<PackageReference Include="Microsoft.Identity.Client" Version="4.84.2" />

Microsoft.Identity.Client.AuthenticationResult

public class AuthenticationResult
Contains the results of one token acquisition operation in PublicClientApplication or ConfidentialClientApplication. For details see https://aka.ms/msal-net-authenticationresult
public string AccessToken { get; set; }

Access Token that can be used as a bearer token to access protected web APIs

public IAccount Account { get; set; }

Gets the account information. Some elements in IAccount might be null if not returned by the service. The account can be passed back in some API overloads to identify which account should be used such as AcquireTokenSilent or RemoveAsync for instance

public IReadOnlyDictionary<string, string> AdditionalResponseParameters { get; set; }

Exposes additional response parameters returned by the token issuer (AAD).

Contains metadata for the Authentication result.

public X509Certificate2 BindingCertificate { get; set; }

The X509 certificate bound to the access-token when mTLS-PoP was used.

public ClaimsPrincipal ClaimsPrincipal { get; set; }

All the claims present in the ID token.

public Guid CorrelationId { get; set; }

Gets the correlation id used for the request.

public DateTimeOffset ExpiresOn { get; set; }

Gets the point in time in which the Access Token returned in the AccessToken property ceases to be valid. This value is calculated based on current UTC time measured locally and the value expiresIn received from the service.

Gets the point in time in which the Access Token returned in the AccessToken property ceases to be valid in MSAL's extended LifeTime. This value is calculated based on current UTC time measured locally and the value ext_expiresIn received from the service.

public string IdToken { get; set; }

Gets the Id Token if returned by the service or null if no Id Token is returned.

public bool IsExtendedLifeTimeToken { get; }

In case when Azure AD has an outage, to be more resilient, it can return tokens with an expiration time, and also with an extended expiration time. The tokens are then automatically refreshed by MSAL when the time is more than the expiration time, except when ExtendedLifeTimeEnabled is true and the time is less than the extended expiration time. This goes in pair with Web APIs middleware which, when this extended life time is enabled, can accept slightly expired tokens. Client applications accept extended life time tokens only if the ExtendedLifeTimeEnabled Boolean is set to true on ClientApplicationBase.

public IEnumerable<string> Scopes { get; set; }

Gets the granted scope values returned by the service.

public string SpaAuthCode { get; set; }

Gets the SPA Authorization Code, if it was requested using WithSpaAuthorizationCode method on the AcquireTokenByAuthorizationCode builder. See https://aka.ms/msal-net/spa-auth-code for details.

public string TenantId { get; set; }

Gets an identifier for the Azure AD tenant from which the token was acquired. This property will be null if tenant information is not returned by the service.

public string TokenType { get; set; }

Identifies the type of access token. By default tokens returned by Azure Active Directory are Bearer tokens. CreateAuthorizationHeader for getting an HTTP authorization header from an AuthenticationResult.

public string UniqueId { get; set; }

Gets the Unique Id of the account in this TenantId It is set as the oid (ObjectId) claim, or if that claim is null, as the sub (Subject) claim which is guaranteed not-null.

public AuthenticationResult(string accessToken, bool isExtendedLifeTimeToken, string uniqueId, DateTimeOffset expiresOn, DateTimeOffset extendedExpiresOn, string tenantId, IAccount account, string idToken, IEnumerable<string> scopes, Guid correlationId, string tokenType = "Bearer", AuthenticationResultMetadata authenticationResultMetadata = null, ClaimsPrincipal claimsPrincipal = null, string spaAuthCode = null, IReadOnlyDictionary<string, string> additionalResponseParameters = null)

Constructor meant to help application developers test their apps. Allows mocking of authentication flows. App developers should never new-up AuthenticationResult in product code.

public AuthenticationResult(string accessToken, bool isExtendedLifeTimeToken, string uniqueId, DateTimeOffset expiresOn, DateTimeOffset extendedExpiresOn, string tenantId, IAccount account, string idToken, IEnumerable<string> scopes, Guid correlationId, AuthenticationResultMetadata authenticationResultMetadata, string tokenType = "Bearer")

Constructor meant to help application developers test their apps. Allows mocking of authentication flows. App developers should never new-up AuthenticationResult in product code.

public string CreateAuthorizationHeader()

Creates the content for an HTTP authorization header from this authentication result, so that you can call a protected API