Partilhar via


AcquireTokenOptions Class

Definition

Options directing the token acquisition. These options are provided to the ITokenAcquirer methods, or part of the AuthorizationHeaderProviderOptions, or DownstreamApiOptions.

public class AcquireTokenOptions
type AcquireTokenOptions = class
Public Class AcquireTokenOptions
Inheritance
AcquireTokenOptions
Derived

Constructors

AcquireTokenOptions()

Default constructor.

AcquireTokenOptions(AcquireTokenOptions)

Copy constructor for AcquireTokenOptions

Properties

AuthenticationOptionsName

Gets the name of the options describing the confidential client application (ClientID, Region, Authority, client credentials). In ASP.NET Core, the authentication options name is the same as the authentication scheme.

Claims

A string with one or multiple claims to request. It's a json blob (encoded or not) Normally used with Conditional Access. It receives the Claims member of the UiRequiredException. It can also be used to request specific optional claims, and for CA Auth context

CorrelationId

Sets the correlation ID to be used in the request to the STS "/token" endpoint.

ExtraHeadersParameters
ExtraParameters

An property bag used for extensiblity.

ExtraQueryParameters

Sets query parameters for the query string in the HTTP request to the "/token" endpoint.

ForceRefresh

Specifies if the token request will ignore the access token in the token cache and will attempt to acquire a new access token. If true, the request will ignore the token cache. The default is false. Use this option with care and only when needed, for instance, if you know that conditional access policies have changed, for it induces performance degradation, as the token cache is not utilized, and the STS might throttle the app.

LongRunningWebApiSessionKey

Key used for long running web APIs that need to call downstream web APIs on behalf of the user. Can be null, if you are not developing a long running web API, LongRunningWebApiSessionKeyAuto if you want the token acquirer to allocate a session key for you, or your own string if you want to associate the session with some information you have externally (for instance a Microsoft Graph hook identifier).

LongRunningWebApiSessionKeyAuto

Value that can be used for LongRunningWebApiSessionKey so that the token acquirer allocates the long running web api session key for the developer.

ManagedIdentity

When ManagedIdentity is set, the application uses a managed identity instead of client credentials to acquire an app token. To use a system-assigned identity, simply leave UserAssignedClientId null. To use a user-assigned identity, set UserAssignedClientId to the ClientID of the user-assigned identity you want to use. Using either form of managed identity requires the application to be deployed on Azure and the managed identity to be configured. For more details, check the managed identities for Azure documentation.

PopClaim

In addition to the PopPublicKey, specify the PopClaim when needed in specific POP protocols.

PopPublicKey

Modifies the token acquisition request so that the acquired token is a Proof of Possession token (PoP), rather than a Bearer token. PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage. See https://aka.ms/msal-net-pop.

Tenant

(Microsoft identity specific) Enables to override the tenant/account for which to get a token. This is useful in multi-tenant apps in the cases where a given user account is a guest in other tenants, and you want to acquire tokens for a specific tenant.

UserFlow

(Microsoft identity specific) In the case of AzureAD B2C, uses a particular user flow.

Methods

Clone()

Performs a shallow Clone the options (to be able to override them).

Applies to