Microsoft.Identity.Client.AcquireTokenByUserFederatedIdentityCredentialParameterBuilder
public sealed class AcquireTokenByUserFederatedIdentityCredentialParameterBuilder : AbstractConfidentialClientAcquireTokenParameterBuilder<AcquireTokenByUserFederatedIdentityCredentialParameterBuilder>
Parameter builder for the AcquireTokenByUserFederatedIdentityCredential
operation.
public AcquireTokenByUserFederatedIdentityCredentialParameterBuilder WithForceRefresh(bool forceRefresh)
Forces MSAL to refresh the token from the identity provider even if a cached token is available.
Applicable to first-party applications only, this method also allows to specify
if the x5c claim should be sent to Azure AD.
Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
this method will send the certificate chain to Azure AD along with the token request,
so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
This saves the application admin from the need to explicitly manage the certificate rollover
(either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni