<PackageReference Include="Microsoft.Identity.Client" Version="4.86.0" />

Microsoft.Identity.Client.ApplicationConfiguration

Should _not_ go in the interface, only for builder usage while determining authorities with ApplicationOptions

public CacheOptions AccessorOptions { get; set; }

public Authority Authority { get; }

Should _not_ go in the interface, only for builder usage while determining authorities with ApplicationOptions

public string AzureRegion { get; set; }

public BrokerOptions BrokerOptions { get; set; }

public SortedList<string, string> CacheKeyComponents { get; }

public bool CacheSynchronizationEnabled { get; }

public string CertificateIdToAssociateWithToken { get; set; }

public IEnumerable<string> ClientCapabilities { get; set; }

This is here just to support the public IAppConfig. Should not be used internally, instead use the ClientCredential abstraction. Note: This returns null when using dynamic certificate providers since the certificate is resolved at runtime.

public string ClientId { get; }

public string ClientName { get; }

public string ClientSecret { get; }

This is here just to support the public IAppConfig. Should not be used internally, instead use the ClientCredential abstraction.

public string ClientVersion { get; }

public string Component { get; }

public bool DisableInternalRetries { get; }

public bool EnablePiiLogging { get; }

public bool ExperimentalFeaturesEnabled { get; set; }

public IDictionary<string, string> ExtraQueryParameters { get; }

public IHttpManager HttpManager { get; }

public IIdentityLogger IdentityLogger { get; }

public string Instance { get; set; }

Should _not_ go in the interface, only for builder usage while determining authorities with ApplicationOptions

public string IosKeychainSecurityGroup { get; }

public bool IsBrokerEnabled { get; }

public bool IsConfidentialClient { get; }

public bool IsDefaultPlatformLoggingEnabled { get; }

public bool IsExtendedTokenLifetimeEnabled { get; set; }

public bool IsInstanceDiscoveryEnabled { get; }

public bool IsManagedIdentity { get; }

public bool IsPublicClient { get; }

public bool IsWebviewSsoPolicyEnabled { get; }

Applicable to only public client applications to enforce SSO policy with embedded webview.

public string KerberosServicePrincipalName { get; set; }

Service principal name for Kerberos Service Ticket.

public bool LegacyCacheCompatibilityEnabled { get; }

public LogCallback LoggingCallback { get; }

public LogLevel LogLevel { get; }

public bool MultiCloudSupportEnabled { get; set; }

Callback invoked when a fire-and-forget background (proactive) token refresh completes, giving callers visibility into an otherwise-unobservable path. Receives an ExecutionResult describing the outcome: on success Result is the refreshed token; on failure Exception is the thrown exception (whose AuthenticationResultMetadata carries the failed attempt's HTTP duration). Only set for confidential-client and managed-identity applications.

Success callback that receives the result of token acquisition attempts (typically successful, but can include failures after retries are exhausted).

MSAL service failure callback that determines whether to retry after a token acquisition failure from the identity provider. Only invoked for MsalServiceException (errors from the Security Token Service).

public Func<object> ParentActivityOrWindowFunc { get; }

public IPlatformProxy PlatformProxy { get; }

public string RedirectUri { get; }

public bool SendX5C { get; }

public string TenantId { get; }

Kerberos Service Ticket container to be used.

public bool UseRecommendedDefaultRedirectUri { get; }

public bool ValidateAuthority { get; set; }

Should _not_ go in the interface, only for builder usage while determining authorities with ApplicationOptions

public Func<IWebUIFactory> WebUiFactoryCreator { get; set; }

public ApplicationConfiguration(MsalClientType applicationType)