internal AcquireTokenInteractiveParameterBuilder WithCurrentSynchronizationContext()
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithCurrentSynchronizationContext);
Parameters.UiParent.SynchronizationContext = SynchronizationContext.Current;
return(this);
}
/// <summary>
/// </summary>
/// <param name="extraScopesToConsent">Scopes that you can request the end user to consent upfront,
/// in addition to the scopes for the protected Web API for which you want to acquire a security token.</param>
/// <returns>The builder to chain the .With methods</returns>
public AcquireTokenInteractiveParameterBuilder WithExtraScopesToConsent(IEnumerable <string> extraScopesToConsent)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithExtraScopesToConsent);
Parameters.ExtraScopesToConsent = extraScopesToConsent;
return(this);
}
/// <summary>
/// Specifies the what the interactive experience is for the user.
/// </summary>
/// <param name="prompt">Requested interactive experience. The default is <see cref="Prompt.SelectAccount"/>
/// </param>
/// <returns>The builder to chain the .With methods</returns>
public AcquireTokenInteractiveParameterBuilder WithPrompt(Prompt prompt)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithPrompt);
Parameters.Prompt = prompt;
return(this);
}
/// <summary> /// Sets the <paramref name="loginHint"/>, in order to avoid select account /// dialogs in the case the user is signed-in with several identities. This method is mutually exclusive /// with <see cref="WithAccount(IAccount)"/>. If both are used, an exception will be thrown /// </summary> /// <param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>[email protected]</c></param> /// <returns>The builder to chain the .With methods</returns> public AcquireTokenInteractiveParameterBuilder WithLoginHint(string loginHint) { CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithLoginHint); Parameters.LoginHint = loginHint; return(this); }
/// <summary>
/// Sets the account for which the token will be retrieved. This method is mutually exclusive
/// with <see cref="WithLoginHint(string)"/>. If both are used, an exception will be thrown
/// </summary>
/// <param name="account">Account to use for the interactive token acquisition. See <see cref="IAccount"/> for ways to get an account</param>
/// <returns>The builder to chain the .With methods</returns>
public AcquireTokenInteractiveParameterBuilder WithAccount(IAccount account)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAccount);
Parameters.Account = account;
return(this);
}
private AcquireTokenOnBehalfOfParameterBuilder WithUserAssertion(UserAssertion userAssertion)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithUserAssertion);
Parameters.UserAssertion = userAssertion;
return(this);
}
/// <summary> /// Specifies the username. /// </summary> /// <param name="username">Identifier of the user account for which to acquire a token with /// Integrated Windows authentication. Generally in UserPrincipalName (UPN) format, /// e.g. <c>[email protected]</c></param> /// <returns>The builder to chain the .With methods</returns> public AcquireTokenByIntegratedWindowsAuthParameterBuilder WithUsername(string username) { CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithUsername); Parameters.Username = username; return(this); }
/// <summary>
/// </summary>
/// <param name="loginHint"></param>
/// <returns></returns>
public GetAuthorizationRequestUrlParameterBuilder WithLoginHint(string loginHint)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithLoginHint);
Parameters.LoginHint = loginHint;
return(this);
}
/// <summary>
/// </summary>
/// <param name="account"></param>
/// <returns></returns>
public GetAuthorizationRequestUrlParameterBuilder WithAccount(IAccount account)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAccount);
Parameters.Account = account;
return(this);
}
private AcquireTokenSilentParameterBuilder WithLoginHint(string loginHint)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithLoginHint);
Parameters.LoginHint = loginHint;
return(this);
}
/// <summary>
/// Sets the redirect URI to add to the Authorization request URL
/// </summary>
/// <param name="redirectUri">Address to return to upon receiving a response from the authority.</param>
/// <returns></returns>
public GetAuthorizationRequestUrlParameterBuilder WithRedirectUri(string redirectUri)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithRedirectUri);
Parameters.RedirectUri = redirectUri;
return(this);
}
private AcquireTokenSilentParameterBuilder WithAccount(IAccount account)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAccount);
Parameters.Account = account;
return(this);
}
/// <summary>
/// Specifies if the x5c claim (public key of the certificate) should be sent to the STS.
/// Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
/// this method will send the public certificate to Azure AD along with the token request,
/// so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
/// This saves the application admin from the need to explicitly manage the certificate rollover
/// (either via portal or powershell/CLI operation)
/// </summary>
/// <param name="withSendX5C"><c>true</c> if the x5c should be sent. Otherwise <c>false</c>.
/// The default is <c>false</c></param>
/// <returns>The builder to chain the .With methods</returns>
public AcquireTokenByAuthorizationCodeParameterBuilder WithSendX5C(bool withSendX5C)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithSendX5C);
Parameters.SendX5C = withSendX5C;
return(this);
}
/// <summary>
/// Specifies if the public client application should used an embedded web browser
/// or the system default browser
/// </summary>
/// <param name="useEmbeddedWebView">If <c>true</c>, will use an embedded web browser,
/// otherwise will attempt to use a system web browser. The default depends on the platform:
/// <c>false</c> for Xamarin.iOS and Xamarin.Android, and <c>true</c> for .NET Framework,
/// and UWP</param>
/// <returns>The builder to chain the .With methods</returns>
public AcquireTokenInteractiveParameterBuilder WithUseEmbeddedWebView(bool useEmbeddedWebView)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithEmbeddedWebView);
Parameters.UseEmbeddedWebView = useEmbeddedWebView;
return(this);
}
/// <summary>
/// Specifies if the client application should force refreshing the
/// token from the user token cache. By default the token is taken from the
/// the user token cache (forceRefresh=false)
/// </summary>
/// <param name="forceRefresh">If <c>true</c>, ignore any access token in the user token cache
/// and attempt to acquire new access token using the refresh token for the account
/// if one is available. This can be useful in the case when the application developer wants to make
/// sure that conditional access policies are applied immediately, rather than after the expiration of the access token.
/// The default is <c>false</c></param>
/// <returns>The builder to chain the .With methods</returns>
/// <remarks>Avoid unnecessarily setting <paramref name="forceRefresh"/> to <c>true</c> true in order to
/// avoid negatively affecting the performance of your application</remarks>
public AcquireTokenOnBehalfOfParameterBuilder WithForceRefresh(bool forceRefresh)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithForceRefresh, forceRefresh);
Parameters.ForceRefresh = forceRefresh;
return(this);
}
/// <summary>
/// </summary>
/// <param name="extraScopesToConsent"></param>
/// <returns></returns>
public GetAuthorizationRequestUrlParameterBuilder WithExtraScopesToConsent(IEnumerable <string> extraScopesToConsent)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithExtraScopesToConsent);
Parameters.ExtraScopesToConsent = extraScopesToConsent;
return(this);
}
/// <summary>
/// Sets claims in the query. Use when the AAD admin has enabled conditional access. Acquiring the token normally will result in a
/// <see cref="MsalServiceException"/> with the <see cref="MsalServiceException.Claims"/> property set. Retry the
/// token acquisition, and use this value in the <see cref="WithClaims(string)"/> method. See https://aka.ms/msal-exceptions for details
/// </summary>
/// <param name="claims">A string with one or multiple claims.</param>
/// <returns>The builder to chain .With methods</returns>
public T WithClaims(string claims)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithClaims);
CommonParameters.Claims = claims;
return((T)this);
}
// Default browser WebUI is not available on mobile (Android, iOS, UWP), but allow it at runtime
// to avoid MissingMethodException
#if NET_CORE || NETSTANDARD || DESKTOP || RUNTIME
/// <summary>
/// Specifies options for using the system OS browser handle interactive authentication.
/// </summary>
/// <param name="options">Data object with options</param>
/// <returns>The builder to chain the .With methods</returns>
public AcquireTokenInteractiveParameterBuilder WithSystemWebViewOptions(SystemWebViewOptions options)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithSystemBrowserOptions);
Parameters.UiParent.SystemWebViewOptions = options;
return(this);
}
/// <summary>
/// Specifies if the x5c claim (public key of the certificate) should be sent to the STS.
/// Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
/// this method will send the public certificate to Azure AD along with the token request,
/// so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
/// This saves the application admin from the need to explicitly manage the certificate rollover
/// (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
/// </summary>
/// <param name="withSendX5C"><c>true</c> if the x5c should be sent. Otherwise <c>false</c>.
/// The default is <c>false</c></param>
/// <returns>The builder to chain the .With methods</returns>
public AcquireTokenOnBehalfOfParameterBuilder WithSendX5C(bool withSendX5C)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithSendX5C, withSendX5C);
Parameters.SendX5C = withSendX5C;
return(this);
}
/// <summary>
/// Specifies if the token request should be sent to regional ESTS.
/// If set, MSAL tries to auto-detect and use a regional Azure authority. This helps keep the authentication traffic inside the Azure region.
/// If the region cannot be determined (e.g. not running on Azure), MSALClientException is thrown with error code region_discovery_failed.
/// This feature requires configuration at tenant level.
/// By default the value for this variable is false.
/// </summary>
/// <param name="autoDetectRegion"><c>true</c> if the token request should be sent to regional ESTS. Otherwise <c>false</c>.
/// The default is <c>false</c></param>
/// <returns>The builder to chain the .With methods</returns>
public AcquireTokenForClientParameterBuilder WithAzureRegion(bool autoDetectRegion)
{
CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithAzureRegion, autoDetectRegion);
Parameters.AutoDetectRegion = autoDetectRegion;
return(this);
}
