<PackageReference Include="Microsoft.Identity.Client" Version="4.86.0" />

Microsoft.Identity.Client.ConfidentialClientApplicationBuilder

public static ConfidentialClientApplicationBuilder Create(string clientId)

Creates a ConfidentialClientApplicationBuilder from a clientID. See https://aka.ms/msal-net-application-configuration

Constructor of a ConfidentialClientApplicationBuilder from application configuration options. See https://aka.ms/msal-net-application-configuration

Builds an instance of IConfidentialClientApplication from the parameters set in the ConfidentialClientApplicationBuilder.

public ConfidentialClientApplicationBuilder WithAzureRegion(string azureRegion = "TryAutoDetect")

Instructs MSAL to use an Azure regional token service. This feature is currently available to first-party applications only.

public ConfidentialClientApplicationBuilder WithCacheSynchronization(bool enableCacheSynchronization)

When set to true, MSAL will lock cache access at the ConfidentialClientApplication level, i.e. the block of code between BeforeAccessAsync and AfterAccessAsync callbacks will be synchronized. Apps can set this flag to false to enable an optimistic cache locking strategy, which may result in better performance at the cost of cache consistency. Setting this flag to false is only recommended for apps which create a new ConfidentialClientApplication per request.

Sets the certificate associated with the application.

Sets the certificate associated with the application. Applicable to first-party applications only, this method also allows to specify if the x5c claim should be sent to Azure AD. Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD: this method will send the certificate chain to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni

Sets the certificate associated with the application. Applicable to first-party applications only, this method also allows to specify if the x5c claim should be sent to Azure AD. Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD: this method will send the certificate chain to Azure AD along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy. This saves the application admin from the need to explicitly manage the certificate rollover (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni

public ConfidentialClientApplicationBuilder WithClientAssertion(string signedClientAssertion)

Sets the application client assertion. See https://aka.ms/msal-net-client-assertion. This will create an assertion that will be held within the client application's memory for the duration of the client. You can use WithClientAssertion to set a delegate that will be executed for each authentication request. This will allow you to update the client assertion used by the client application once the assertion expires.

public ConfidentialClientApplicationBuilder WithClientAssertion(Func<string> clientAssertionDelegate)

Configures a delegate that creates a client assertion. See https://aka.ms/msal-net-client-assertion

Configures an async delegate that creates a client assertion. See https://aka.ms/msal-net-client-assertion

Configures an async delegate that creates a client assertion. The delegate is invoked only when a token cannot be retrieved from the cache. See https://aka.ms/msal-net-client-assertion

Configures the client application to use a client assertion for authentication.

public ConfidentialClientApplicationBuilder WithClientClaims(X509Certificate2 certificate, IDictionary<string, string> claimsToSign, bool mergeWithDefaultClaims)

Sets the certificate associated with the application along with the specific claims to sign. By default, this will merge the claimsToSign with the default required set of claims needed for authentication. If mergeWithDefaultClaims is set to false, you will need to provide the required default claims. See https://aka.ms/msal-net-client-assertion

public ConfidentialClientApplicationBuilder WithClientClaims(X509Certificate2 certificate, IDictionary<string, string> claimsToSign, bool mergeWithDefaultClaims = true, bool sendX5C = false)

Sets the certificate associated with the application along with the specific claims to sign. By default, this will merge the claimsToSign with the default required set of claims needed for authentication. If mergeWithDefaultClaims is set to false, you will need to provide the required default claims. See https://aka.ms/msal-net-client-assertion

Sets the application secret

Call WithOidcAuthority instead.

Adds a known authority corresponding to a generic OpenIdConnect Identity Provider. MSAL will append ".well-known/openid-configuration" to the authority and retrieve the OIDC metadata from there, to figure out the endpoints. See https://openid.net/specs/openid-connect-core-1_0.html#Terminology

public ConfidentialClientApplicationBuilder WithTelemetryClient(ITelemetryClient[] telemetryClients)

This method is obsolete. See https://aka.ms/msal-net-telemetry