Microsoft.Identity.Client.AuthenticationResult
Contains the results of one token acquisition operation in PublicClientApplication
or ConfidentialClientApplication. For details see https://aka.ms/msal-net-authenticationresult
Access Token that can be used as a bearer token to access protected web APIs
Gets the account information. Some elements in IAccount might be null if not returned by the
service. The account can be passed back in some API overloads to identify which account should be used such
as AcquireTokenSilent or
RemoveAsync for instance
Exposes additional response parameters returned by the token issuer (AAD).
Contains metadata for the Authentication result.
The X509 certificate bound to the access-token when mTLS-PoP was used.
All the claims present in the ID token.
Gets the correlation id used for the request.
Gets the point in time in which the Access Token returned in the AccessToken property ceases to be valid.
This value is calculated based on current UTC time measured locally and the value expiresIn received from the
service.
Gets the point in time in which the Access Token returned in the AccessToken property ceases to be valid in MSAL's extended LifeTime.
This value is calculated based on current UTC time measured locally and the value ext_expiresIn received from the service.
Gets the Id Token if returned by the service or null if no Id Token is returned.
In case when Azure AD has an outage, to be more resilient, it can return tokens with
an expiration time, and also with an extended expiration time.
The tokens are then automatically refreshed by MSAL when the time is more than the
expiration time, except when ExtendedLifeTimeEnabled is true and the time is less
than the extended expiration time. This goes in pair with Web APIs middleware which,
when this extended life time is enabled, can accept slightly expired tokens.
Client applications accept extended life time tokens only if
the ExtendedLifeTimeEnabled Boolean is set to true on ClientApplicationBase.
Gets the granted scope values returned by the service.
Gets the SPA Authorization Code, if it was requested using WithSpaAuthorizationCode method on the
AcquireTokenByAuthorizationCode builder. See https://aka.ms/msal-net/spa-auth-code for details.
Gets an identifier for the Azure AD tenant from which the token was acquired. This property will be null if tenant information is
not returned by the service.
Identifies the type of access token. By default tokens returned by Azure Active Directory are Bearer tokens.
CreateAuthorizationHeader for getting an HTTP authorization header from an AuthenticationResult.
Gets the Unique Id of the account in this TenantId
It is set as the oid (ObjectId) claim, or if that claim is null, as the sub (Subject) claim which is guaranteed not-null.
public AuthenticationResult(string accessToken, bool isExtendedLifeTimeToken, string uniqueId, DateTimeOffset expiresOn, DateTimeOffset extendedExpiresOn, string tenantId, IAccount account, string idToken, IEnumerable<string> scopes, Guid correlationId, string tokenType = "Bearer", AuthenticationResultMetadata authenticationResultMetadata = null, ClaimsPrincipal claimsPrincipal = null, string spaAuthCode = null, IReadOnlyDictionary<string, string> additionalResponseParameters = null)
Constructor meant to help application developers test their apps. Allows mocking of authentication flows.
App developers should never new-up AuthenticationResult in product code.
public AuthenticationResult(string accessToken, bool isExtendedLifeTimeToken, string uniqueId, DateTimeOffset expiresOn, DateTimeOffset extendedExpiresOn, string tenantId, IAccount account, string idToken, IEnumerable<string> scopes, Guid correlationId, AuthenticationResultMetadata authenticationResultMetadata, string tokenType = "Bearer")
Constructor meant to help application developers test their apps. Allows mocking of authentication flows.
App developers should never new-up AuthenticationResult in product code.
Creates the content for an HTTP authorization header from this authentication result, so
that you can call a protected API