<PackageReference Include="Microsoft.Identity.Client" Version="4.86.1" />

Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder

Parameter builder for the AcquireTokenSilent operation. See https://aka.ms/msal-net-acquiretokensilent

Specifies if the client application should ignore access tokens when reading the token cache. Refresh tokens will still be used. Any new tokens from the Identity Provider will still be written to the token cache. By default the token is taken from the the user token cache (forceRefresh=false)

Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token. PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows. See https://aka.ms/msal-net-pop

public AcquireTokenSilentParameterBuilder WithProofOfPossession(string nonce, HttpMethod httpMethod, Uri requestUri)

Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token. PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows. Note that only the host and path parts of the request URI will be bound. See https://aka.ms/msal-net-pop

Applicable to first-party applications only, this method also allows to specify if the x5c claim should be sent to Azure AD. Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD: this method will send the certificate chain to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni