Partilhar via


AppServicesAuthenticationTokenAcquisition.GetAccessTokenForUserAsync Method

Definition

Typically used from an ASP.NET Core web app or web API controller. This method gets an access token for a downstream API on behalf of the user account for which the claims are provided in the current user

public System.Threading.Tasks.Task<string> GetAccessTokenForUserAsync (System.Collections.Generic.IEnumerable<string> scopes, string? authenticationScheme, string? tenantId = default, string? userFlow = default, System.Security.Claims.ClaimsPrincipal? user = default, Microsoft.Identity.Web.TokenAcquisitionOptions? tokenAcquisitionOptions = default);
abstract member GetAccessTokenForUserAsync : seq<string> * string * string * string * System.Security.Claims.ClaimsPrincipal * Microsoft.Identity.Web.TokenAcquisitionOptions -> System.Threading.Tasks.Task<string>
override this.GetAccessTokenForUserAsync : seq<string> * string * string * string * System.Security.Claims.ClaimsPrincipal * Microsoft.Identity.Web.TokenAcquisitionOptions -> System.Threading.Tasks.Task<string>
Public Function GetAccessTokenForUserAsync (scopes As IEnumerable(Of String), authenticationScheme As String, Optional tenantId As String = Nothing, Optional userFlow As String = Nothing, Optional user As ClaimsPrincipal = Nothing, Optional tokenAcquisitionOptions As TokenAcquisitionOptions = Nothing) As Task(Of String)

Parameters

scopes
IEnumerable<String>

Scopes to request for the downstream API to call.

authenticationScheme
String

Authentication scheme. If null, will use OpenIdConnectDefault.AuthenticationScheme if called from a web app, and JwtBearerDefault.AuthenticationScheme if called from a web API.

tenantId
String

Enables to override the tenant/account for the same identity. This is useful in the cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant.

userFlow
String

Azure AD B2C UserFlow to target.

user
ClaimsPrincipal

Optional claims principal representing the user. If not provided, will use the signed-in user (in a web app), or the user for which the token was received (in a web API) cases where a given account is guest in other tenants, and you want to acquire tokens for a specific tenant, like where the user is a guest in.

tokenAcquisitionOptions
TokenAcquisitionOptions

Options passed-in to create the token acquisition object which calls into MSAL .NET.

Returns

An access token to call on behalf of the user, the downstream API characterized by its scopes.

Implements

Applies to