param name="scopes">Array of scopes requested for resource</param> <param name="userAssertion">Instance of UserAssertion containing user's token.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <returns>Authentication result containing token of the user for the requested scopes</returns> </member> <member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenByAuthorizationCodeAsync(System.String,System.Collections.Generic.IEnumerable{System.String})"> <summary> Acquires security token from the authority using authorization code previously received. This method does not lookup token cache, but stores the result in it, so it can be looked up using other methods such as <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/>. </summary> <param name="authorizationCode">The authorization code received from service authorization endpoint.</param> <param name="scopes">Array of scopes requested for resource</param> <returns>Authentication result containing token of the user for the requested scopes</returns> </member> <member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenForClientAsync(System.Collections.Generic.IEnumerable{System.String})"> <summary> Acquires token from the service for the confidential client. This method attempts to look up valid access token in the cache. </summary> <param name="scopes">Array of scopes requested for resource</param> <returns>Authentication result containing application token for the requested scopes</returns> </member> <member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenForClientAsync(System.Collections.Generic.IEnumerable{System.String},System.Boolean)"> <summary> Acquires token from the service for the confidential client. This method attempts to look up valid access token in the cache. </summary> <param name="scopes">Array of scopes requested for resource</param> <param name="forceRefresh">If TRUE, API will ignore the access token in the cache and attempt to acquire new access token using client credentials</param> <returns>Authentication result containing application token for the requested scopes</returns> </member> <member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.GetAuthorizationRequestUrlAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)"> <summary> Gets URL of the authorize endpoint including the query parameters. </summary> <param name="scopes">Array of scopes requested for resource</param> <param name="loginHint">Identifier of the user. Generally a UPN.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. The parameter can be null.</param> <returns>URL of the authorize endpoint including the query parameters.</returns> </member> <member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.GetAuthorizationRequestUrlAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.String,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)"> <summary> Gets URL of the authorize endpoint including the query parameters. </summary> <param name="scopes">Array of scopes requested for resource</param> <param name="redirectUri">Address to return to upon receiving a response from the authority.</param> <param name="loginHint">Identifier of the user. Generally a UPN.</param> <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. The parameter can be null.</param> <param name="extraScopesToConsent">Array of scopes for which a developer can request consent upfront.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <returns>URL of the authorize endpoint including the query parameters.</returns> </member> <member name="T:Microsoft.Identity.Client.IConfidentialClientApplicationWithCertificate"> <summary> Component to be used with confidential client applications like Web Apps/API. This component supports Subject Name + Issuer authentication in order to help, in the future, Azure AD certificates rollover </summary> </member> <member name="M:Microsoft.Identity.Client.IConfidentialClientApplicationWithCertificate.AcquireTokenForClientWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String})"> <summary> Acquires token from the service for the confidential client using the client credentials flow. (See https://aka.ms/msal-net-client-credentials) This method enables application developers to achieve easy certificates roll-over in Azure AD: this method will send the public certificate to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or powershell/CLI operation) </summary> <param name="scopes">Array of scopes requested for resource</param> <returns>Authentication result containing application token for the requested scopes</returns> </member> <member name="M:Microsoft.Identity.Client.IConfidentialClientApplicationWithCertificate.AcquireTokenForClientWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String},System.Boolean)"> <summary> Acquires token from the service for the confidential client using the client credentials flow. (See https://aka.ms/msal-net-client-credentials) This method attempts to look up valid access token in the cache unless<paramref name="forceRefresh"/> is true This method enables application developers to achieve easy certificates roll-over in Azure AD: this method will send the public certificate to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or powershell/CLI operation) </summary> <param name="scopes">Array of scopes requested for resource</param> <param name="forceRefresh">If TRUE, API will ignore the access token in the cache and attempt to acquire new access token using client credentials</param> <returns>Authentication result containing application token for the requested scopes</returns> </member> <member name="M:Microsoft.Identity.Client.IConfidentialClientApplicationWithCertificate.AcquireTokenOnBehalfOfWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)"> <summary> Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of) </summary> <param name="scopes">Array of scopes requested for resource</param> <param name="userAssertion">Instance of UserAssertion containing user's token.</param> <returns>Authentication result containing token of the user for the requested scopes</returns> </member> <member name="M:Microsoft.Identity.Client.IConfidentialClientApplicationWithCertificate.AcquireTokenOnBehalfOfWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion,System.String)"> <summary> Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of) </summary> <param name="scopes">Array of scopes requested for resource</param> <param name="userAssertion">Instance of UserAssertion containing user's token.</param> <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> <returns>Authentication result containing token of the user for the requested scopes</returns> </member> <member name="T:Microsoft.Identity.Core.MsalErrorMessage"> <summary> The active directory authentication error message. </summary> </member> <member name="T:Microsoft.Identity.Core.Cache.AdalResult"> <summary> Contains the results of one token acquisition operation. </summary> </member> <member name="M:Microsoft.Identity.Core.Cache.AdalResult.#ctor(System.String,System.String,System.DateTimeOffset)"> <summary> Creates result returned from AcquireToken. Except in advanced scenarios related to token caching, you do not need to create any instance of AuthenticationResult. </summary> <param name="accessTokenType">Type of the Access Token returned</param> <param name="accessToken">The Access Token requested</param> <param name="expiresOn">The point in time in which the Access Token returned in the AccessToken property ceases to be valid</param> </member> <member name="M:Microsoft.Identity.Core.Cache.AdalResult.#ctor(System.String,System.String,System.DateTimeOffset,System.DateTimeOffset)"> <summary> Creates result returned from AcquireToken. Except in advanced scenarios related to token caching, you do not need to create any instance of AuthenticationResult. </summary> <param name="accessTokenType">Type of the Access Token returned</param> <param name="accessToken">The Access Token requested</param> <param name="expiresOn">The point in time in which the Access Token returned in the AccessToken property ceases to be valid</param> <param name="extendedExpiresOn">The point in time in which the Access Token returned in the AccessToken property ceases to be valid</param> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalResult.AccessTokenType"> <summary> Gets the type of the Access Token returned. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalResult.AccessToken"> <summary> Gets the Access Token requested. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalResult.ExpiresOn"> <summary> Gets the point in time in which the Access Token returned in the AccessToken property ceases to be valid. This value is calculated based on current UTC time measured locally and the value expiresIn received from the service. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalResult.ExtendedExpiresOn"> <summary> Gets the point in time in which the Access Token returned in the AccessToken property ceases to be valid in ADAL's extended LifeTime. This value is calculated based on current UTC time measured locally and the value ext_expiresIn received from the service. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalResult.ExtendedLifeTimeToken"> <summary> Gives information to the developer whether token returned is during normal or extended lifetime. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalResult.TenantId"> <summary> Gets an identifier for the tenant the token was acquired from. This property will be null if tenant information is not returned by the service. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalResult.UserInfo"> <summary> Gets user information including user Id. Some elements in UserInfo might be null if not returned by the service. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalResult.IdToken"> <summary> Gets the entire Id Token if returned by the service or null if no Id Token is returned. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalResult.Authority"> <summary> Gets the authority that has issued the token. </summary> </member> <member name="M:Microsoft.Identity.Core.Cache.AdalResult.CreateAuthorizationHeader"> <summary> Creates authorization header from authentication result. </summary> <returns>Created authorization header</returns> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalResultWrapper.RefreshToken"> <summary> Gets the Refresh Token associated with the requested Access Token. Note: not all operations will return a Refresh Token. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalResultWrapper.IsMultipleResourceRefreshToken"> <summary> Gets a value indicating whether the refresh token can be used for requesting access token for other resources. </summary> </member> <member name="M:Microsoft.Identity.Core.Cache.AdalResultWrapper.Deserialize(System.String)"> <summary> Serializes the object to a JSON string </summary> <returns>Deserialized authentication result</returns> </member> <member name="M:Microsoft.Identity.Core.Cache.AdalResultWrapper.Serialize"> <summary> Serializes the object to a JSON string </summary> <returns>Serialized authentication result</returns> </member> <member name="T:Microsoft.Identity.Core.Cache.TokenSubjectType"> <summary> Determines what type of subject the token was issued for. </summary> </member> <member name="F:Microsoft.Identity.Core.Cache.TokenSubjectType.User"> <summary> User </summary> </member> <member name="F:Microsoft.Identity.Core.Cache.TokenSubjectType.Client"> <summary> Client </summary> </member> <member name="F:Microsoft.Identity.Core.Cache.TokenSubjectType.UserPlusClient"> <summary> UserPlusClient: This is for confidential clients used in middle tier. </summary> </member> <member name="T:Microsoft.Identity.Core.Cache.AdalTokenCacheKey"> <summary> <see cref="T:Microsoft.Identity.Core.Cache.AdalTokenCacheKey"/> can be used with Linq to access items from the TokenCache dictionary. </summary> </member> <member name="M:Microsoft.Identity.Core.Cache.AdalTokenCacheKey.Equals(System.Object)"> <summary> Determines whether the specified object is equal to the current object. </summary> <returns> true if the specified object is equal to the current object; otherwise, false. </returns> <param name="obj">The object to compare with the current object. </param><filterpriority>2</filterpriority> </member> <member name="M:Microsoft.Identity.Core.Cache.AdalTokenCacheKey.Equals(Microsoft.Identity.Core.Cache.AdalTokenCacheKey)"> <summary> Determines whether the specified TokenCacheKey is equal to the current object. </summary> <returns> true if the specified TokenCacheKey is equal to the current object; otherwise, false. </returns> <param name="other">The TokenCacheKey to compare with the current object. </param><filterpriority>2</filterpriority> </member> <member name="M:Microsoft.Identity.Core.Cache.AdalTokenCacheKey.GetHashCode"> <summary> Returns the hash code for this TokenCacheKey. </summary> <returns> A 32-bit signed integer hash code. </returns> </member> <member name="T:Microsoft.Identity.Core.Cache.AdalUserInfo"> <summary> Contains information of a single user. This information is used for token cache lookup. Also if created with userId, userId is sent to the service when login_hint is accepted. </summary> </member> <member name="M:Microsoft.Identity.Core.Cache.AdalUserInfo.#ctor"> <summary> Create user information for token cache lookup </summary> </member> <member name="M:Microsoft.Identity.Core.Cache.AdalUserInfo.#ctor(Microsoft.Identity.Core.Cache.AdalUserInfo)"> <summary> Create user information copied from another UserInfo object </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalUserInfo.UniqueId"> <summary> Gets identifier of the user authenticated during token acquisition. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalUserInfo.DisplayableId"> <summary> Gets a displayable value in UserPrincipalName (UPN) format. The value can be null. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalUserInfo.GivenName"> <summary> Gets given name of the user if provided by the service. If not, the value is null. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalUserInfo.FamilyName"> <summary> Gets family name of the user if provided by the service. If not, the value is null. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalUserInfo.PasswordExpiresOn"> <summary> Gets the time when the password expires. Default value is 0. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalUserInfo.PasswordChangeUrl"> <summary> Gets the url where the user can change the expiring password. The value can be null. </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.AdalUserInfo.IdentityProvider"> <summary> Gets identity provider if returned by the service. If not, the value is null. </summary> </member> <member name="T:Microsoft.Identity.Core.Cache.CacheData"> <summary> Data class, common to ADAL.NET and MSAL.NET used for the token cache serialization in a dual format: the ADAL V3 cache format, and the new unified cache format, common to ADAL.NET 4.x, MSAL.NET 2.x and other libraries in the same Operating System (for instance ADAL and MSAL for objective C in iOS) </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.CacheData.AdalV3State"> <summary> Array of bytes containing the serialized cache in ADAL.NET V3 format </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.CacheData.UnifiedState"> <summary> Array of bytes containing the serialized Unified cache </summary> </member> <member name="M:Microsoft.Identity.Core.Cache.CacheFallbackOperations.GetAllAdalUsersForMsal(Microsoft.Identity.Core.Cache.ILegacyCachePersistence,System.String)"> <summary> Returns a tuple where Item1 is a map of ClientInfo -> AdalUserInfo for those users that have ClientInfo Item2 is a list of AdalUserInfo for those users that do not have ClientInfo </summary> </member> <member name="M:Microsoft.Identity.Core.Cache.CacheFallbackOperations.RemoveAdalUser(Microsoft.Identity.Core.Cache.ILegacyCachePersistence,System.String,System.String,System.String)"> <summary> Algorithm to delete: DisplayableId cannot be null Removal is scoped by enviroment and clientId; If accountId != null then delete everything with the same clientInfo otherwise, delete everything with the same displayableId Notes: - displayableId can change rarely - ClientCredential Grant uses the app token cache, not the user token cache, so this algorithm does not apply (nor will GetAccounts / RemoveAccount work) </summary> </member> <member name="P:Microsoft.Identity.Core.Cache.MsalAccessTokenCacheItem.NormalizedScopes"> <summary> String comprised of scopes that have been lowercased and ordered. </summary> <remarks>Normalization is important when creating unique keys.</remarks> </member> <member name="T:Microsoft.Identity.Core.Cache.MsalAccessTokenCacheKey"> <summary> An object representing the key of the token cache AT dictionary. The format of the key is not important for this library, as long as it is unique. </summary> <remarks>The format of the key is platform dependent</remarks> </member> <member name="M:Microsoft.Identity.Core.Cache.MsalAccessTokenCacheKey.GetUWPFixedSizeKey"> <summary> Gets a key that is smaller than 255 characters, which is a limitation for UWP storage. This is done by hashing the scopes and env. </summary> <remarks> accountId - two guids plus separator - 73 chars "accesstoken" string - 11 chars env - ussually loging.microsoft.net - 20 chars clientid - a guid - 36 chars tenantid - a guid - 36 chars scopes - a sha256 string - 44 chars delimiters - 4 chars total: 224 chars </remarks> </member> <member name="T:Microsoft.Identity.Core.Cache.MsalAccountCacheKey"> <summary> An object representing the key of the token cache Account dictionary. The format of the key is not important for this library, as long as it is unique. </summary> </member> <member name="T:Microsoft.Identity.Core.Cache.MsalIdTokenCacheKey"> <summary> An object representing the key of the token cache Id Token dictionary. The format of the key is not important for this library, as long as it is unique. </summary> </member> <member name="T:Microsoft.Identity.Core.Cache.MsalRefreshTokenCacheKey"> <summary> An object representing the key of the token cache RT dictionary. The format of the key is not important for this library, as long as it is unique. </summary> </member> <member name="M:Microsoft.Identity.Core.Cache.TokenCacheSerializeHelper.DeserializeUnifiedCache(Microsoft.Identity.Core.Cache.ITokenCacheAccessor,System.Byte[],Microsoft.Identity.Core.RequestContext)"> <summary> Deserializes the token cache from a serialization blob </summary> <param name="tokenCacheAccessor">Token cache accessor to perform cache write operations (to fill-in from the state)</param> <param name="unifiedState">Array of bytes containing serialized unified cache data</param> <param name="requestContext">call state to pass correlation id and logger instance</param> </member> <member name="M:Microsoft.Identity.Core.Cache.TokenCacheSerializeHelper.SerializeUnifiedCache(Microsoft.Identity.Core.Cache.ITokenCacheAccessor)"> <summary> Serializes the entire token cache </summary> <param name="tokenCacheAccessor">Token cache accessor to perform cache read operations</param> <returns>array of bytes containing the serialized cache</returns> </member> <member name="T:Microsoft.Identity.Core.CoreErrorCodes"> <summary> Error codes attached to each exception. These need to be duplicated and publicly exposed in the MSAL and ADAL because users refer to them </summary> </member> <member name="F:Microsoft.Identity.Core.CoreErrorCodes.MissingFederationMetadataUrl"> <summary> Federation Metadata Url is missing for federated user. </summary> </member> <member name="F:Microsoft.Identity.Core.CoreErrorCodes.DefaultRedirectUriIsInvalid"> <summary> RedirectUri validation failed. </summary> </member> <member name="T:Microsoft.Identity.Core.CoreExceptionFactory"> <summary> Abstract factory for spewing exceptions for Adal and Msal. Use the <see cref="P:Microsoft.Identity.Core.CoreExceptionFactory.Instance"/> singleton to access an actual implementation which will have been injected. </summary> </member> <member name="P:Microsoft.Identity.Core.ExceptionDetail.StatusCode"> <summary> Gets the status code returned from http layer. This status code is either the HttpStatusCode in the inner HttpRequestException response or NavigateError Event Status Code in browser based flow (See http://msdn.microsoft.com/en-us/library/bb268233(v=vs.85).aspx). You can use this code for purposes such as implementing retry logic or error investigation. </summary> </member> <member name="P:Microsoft.Identity.Core.ExceptionDetail.ServiceErrorCodes"> <summary> The specific error codes that may be returned by the service. </summary> </member> <member name="P:Microsoft.Identity.Core.ExceptionDetail.ResponseBody"> <summary> Raw response body received from the server. </summary> </member> <member name="T:Microsoft.Identity.Core.ICoreExceptionFactory"> <summary> Factory for creating ADAL or MSAL exceptions. ErrorCodes should be made public constants for users to reference them </summary> </member> <member name="M:Microsoft.Identity.Core.ICoreExceptionFactory.GetClientException(System.String,System.String,System.Exception)"> <summary> Create a client exception, arising from logic within this library. </summary> </member> <member name="M:Microsoft.Identity.Core.ICoreExceptionFactory.GetServiceException(System.String,System.String,Microsoft.Identity.Core.ExceptionDetail)"> <summary> Create a service exception, arising from logic external to the library, e.g. a failing web request. </summary> <remarks>Prefer using the constructor taking in an <see cref="T:Microsoft.Identity.Core.Http.IHttpWebResponse"/> for http service errors</remarks> </member> <member name="M:Microsoft.Identity.Core.ICoreExceptionFactory.GetServiceException(System.String,System.String,Microsoft.Identity.Core.Http.IHttpWebResponse)"> <summary> Create a service exception, aristing from a failed http request. </summary> </member> <member name="M:Microsoft.Identity.Core.ICoreExceptionFactory.GetServiceException(System.String,System.String,System.Exception,Microsoft.Identity.Core.ExceptionDetail)"> <summary> Create a service exception that wraps another exception. </summary> </member> <member name="M:Microsoft.Identity.Core.Helpers.StringExtensions.ToByteArray(System.String)"> <summary> Create an array of bytes representing the UTF-8 encoding of the given string. </summary> <param name="stringInput">String to get UTF-8 bytes for</param> <returns>Array of UTF-8 character bytes</returns> </member> <member name="M:Microsoft.Identity.Core.Http.HttpManager.SendPostForceResponseAsync(System.Uri,System.Collections.Generic.Dictionary{System.String,System.String},System.Net.Http.StringContent,Microsoft.Identity.Core.RequestContext)"> <summary> Performs the POST request just like <see cref="M:Microsoft.Identity.Core.Http.HttpManager.SendPostAsync(System.Uri,System.Collections.Generic.IDictionary{System.String,System.String},System.Net.Http.HttpContent,Microsoft.Identity.Core.RequestContext)"/> but does not throw a ServiceUnavailable service exception. Instead, it returns the <see cref="T:Microsoft.Identity.Core.Http.IHttpWebResponse"/> associated with the request. </summary> </member> <member name="M:Microsoft.Identity.Core.Http.RedirectUriHelper.Validate(System.Uri,System.Boolean)"> <summary> Check common redirect uri problems. Optionally check that the redirect uri is not the OAuth2 standard redirect uri urn:ietf:wg:oauth:2.0:oob when using a system browser, because the browser cannot redirect back to the app. </summary> </member> <member name="T:Microsoft.Identity.Core.IPlatformProxy"> <summary> Common operations for extracting platform / operating system specifics </summary> </member> <member name="M:Microsoft.Identity.Core.IPlatformProxy.GetDeviceModel"> <summary> Gets the device model. On some TFMs this is not returned for security reasonons. </summary> <returns>device model or null</returns> </member> <member name="M:Microsoft.Identity.Core.IPlatformProxy.GetUserPrincipalNameAsync"> <summary> Gets the upn of the user currently logged into the OS </summary> <returns></returns> </member> <member name="M:Microsoft.Identity.Core.IPlatformProxy.IsDomainJoined"> <summary> Returns true if the current OS logged in user is AD or AAD joined. </summary> <returns></returns> </member> <member name="M:Microsoft.Identity.Core.IPlatformProxy.GetCallingApplicationName"> <summary> Returns the name of the calling assembly </summary> <returns></returns> </member> <member name="M:Microsoft.Identity.Core.IPlatformProxy.GetCallingApplicationVersion"> <summary> Returns the version of the calling assembly </summary> <returns></returns> </member> <member name="M:Microsoft.Identity.Core.IPlatformProxy.GetDeviceId"> <summary> Returns a device identifier. Varies by platform. </summary> <returns></returns> </member> <member name="M:Microsoft.Identity.Core.IPlatformProxy.GetBrokerOrRedirectUri(System.Uri)"> <summary> Get the redirect Uri as string, or the a broker specified value </summary> </member> <member name="M:Microsoft.Identity.Core.IPlatformProxy.GetDefaultRedirectUri(System.String)"> <summary> Gets the default redirect uri for the platform, which sometimes includes the clientId </summary> </member> <member name="F:Microsoft.Identity.Core.MsalIdParameter.Product"> <summary> MSAL Flavor: .NET or WinRT </summary> </member> <member name="F:Microsoft.Identity.Core.MsalIdParameter.Version"> <summary> MSAL assembly version </summary> </member> <member name="F:Microsoft.Identity.Core.MsalIdParameter.CpuPlatform"> <summary> CPU platform with x86, x64 or ARM as value </summary> </member> <member name="F:Microsoft.Identity.Core.MsalIdParameter.OS"> <summary> Version of the operating system. This will not be sent on WinRT </summary> </member> <member name="F:Microsoft.Identity.Core.MsalIdParameter.DeviceModel"> <summary> Device model. This will not be sent on .NET </summary> </member> <member name="T:Microsoft.Identity.Core.MsalIdHelper"> <summary> This class adds additional query parameters or headers to the requests sent to STS. This can help us in collecting statistics and potentially on diagnostics. </summary> </member> <member name="T:Microsoft.Identity.Core.OAuth2.OAuth2Error"> <summary> OAuth2 errors that are only used internally. All error codes used when propagating exceptions should be made public. </summary> </member> <member name="T:Microsoft.Identity.Core.PlatformProxyFactory"> <summary> Returns the platform / os specific implementation of a PlatformProxy. </summary> </member> <member name="M:Microsoft.Identity.Core.PlatformProxyFactory.GetPlatformProxy"> <summary> Gets the platform proxy, which can be used to perform platform specific operations </summary> </member> <member name="P:Microsoft.Identity.Core.Telemetry.HttpEvent.RequestIdHeader"> <summary> GUID included in request header </summary> </member> <member name="P:Microsoft.Identity.Core.Telemetry.HttpEvent.TokenAge"> <summary> Floating-point value with a unit of milliseconds indicating the refresh token age </summary> </member> <member name="P:Microsoft.Identity.Core.Telemetry.HttpEvent.SpeInfo"> <summary> Indicates whether the request was executed on a ring serving SPE traffic. An empty string indicates this occurred on an outer ring, and the string "I" indicates the request occurred on the inner ring </summary> </member> <member name="P:Microsoft.Identity.Core.Telemetry.HttpEvent.ServerErrorCode"> <summary> Error code sent by ESTS </summary> </member> <member name="P:Microsoft.Identity.Core.Telemetry.HttpEvent.ServerSubErrorCode"> <summary> Error code which gives more detailed information about server error code </summary> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryManager.GenerateNewRequestId"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryManager.EventKey.Equals(Microsoft.Identity.Core.Telemetry.TelemetryManager.EventKey)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryManager.EventKey.GetHashCode"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryManager.EventKey.Equals(System.Object)"> <inheritdoc /> </member> <member name="P:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.RefreshTokenCount"> <inheritdoc /> </member> <member name="P:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.AccessTokenCount"> <inheritdoc /> </member> <member name="P:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.AccountCount"> <inheritdoc /> </member> <member name="P:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.IdTokenCount"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.ClearRefreshTokens"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.ClearAccessTokens"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.SaveAccessToken(Microsoft.Identity.Core.Cache.MsalAccessTokenCacheItem)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.SaveRefreshToken(Microsoft.Identity.Core.Cache.MsalRefreshTokenCacheItem)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.SaveIdToken(Microsoft.Identity.Core.Cache.MsalIdTokenCacheItem)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.SaveAccount(Microsoft.Identity.Core.Cache.MsalAccountCacheItem)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.GetAccessToken(Microsoft.Identity.Core.Cache.MsalAccessTokenCacheKey)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.GetRefreshToken(Microsoft.Identity.Core.Cache.MsalRefreshTokenCacheKey)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.GetIdToken(Microsoft.Identity.Core.Cache.MsalIdTokenCacheKey)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.GetAccount(Microsoft.Identity.Core.Cache.MsalAccountCacheKey)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.DeleteAccessToken(Microsoft.Identity.Core.Cache.MsalAccessTokenCacheKey)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.DeleteRefreshToken(Microsoft.Identity.Core.Cache.MsalRefreshTokenCacheKey)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.DeleteIdToken(Microsoft.Identity.Core.Cache.MsalIdTokenCacheKey)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.DeleteAccount(Microsoft.Identity.Core.Cache.MsalAccountCacheKey)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.GetAllAccessTokensAsString"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.GetAllRefreshTokensAsString"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.GetAllIdTokensAsString"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.GetAllAccountsAsString"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.Telemetry.TelemetryTokenCacheAccessor.Clear"> <inheritdoc /> </member> <member name="P:Microsoft.Identity.Core.Telemetry.XmsCliTelemInfo.Version"> <summary> Monotonically increasing integer specifying x-ms-cliteleminfo header version </summary> </member> <member name="P:Microsoft.Identity.Core.Telemetry.XmsCliTelemInfo.ServerErrorCode"> <summary> Bundle id for server error. </summary> </member> <member name="P:Microsoft.Identity.Core.Telemetry.XmsCliTelemInfo.ServerSubErrorCode"> <summary> Bundle id for server suberror. </summary> </member> <member name="P:Microsoft.Identity.Core.Telemetry.XmsCliTelemInfo.TokenAge"> <summary> Bundle id for refresh token age. Floating-point value with a unit of milliseconds </summary> </member> <member name="P:Microsoft.Identity.Core.Telemetry.XmsCliTelemInfo.SpeInfo"> <summary> Bundle id for spe_ring info. Indicates whether the request was executed on a ring serving SPE traffic. An empty string indicates this occurred on an outer ring, and the string "I" indicates the request occurred on the inner ring </summary> </member> <member name="M:Microsoft.Identity.Core.UI.CoreUIParent.#ctor(System.Object)"> <summary> Initializes an instance for a provided parent window. </summary> <param name="ownerWindow">Parent window object reference. OPTIONAL.</param> </member> <member name="M:Microsoft.Identity.Core.UI.IWebUI.ValidateRedirectUri(System.Uri)"> <summary> Extra validations on the redirect uri, for example system web views cannot work with the urn:oob... uri because there is no way of knowing which app to get back to. Throws if uri is invalid </summary> </member> <member name="M:Microsoft.Identity.Core.WsTrust.CommonNonInteractiveHandler.GetPlatformUserAsync"> <summary> Gets the currently logged in user. Works for Windows when user is AD or AAD joined. Throws otherwise if cannot be found. </summary> </member> <member name="T:Microsoft.Identity.Core.WsTrust.IWsTrustWebRequestManager"> <summary> </summary> </member> <member name="M:Microsoft.Identity.Core.WsTrust.IWsTrustWebRequestManager.GetMexDocumentAsync(System.String,Microsoft.Identity.Core.RequestContext)"> <summary> </summary> <param name="federationMetadataUrl"></param> <param name="requestContext"></param> <returns></returns> </member> <member name="M:Microsoft.Identity.Core.WsTrust.IWsTrustWebRequestManager.GetWsTrustResponseAsync(Microsoft.Identity.Core.WsTrust.WsTrustEndpoint,System.String,Microsoft.Identity.Core.RequestContext)"> <summary> </summary> <param name="wsTrustEndpoint"></param> <param name="wsTrustRequest"></param> <param name="requestContext"></param> <returns></returns> </member> <member name="M:Microsoft.Identity.Core.WsTrust.IWsTrustWebRequestManager.GetUserRealmAsync(System.String,System.String,Microsoft.Identity.Core.RequestContext)"> <summary> </summary> <param name="userRealmUriPrefix"></param> <param name="userName"></param> <param name="requestContext"></param> <returns></returns> </member> <member name="M:Microsoft.Identity.Core.WsTrust.WsTrustWebRequestManager.GetMexDocumentAsync(System.String,Microsoft.Identity.Core.RequestContext)"> <inheritdoc/> </member> <member name="M:Microsoft.Identity.Core.WsTrust.WsTrustWebRequestManager.GetWsTrustResponseAsync(Microsoft.Identity.Core.WsTrust.WsTrustEndpoint,System.String,Microsoft.Identity.Core.RequestContext)"> <inheritdoc/> </member> <member name="T:Microsoft.Identity.Core.IntegratedWindowsAuthInput"> <summary> Integrated Windows Authentication request data object. Used in the IWA workflow. </summary> </member> <member name="P:Microsoft.Identity.Core.IntegratedWindowsAuthInput.UserName"> <summary> Gets identifier of the user. </summary> </member> <member name="T:Microsoft.Identity.Core.NetDesktopPlatformProxy"> <summary> Platform / OS specific logic. </summary> </member> <member name="M:Microsoft.Identity.Core.NetDesktopPlatformProxy.GetUserPrincipalNameAsync"> <summary> Get the user logged in to Windows or throws </summary> <returns>Upn or throws</returns> </member> <member name="M:Microsoft.Identity.Core.NetDesktopPlatformProxy.GetBrokerOrRedirectUri(System.Uri)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.NetDesktopPlatformProxy.GetDefaultRedirectUri(System.String)"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.NetDesktopPlatformProxy.GetProductName"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.NetDesktopPlatformProxy.GetCallingApplicationName"> <summary> Considered PII, ensure that it is hashed. </summary> <returns>Name of the calling application</returns> </member> <member name="M:Microsoft.Identity.Core.NetDesktopPlatformProxy.GetCallingApplicationVersion"> <summary> Considered PII, ensure that it is hashed. </summary> <returns>Device identifier</returns> </member> <member name="M:Microsoft.Identity.Core.NetDesktopPlatformProxy.GetDeviceId"> <summary> Considered PII, ensure that it is hashed. </summary> <returns>Device identifier</returns> </member> <member name="M:Microsoft.Identity.Core.NetDesktopPlatformProxy.CreateLegacyCachePersistence"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.NetDesktopPlatformProxy.CreateTokenCacheAccessor"> <inheritdoc /> </member> <member name="P:Microsoft.Identity.Core.NetDesktopPlatformProxy.CryptographyManager"> <inheritdoc /> </member> <member name="P:Microsoft.Identity.Core.TokenCacheAccessor.RefreshTokenCount"> <inheritdoc /> </member> <member name="P:Microsoft.Identity.Core.TokenCacheAccessor.AccessTokenCount"> <inheritdoc /> </member> <member name="P:Microsoft.Identity.Core.TokenCacheAccessor.AccountCount"> <inheritdoc /> </member> <member name="P:Microsoft.Identity.Core.TokenCacheAccessor.IdTokenCount"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.TokenCacheAccessor.ClearRefreshTokens"> <inheritdoc /> </member> <member name="M:Microsoft.Identity.Core.TokenCacheAccessor.ClearAccessTokens"> <inheritdoc /> </member> </members> </doc> |