AcquireTokenOptions Class

Default constructor.

Copy constructor for AcquireTokenOptions

Gets the name of the options describing the confidential client application (ClientID, Region, Authority, client credentials). In ASP.NET Core, the authentication options name is the same as the authentication scheme.

A string with one or multiple claims to request. It's a json blob (encoded or not) Normally used with Conditional Access. It receives the Claims member of the UiRequiredException. It can also be used to request specific optional claims, and for CA Auth context

Sets the correlation ID to be used in the request to the STS "/token" endpoint.

An property bag used for extensiblity.

Sets query parameters for the query string in the HTTP request to the "/token" endpoint.

Specifies if the token request will ignore the access token in the token cache and will attempt to acquire a new access token. If true, the request will ignore the token cache. The default is false. Use this option with care and only when needed, for instance, if you know that conditional access policies have changed, for it induces performance degradation, as the token cache is not utilized, and the STS might throttle the app.

Key used for long running web APIs that need to call downstream web APIs on behalf of the user. Can be null, if you are not developing a long running web API, LongRunningWebApiSessionKeyAuto if you want the token acquirer to allocate a session key for you, or your own string if you want to associate the session with some information you have externally (for instance a Microsoft Graph hook identifier).

Value that can be used for LongRunningWebApiSessionKey so that the token acquirer allocates the long running web api session key for the developer.

When ManagedIdentity is set, the application uses a managed identity instead of client credentials to acquire an app token. To use a system-assigned identity, simply leave UserAssignedClientId null. To use a user-assigned identity, set UserAssignedClientId to the ClientID of the user-assigned identity you want to use. Using either form of managed identity requires the application to be deployed on Azure and the managed identity to be configured. For more details, check the managed identities for Azure documentation.

In addition to the PopPublicKey, specify the PopClaim when needed in specific POP protocols.

Modifies the token acquisition request so that the acquired token is a Proof of Possession token (PoP), rather than a Bearer token. PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage. See https://aka.ms/msal-net-pop.

(Microsoft identity specific) Enables to override the tenant/account for which to get a token. This is useful in multi-tenant apps in the cases where a given user account is a guest in other tenants, and you want to acquire tokens for a specific tenant.

(Microsoft identity specific) In the case of AzureAD B2C, uses a particular user flow.

Performs a shallow Clone the options (to be able to override them).