Share via


AcquireTokenInteractiveParameterBuilder.WithProofOfPossession Method

Definition

Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token. PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows. Note that only the host and path parts of the request URI will be bound. See https://aka.ms/msal-net-pop

public Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder WithProofOfPossession (string nonce, System.Net.Http.HttpMethod httpMethod, Uri requestUri);
member this.WithProofOfPossession : string * System.Net.Http.HttpMethod * Uri -> Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder
Public Function WithProofOfPossession (nonce As String, httpMethod As HttpMethod, requestUri As Uri) As AcquireTokenInteractiveParameterBuilder

Parameters

nonce
String

Nonce of the protected resource which will be published as part of the WWW-Authenticate header associated with a 401 HTTP response or as part of the AuthorityInfo header associated with 200 response. Set it here to make it part of the Signed HTTP Request part of the PoP token.

httpMethod
HttpMethod

The HTTP method ("GET", "POST" etc.) method that will be bound to the token. If set to null, the PoP token will not be bound to the method. Corresponds to the "m" part of the a signed HTTP request.

requestUri
Uri

The URI to bind the signed HTTP request to.

Returns

The builder.

Remarks

  • An Authentication header is automatically added to the request.
  • The PoP token is bound to the HTTP request, more specifically to the HTTP method (GET, POST, etc.) and to the Uri (path and query, but not query parameters).
  • Broker is required to use Proof-of-Possession on public clients.

Applies to