CredentialDescription.DecryptKeysAuthenticationOptions Property

Definition

When SourceType is AutoDecryptKeys, this property describes the authority to use to get a token for a web API to get the keys used to decrypt an encrypted token. The cloud instance will be the same as the application, but the application can be a multi-tenant application (tenant = common or organizations), and in this case to get a token on behalf of itself, the credential type needs to provide a tenant. More generally you might want to specify authentication options, including protocol, PopKey, etc ... This credential description is only used for decrypt credentials, not for client credentials.

public Microsoft.Identity.Abstractions.AuthorizationHeaderProviderOptions? DecryptKeysAuthenticationOptions { get; set; }
member this.DecryptKeysAuthenticationOptions : Microsoft.Identity.Abstractions.AuthorizationHeaderProviderOptions with get, set
Public Property DecryptKeysAuthenticationOptions As AuthorizationHeaderProviderOptions

Property Value

Examples

The JSON fragment below describes a decrypt credential to get the decrypt keys automatically:

{
    "TokenDecryptionCredentials": [
    {
        "SourceType": "AutoDecryptKeys",
        "DecryptKeysAuthenticationOptions" : {
            "ProtocolScheme": "Bearer",
            "AcquireTokenOptions": {
                "Tenant": "mytenant.onmicrosoftonline.com"
            }
        }
    }]
}

The code below describes the same, programmatically in C#.

CredentialDescription credentialDescription = new CredentialDescription
{
    SourceType = CredentialSource.AutoDecryptKeys,
    DecryptKeysAuthenticationOptions = new AuthorizationHeaderProviderOptions
    {
         ProtocolScheme = "Bearer",
        AcquireTokenOptions = new AcquireTokenOptions {
             Tenant = "mytenant.onmicrosoftonline.com",
        }
    }
};

Applies to