AppServicesAuthenticationTokenAcquisition.GetAccessTokenForAppAsync Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Acquires a token from the authority configured in the app, for the confidential client itself (not on behalf of a user) using the client credentials flow. See https://aka.ms/msal-net-client-credentials.
public System.Threading.Tasks.Task<string> GetAccessTokenForAppAsync (string scope, string? authenticationScheme, string? tenant = default, Microsoft.Identity.Web.TokenAcquisitionOptions? tokenAcquisitionOptions = default);
abstract member GetAccessTokenForAppAsync : string * string * string * Microsoft.Identity.Web.TokenAcquisitionOptions -> System.Threading.Tasks.Task<string>
override this.GetAccessTokenForAppAsync : string * string * string * Microsoft.Identity.Web.TokenAcquisitionOptions -> System.Threading.Tasks.Task<string>
Public Function GetAccessTokenForAppAsync (scope As String, authenticationScheme As String, Optional tenant As String = Nothing, Optional tokenAcquisitionOptions As TokenAcquisitionOptions = Nothing) As Task(Of String)
Parameters
- scope
- String
The scope requested to access a protected API. For this flow (client credentials), the scope
should be of the form "{ResourceIdUri/.default}" for instance https://management.azure.net/.default
or, for Microsoft
Graph, https://graph.microsoft.com/.default
as the requested scopes are defined statically with the application registration
in the portal, cannot be overridden in the application, as you can request a token for only one resource at a time (use
several calls to get tokens for other resources).
- authenticationScheme
- String
Authentication scheme. If null, will use OpenIdConnectDefault.AuthenticationScheme if called from a web app, and JwtBearerDefault.AuthenticationScheme if called from a web API.
- tenant
- String
Enables overriding of the tenant/account for the same identity. This is useful in the cases where a given account is a guest in other tenants, and you want to acquire tokens for a specific tenant.
- tokenAcquisitionOptions
- TokenAcquisitionOptions
Options passed-in to create the token acquisition object which calls into MSAL .NET.
Returns
An access token for the app itself, based on its scopes.