/// <summary>
/// Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in
/// the user's name. The URL targets the /authorize endpoint of the authority configured in the application.
/// This override enables you to specify a login hint and extra query parameter.
/// </summary>
/// <param name="scopes">Scopes requested to access a protected API</param>
/// <returns>A builder enabling you to add optional parameters before executing the token request to get the
/// URL of the STS authorization endpoint parametrized with the parameters</returns>
/// <remarks>You can also chain the following optional parameters:
/// <see cref="GetAuthorizationRequestUrlParameterBuilder.WithRedirectUri(string)"/>
/// <see cref="GetAuthorizationRequestUrlParameterBuilder.WithLoginHint(string)"/>
/// <see cref="AbstractAcquireTokenParameterBuilder{T}.WithExtraQueryParameters(Dictionary{string, string})"/>
/// <see cref="GetAuthorizationRequestUrlParameterBuilder.WithExtraScopesToConsent(IEnumerable{string})"/>
/// </remarks>
public GetAuthorizationRequestUrlParameterBuilder GetAuthorizationRequestUrl(
IEnumerable <string> scopes)
{
return(GetAuthorizationRequestUrlParameterBuilder.Create(
ClientExecutorFactory.CreateConfidentialClientExecutor(this),
scopes));
}
/// <summary>
/// Acquires a token from the authority configured in the app, for the confidential client itself (in the name of no user)
/// using the client credentials flow. See https://aka.ms/msal-net-client-credentials.
/// </summary>
/// <param name="scopes">scopes requested to access a protected API. For this flow (client credentials), the scopes
/// should be of the form "{ResourceIdUri/.default}" for instance <c>https://management.azure.net/.default</c> or, for Microsoft
/// Graph, <c>https://graph.microsoft.com/.default</c> as the requested scopes are defined statically with the application registration
/// in the portal, and cannot be overriden in the application.</param>
/// <returns>A builder enabling you to add optional parameters before executing the token request</returns>
/// <remarks>You can also chain the following optional parameters:
/// <see cref="AcquireTokenForClientParameterBuilder.WithForceRefresh(bool)"/>
/// <see cref="AbstractAcquireTokenParameterBuilder{T}.WithExtraQueryParameters(Dictionary{string, string})"/>
/// </remarks>
public AcquireTokenForClientParameterBuilder AcquireTokenForClient(
IEnumerable <string> scopes)
{
return(AcquireTokenForClientParameterBuilder.Create(
ClientExecutorFactory.CreateConfidentialClientExecutor(this),
scopes));
}
/// <summary>
/// Acquires a security token from the authority configured in the app using the authorization code
/// previously received from the STS.
/// It uses the OAuth 2.0 authorization code flow (See https://aka.ms/msal-net-authorization-code).
/// It's usually used in web apps (for instance ASP.NET / ASP.NET Core web apps) which sign-in users,
/// and can request an authorization code.
/// This method does not lookup the token cache, but stores the result in it, so it can be looked up
/// using other methods such as <see cref="IClientApplicationBase.AcquireTokenSilent(IEnumerable{string}, IAccount)"/>.
/// </summary>
/// <param name="scopes">Scopes requested to access a protected API</param>
/// <param name="authorizationCode">The authorization code received from the service authorization endpoint.</param>
/// <returns>A builder enabling you to add optional parameters before executing the token request</returns>
/// <remarks>You can set optional parameters by chaining the builder with:
/// <see cref="AbstractAcquireTokenParameterBuilder{T}.WithAuthority(string, bool)"/>,
/// <see cref="AbstractAcquireTokenParameterBuilder{T}.WithExtraQueryParameters(Dictionary{string, string})"/>,
/// </remarks>
public AcquireTokenByAuthorizationCodeParameterBuilder AcquireTokenByAuthorizationCode(
IEnumerable <string> scopes,
string authorizationCode)
{
return(AcquireTokenByAuthorizationCodeParameterBuilder.Create(
ClientExecutorFactory.CreateConfidentialClientExecutor(this),
scopes,
authorizationCode));
}
/// <summary>
/// Acquires an access token for this application (usually a Web API) from the authority configured in the application,
/// in order to access another downstream protected Web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow.
/// See https://aka.ms/msal-net-on-behalf-of.
/// This confidential client application was itself called with a token which will be provided in the
/// <paramref name="userAssertion">userAssertion</paramref> parameter.
/// </summary>
/// <param name="scopes">Scopes requested to access a protected API</param>
/// <param name="userAssertion">Instance of <see cref="UserAssertion"/> containing credential information about
/// the user on behalf of whom to get a token.</param>
/// <returns>A builder enabling you to add optional parameters before executing the token request</returns>
/// <remarks>You can also chain the following optional parameters:
/// <see cref="AbstractAcquireTokenParameterBuilder{T}.WithExtraQueryParameters(Dictionary{string, string})"/>
/// </remarks>
public AcquireTokenOnBehalfOfParameterBuilder AcquireTokenOnBehalfOf(
IEnumerable <string> scopes,
UserAssertion userAssertion)
{
return(AcquireTokenOnBehalfOfParameterBuilder.Create(
ClientExecutorFactory.CreateConfidentialClientExecutor(this),
scopes,
userAssertion));
}
/// <inheritdoc />
public AcquireTokenOnBehalfOfParameterBuilder AcquireTokenInLongRunningProcess(
IEnumerable <string> scopes,
string longRunningProcessSessionKey)
{
if (string.IsNullOrEmpty(longRunningProcessSessionKey))
{
throw new ArgumentNullException(nameof(longRunningProcessSessionKey));
}
return(AcquireTokenOnBehalfOfParameterBuilder.Create(
ClientExecutorFactory.CreateConfidentialClientExecutor(this),
scopes,
longRunningProcessSessionKey));
}
/// <summary>
/// Acquires an access token for this application (usually a Web API) from the authority configured in the application,
/// in order to access another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow.
/// See https://aka.ms/msal-net-on-behalf-of.
/// This confidential client application was itself called with a token which will be provided in the
/// <paramref name="userAssertion">userAssertion</paramref> parameter.
/// </summary>
/// <param name="scopes">Scopes requested to access a protected API</param>
/// <param name="userAssertion">Instance of <see cref="UserAssertion"/> containing credential information about
/// the user on behalf of whom to get a token.</param>
/// <returns>A builder enabling you to add optional parameters before executing the token request</returns>
/// <remarks>You can also chain the following optional parameters:
/// <see cref="AbstractAcquireTokenParameterBuilder{T}.WithExtraQueryParameters(Dictionary{string, string})"/>
/// </remarks>
public AcquireTokenOnBehalfOfParameterBuilder AcquireTokenOnBehalfOf(
IEnumerable <string> scopes,
UserAssertion userAssertion)
{
if (userAssertion == null)
{
ServiceBundle.ApplicationLogger.Error("User assertion for OBO request should not be null");
throw new MsalClientException(MsalError.UserAssertionNullError);
}
return(AcquireTokenOnBehalfOfParameterBuilder.Create(
ClientExecutorFactory.CreateConfidentialClientExecutor(this),
scopes,
userAssertion));
}
/// <inheritdoc />
public AcquireTokenOnBehalfOfParameterBuilder InitiateLongRunningProcessInWebApi(
IEnumerable <string> scopes,
string userToken,
ref string longRunningProcessSessionKey)
{
if (string.IsNullOrEmpty(userToken))
{
throw new ArgumentNullException(nameof(userToken));
}
UserAssertion userAssertion = new UserAssertion(userToken);
if (string.IsNullOrEmpty(longRunningProcessSessionKey))
{
longRunningProcessSessionKey = userAssertion.AssertionHash;
}
return(AcquireTokenOnBehalfOfParameterBuilder.Create(
ClientExecutorFactory.CreateConfidentialClientExecutor(this),
scopes,
userAssertion,
longRunningProcessSessionKey));
}
