Microsoft.Identity.Client.IConfidentialClientApplication
public interface IConfidentialClientApplication : IClientApplicationBase, IApplicationBase, IByUserFederatedIdentityCredential
Represents confidential client applications - web apps, web APIs, daemon applications.
Application token cache which holds access tokens for this application. It's maintained
and updated silently when calling AcquireTokenForClient
AcquireTokenByAuthorizationCodeParameterBuilder AcquireTokenByAuthorizationCode(IEnumerable<string> scopes, string authorizationCode)
Acquires a token from the authority configured in the app using the authorization code
previously received from the identity provider using the OAuth 2.0 authorization code flow.
See Authorization Code Flow.
This flow is usually used in web apps (for instance, ASP.NET and ASP.NET Core web apps)
which sign-in users and can request an authorization code.
This method does not look in the token cache, but stores the result in it. Before calling this method, use other methods
such as AcquireTokenSilent to check the token cache.
Acquires a token from the authority configured in the app for the confidential client itself (not for a user)
using the client credentials flow. See Client Credentials Flow.
During this operation MSAL will first search in the cache for an unexpired token before acquiring a new one from Microsoft Entra ID.
AcquireTokenOnBehalfOfParameterBuilder AcquireTokenOnBehalfOf(IEnumerable<string> scopes, UserAssertion userAssertion)
Acquires an access token for this application (usually a web API) from the authority configured in the application,
in order to access another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow.
During this operation MSAL will first search in the cache for an unexpired token before acquiring a new one from Microsoft Entra ID.
See On-Behalf-Of Flow.
In confidential client apps use AcquireTokenSilent instead.
Use GetAccountAsync in web apps and web APIs, and use a token cache serializer for better security and performance. See https://aka.ms/msal-net-cca-token-cache-serialization.
Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in
the user's name. The URL targets the /authorize endpoint of the authority configured in the application.