Nikopol/FuckEDM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2d751f9414
FuckEDM/test2/packages/Microsoft.Identity.Client.4.61.3/lib/net6.0/Microsoft.Identity.Client.xml

11210 lines
755 KiB
XML
Raw Normal View History

Upload hot garbage
2024-11-25 21:45:10 +04:00
<?xml version="1.0"?>
<doc>
<assembly>
<name>Microsoft.Identity.Client</name>
</assembly>
<members>
<member name="T:Microsoft.Identity.Client.Account">
<summary>
Contains information about a single account. A user can be present in multiple directories and thus have multiple accounts.
This information is used for token cache lookup and enforcing the user session on the STS authorize endpoint.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Account.#ctor(System.String,System.String,System.String,System.Collections.Generic.IDictionary{System.String,System.String},System.Collections.Generic.IEnumerable{Microsoft.Identity.Client.TenantProfile})">
<summary>
Constructor for the account instance.
</summary>
<param name="homeAccountId">Home account ID in "uid.utid" format; can be null, for example when migrating the ADAL v3 cache.</param>
<param name="username"><see href="https://learn.microsoft.com/windows/win32/secauthn/user-name-formats#user-principal-name">UPN-style</see>, can be null</param>
<param name="environment">Identity provider for the account, e.g., <c>login.microsoftonline.com</c>.</param>
<param name="wamAccountIds">Map of (<c>client_id</c>, <c>wam_account_id</c>)</param>
<param name="tenantProfiles">Map of (<c>tenant_id</c>, <c>tenant_profile</c>)</param>
</member>
<member name="P:Microsoft.Identity.Client.Account.Username">
<summary>
Gets the username associated with the account. For example, <c>account@example.com</c>.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Account.Environment">
<summary>
Gets the environment associated with the account. For example, <c>login.microsoftonline.com</c>.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Account.HomeAccountId">
<summary>
Gets additional account identifiers, such as object ID, tenant ID, and the unique identifier.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Account.TenantProfiles">
<summary>
Gets the list of tenant profiles.
</summary>
<remarks>
The same account can exist in its home tenant and also as a guest in multiple other tenants.
A <see cref="T:Microsoft.Identity.Client.TenantProfile"/> is derived from the ID token for that tenant.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.Account.WamAccountIds">
<summary>
Gets a dictionary representing the mapping between the requesting client ID and the unique account ID.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AccountExtensions">
<summary>
Extension methods for <see cref="T:Microsoft.Identity.Client.IAccount"/>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AccountExtensions.GetTenantProfiles(Microsoft.Identity.Client.IAccount)">
<summary>
The same account can exist in its home tenant and also as a guest in multiple other tenants.
<see cref="T:Microsoft.Identity.Client.TenantProfile"/> is derived from the ID token for that tenant.
</summary>
<remarks>Only tenants for which a token was acquired will be available in <see cref="P:Microsoft.Identity.Client.Account.TenantProfiles"/> property.</remarks>
</member>
<member name="T:Microsoft.Identity.Client.AccountId">
<summary>
An identifier for an account in a specific tenant. Returned by <see cref="P:IAccount.HomeAccountId"/>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AccountId.Identifier">
<summary>
Unique identifier for the account
</summary>
<remarks>
For the Microsoft identity platform (formerly named Azure AD v2.0), the identifier is the concatenation of
<see cref="P:Microsoft.Identity.Client.AccountId.ObjectId"/> and <see cref="P:Microsoft.Identity.Client.AccountId.TenantId"/> separated by a period.
Unlike in ADAL.NET, these two segments are no longer base64-encoded.
Note that there are some legitimate cases (for instance domain takeover) where the same <c>ObjectId</c> may show up in multiple tenants.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.AccountId.ObjectId">
<summary>
For Microsoft Entra ID, a string representation for a GUID which is the object ID of the user owning the account in the tenant
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AccountId.TenantId">
<summary>
For Microsoft Entra ID, a string representation for a GUID which is the ID of the tenant where the account resides.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AccountId.#ctor(System.String,System.String,System.String)">
<summary>
Constructor for an account ID.
</summary>
<param name="identifier">Unique identifier for the account.</param>
<param name="objectId">A string representation for a GUID which is the ID of the user owning the account in the tenant.</param>
<param name="tenantId">A string representation for a GUID which is the ID of the tenant where the account resides.</param>
</member>
<member name="M:Microsoft.Identity.Client.AccountId.#ctor(System.String)">
<summary>
Constructor of an AccountId meant for Active Directory Federation Services (ADFS) scenarios since ADFS instances lack tenant IDs.
</summary>
<param name="adfsIdentifier">Unique identifier for the account if authority is ADFS.</param>
</member>
<member name="M:Microsoft.Identity.Client.AccountId.Equals(System.Object)">
<summary>
Two accounts are equal when their <see cref="P:Microsoft.Identity.Client.AccountId.Identifier"/> properties match.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AccountId.GetHashCode">
<summary>
GetHashCode implementation to match <see cref="M:Microsoft.Identity.Client.AccountId.Equals(System.Object)"/>.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AccountId.ToString">
<summary>
Textual description of an <see cref="T:Microsoft.Identity.Client.AccountId"/>.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1">
<inheritdoc/>
<typeparam name="T"></typeparam>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.#ctor">
<summary>
Default constructor for AbstractAcquireTokenParameterBuilder.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithScopes(System.Collections.Generic.IEnumerable{System.String})">
<summary>
Specifies which scopes to request. This method is used when your application needs
to specify the scopes needed to call a protected API. See
<see>https://docs.microsoft.com/azure/active-directory/develop/v2-permissions-and-consent</see> to learn
more about scopes, permissions and consent, and
<see>https://docs.microsoft.com/azure/active-directory/develop/msal-v1-app-scopes</see> to learn how
to create scopes for legacy applications which used to expose OAuth2 permissions.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithExtraQueryParameters(System.Collections.Generic.Dictionary{System.String,System.String})">
<summary>
Sets Extra Query Parameters for the query string in the HTTP authentication request.
</summary>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority
as a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithClaims(System.String)">
<summary>
Sets claims in the query. Use when the AAD admin has enabled conditional access. Acquiring the token normally will result in a
<see cref="T:Microsoft.Identity.Client.MsalUiRequiredException"/> with the <see cref="P:Microsoft.Identity.Client.MsalServiceException.Claims"/> property set. Retry the
token acquisition, and use this value in the <see cref="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithClaims(System.String)"/> method. See https://aka.ms/msal-exceptions for details
as well as https://aka.ms/msal-net-claim-challenge.
</summary>
<param name="claims">A string with one or multiple claims.</param>
<returns>The builder to chain .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithExtraQueryParameters(System.String)">
<summary>
Sets Extra Query Parameters for the query string in the HTTP authentication request.
</summary>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
The string needs to be properly URL-encoded and ready to send as a string of segments of the form <c>key=value</c> separated by an ampersand character.
</param>
<returns>The builder to chain .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithAuthority(System.String,System.Boolean)">
<summary>
Important: Use WithTenantId or WithTenantIdFromAuthority instead, or WithB2CAuthority for B2C authorities.
Specific authority for which the token is requested. Passing a different value than configured
at the application constructor narrows down the selection to a specific tenant.
This does not change the configured value in the application. This is specific
to applications managing several accounts (like a mail client with several mailboxes).
See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="authorityUri">Uri for the authority. In the case when the authority URI is
a known Azure AD URI, this setting needs to be consistent with what is declared in
the application registration portal.</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithAuthority(System.String,System.Guid,System.Boolean)">
<summary>
Important: Use WithTenantId or WithTenantIdFromAuthority instead, or WithB2CAuthority for B2C authorities.
Adds a known Azure AD authority to the application to sign-in users from a single
organization (single tenant application) specified by its tenant ID. See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="cloudInstanceUri">Azure Cloud instance.</param>
<param name="tenantId">GUID of the tenant from which to sign-in users.</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithAuthority(System.String,System.String,System.Boolean)">
<summary>
Important: Use WithTenantId or WithTenantIdFromAuthority instead, or WithB2CAuthority for B2C authorities.
Adds a known Azure AD authority to the application to sign-in users from a single
organization (single tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="cloudInstanceUri">Uri to the Azure Cloud instance (for instance
<c>https://login.microsoftonline.com)</c>.</param>
<param name="tenant">Tenant Id associated with the tenant from which to sign-in users.</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<remarks>
<paramref name="tenant"/> can also contain the string representation of a GUID (tenantId),
or even <c>common</c>, <c>organizations</c> or <c>consumers</c> but in this case
it's recommended to use another override (<see cref="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance,System.Guid,System.Boolean)"/>
and <see cref="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance,Microsoft.Identity.Client.AadAuthorityAudience,System.Boolean)"/>
</remarks>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance,System.Guid,System.Boolean)">
<summary>
Important: Use WithTenantId or WithTenantIdFromAuthority instead, or WithB2CAuthority for B2C authorities.
Adds a known Azure AD authority to the application to sign-in users from a single
organization (single tenant application) described by its cloud instance and its tenant ID.
See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure
worldwide cloud, Azure German Cloud, US government ...).</param>
<param name="tenantId">Tenant Id of the tenant from which to sign-in users.</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance,System.String,System.Boolean)">
<summary>
Important: Use WithTenantId or WithTenantIdFromAuthority instead, or WithB2CAuthority for B2C authorities.
Adds a known Azure AD authority to the application to sign-in users from a single
organization (single tenant application) described by its cloud instance and its domain
name or tenant ID. See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure
worldwide cloud, Azure German Cloud, US government ...).</param>
<param name="tenant">Tenant Id of the tenant from which to sign-in users. This can also be a GUID.</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance,Microsoft.Identity.Client.AadAuthorityAudience,System.Boolean)">
<summary>
Adds a known Azure AD authority to the application to sign-in users specifying
the cloud instance and the sign-in audience. See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure
worldwide cloud, Azure German Cloud, US government ...).</param>
<param name="authorityAudience">Sign-in audience (one AAD organization,
any work and school accounts, or any work and school accounts and Microsoft personal
accounts.</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithAuthority(Microsoft.Identity.Client.AadAuthorityAudience,System.Boolean)">
<summary>
Important: Use WithTenantId or WithTenantIdFromAuthority instead, or WithB2CAuthority for B2C authorities.
Adds a known Azure AD authority to the application to sign-in users specifying
the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="authorityAudience">Sign-in audience (one AAD organization,
any work and school accounts, or any work and school accounts and Microsoft personal
accounts.</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithTenantId(System.String)">
<summary>
Overrides the tenant ID specified in the authority at the application level. This operation preserves the authority host (environment).
If an authority was not specified at the application level, the default used is `https://login.microsoftonline.com/common`.
</summary>
<param name="tenantId">Tenant ID of the Microsoft Entra ID tenant
or a domain associated with this Microsoft Entra ID tenant, in order to sign-in a user of a specific organization only.</param>
<returns>The builder to chain the .With methods.</returns>
<exception cref="T:System.ArgumentNullException">Thrown if <paramref name="tenantId"/> is null or an empty string.</exception>
<exception cref="T:System.ArgumentException">Thrown if <paramref name="tenantId"/> is not well-formatted (for example, has spaces).</exception>
<exception cref="T:Microsoft.Identity.Client.MsalClientException">Thrown in more general exception scenarios (for ex. if the application was configured with an authority that does not allow tenants).</exception>
<remarks>
The tenant should be more restrictive than the one configured at the application level, e.g. don't use "common".
Does not affect authority validation, which is specified at the application level.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithTenantIdFromAuthority(System.Uri)">
<summary>
Extracts the tenant ID from the provided authority URI and overrides the tenant ID specified in the authority at the application level. This operation preserves the authority host (environment) provided to the application builder.
If an authority was not provided to the application builder, this method will replace the tenant ID in the default authority - `https://login.microsoftonline.com/common`.
</summary>
<param name="authorityUri">URI from which to extract the tenant ID</param>
<returns>The builder to chain the .With methods.</returns>
<exception cref="T:System.ArgumentNullException">Thrown if <paramref name="authorityUri"/> is null or an empty string.</exception>
<exception cref="T:System.ArgumentException">Thrown if <paramref name="authorityUri"/> is not well-formatted (for example, has spaces).</exception>
<exception cref="T:Microsoft.Identity.Client.MsalClientException">Thrown in general exception scenarios (for example if the application was configured with an authority that does not allow tenants).</exception>
<remarks>
The tenant should be more restrictive than the one configured at the application level, e.g. don't use "common".
Does not affect authority validation, which is specified at the application level.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithAdfsAuthority(System.String,System.Boolean)">
<summary>
Adds a known Authority corresponding to an ADFS server. See https://aka.ms/msal-net-adfs.
</summary>
<param name="authorityUri">Authority URL for an ADFS server.</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<remarks>MSAL.NET supports ADFS 2019 or later.</remarks>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithB2CAuthority(System.String)">
<summary>
Adds a known authority corresponding to an Azure AD B2C policy.
See https://aka.ms/msal-net-b2c-specificities
</summary>
<param name="authorityUri">Azure AD B2C authority, including the B2C policy (for instance
<c>"https://fabrikamb2c.b2clogin.com/tfp/{Tenant}/{policy}</c></param>).
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="T:Microsoft.Identity.Client.AbstractClientAppBaseAcquireTokenParameterBuilder`1">
<summary>
Base class for parameter builders common to public client application and confidential
client application token acquisition operations
</summary>
<typeparam name="T"></typeparam>
</member>
<member name="M:Microsoft.Identity.Client.AbstractClientAppBaseAcquireTokenParameterBuilder`1.ExecuteAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="T:Microsoft.Identity.Client.AbstractConfidentialClientAcquireTokenParameterBuilder`1">
<summary>
Base class for confidential client application token request builders
</summary>
<typeparam name="T"></typeparam>
</member>
<member name="M:Microsoft.Identity.Client.AbstractConfidentialClientAcquireTokenParameterBuilder`1.ExecuteAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AbstractConfidentialClientAcquireTokenParameterBuilder`1.Validate">
<summary>
Validates the parameters of the AcquireToken operation.
</summary>
<exception cref="T:Microsoft.Identity.Client.MsalClientException"></exception>
</member>
<member name="M:Microsoft.Identity.Client.AbstractConfidentialClientAcquireTokenParameterBuilder`1.WithProofOfPossession(Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration)">
<summary>
Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token.
PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows.
See https://aka.ms/msal-net-pop
</summary>
<param name="popAuthenticationConfiguration">Configuration properties used to construct a Proof-of-Possession request.</param>
<returns>The builder.</returns>
<remarks>
<list type="bullet">
<item><description>An Authentication header is automatically added to the request.</description></item>
<item><description>The PoP token is bound to the HTTP request, more specifically to the HTTP method (GET, POST, etc.) and to the Uri (path and query, but not query parameters).</description></item>
<item><description>MSAL creates, reads and stores a key in memory that will be cycled every 8 hours.</description></item>
<item><description>This is an experimental API. The method signature may change in the future without involving a major version upgrade.</description></item>
</list>
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.AbstractManagedIdentityAcquireTokenParameterBuilder`1">
<summary>
Abstract base class for managed identity application token request builders.
</summary>
<typeparam name="T"></typeparam>
</member>
<member name="M:Microsoft.Identity.Client.AbstractManagedIdentityAcquireTokenParameterBuilder`1.#ctor">
<summary>
Default constructor for AbstractManagedIdentityParameterBuilder.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AbstractManagedIdentityAcquireTokenParameterBuilder`1.ExecuteAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="T:Microsoft.Identity.Client.AbstractPublicClientAcquireTokenParameterBuilder`1">
<summary>
Base class for public client application token request builders
</summary>
<typeparam name="T"></typeparam>
</member>
<member name="M:Microsoft.Identity.Client.AbstractPublicClientAcquireTokenParameterBuilder`1.ExecuteAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.AbstractPublicClientAcquireTokenParameterBuilder`1.PublicClientApplicationExecutor">
<summary>
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AcquireTokenByAuthorizationCodeParameterBuilder">
<summary>
Builder for AcquireTokenByAuthorizationCode
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByAuthorizationCodeParameterBuilder.CalculateApiEventId">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByAuthorizationCodeParameterBuilder.Validate">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByAuthorizationCodeParameterBuilder.ExecuteInternalAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByAuthorizationCodeParameterBuilder.WithSendX5C(System.Boolean)">
<summary>
Applicable to first-party applications only, this method also allows to specify
if the <see href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.7">x5c claim</see> should be sent to Azure AD.
Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
this method will send the certificate chain to Azure AD along with the token request,
so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
This saves the application admin from the need to explicitly manage the certificate rollover
(either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
</summary>
<param name="withSendX5C"><c>true</c> if the x5c should be sent. Otherwise <c>false</c>.
The default is <c>false</c></param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByAuthorizationCodeParameterBuilder.WithPkceCodeVerifier(System.String)">
<summary>
Used to secure authorization code grant via Proof of Key for Code Exchange (PKCE).
See (https://tools.ietf.org/html/rfc7636) for more details.
</summary>
<param name="pkceCodeVerifier">A dynamically created cryptographically random key used to provide proof of possession for the authorization code.
</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByAuthorizationCodeParameterBuilder.WithCcsRoutingHint(System.String,System.String)">
<summary>
To help with resiliency, the AAD backup authentication system operates as an AAD backup.
This will provide backup authentication system with a routing hint to help improve performance during authentication.
</summary>
<param name="userObjectIdentifier">GUID which is unique to the user, parsed from the client_info.</param>
<param name="tenantIdentifier">GUID format of the tenant ID, parsed from the client_info.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByAuthorizationCodeParameterBuilder.WithCcsRoutingHint(System.String)">
<summary>
To help with resiliency, the AAD backup authentication system operates as an AAD backup.
This will provide backup authentication system with a routing hint to help improve performance during authentication.
</summary>
<param name="userName">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByAuthorizationCodeParameterBuilder.WithSpaAuthorizationCode(System.Boolean)">
<summary>
Requests an auth code for the frontend (SPA using MSAL.js for instance).
See https://aka.ms/msal-net/spa-auth-code for details.
</summary>
<param name="requestSpaAuthorizationCode "><c>true</c> if a SPA Authorization Code should be returned,
<c>false</c></param> otherwise.
<returns>The builder to chain the .With methods</returns>
</member>
<member name="T:Microsoft.Identity.Client.AcquireTokenByIntegratedWindowsAuthParameterBuilder">
<summary>
Builder for AcquireTokenByIntegratedWindowsAuth
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByIntegratedWindowsAuthParameterBuilder.#ctor(Microsoft.Identity.Client.ApiConfig.Executors.IPublicClientApplicationExecutor)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByIntegratedWindowsAuthParameterBuilder.WithUsername(System.String)">
<summary>
Specifies the username.
</summary>
<remarks>
Specifying the username explicitly is normally not needed, but some Windows administrators
set policies preventing applications from looking up the signed-in user and in that case the username needs to be passed.
</remarks>
<param name="username">Identifier of the user account for which to acquire a token with
Integrated Windows Authentication. Generally in UserPrincipalName (UPN) format,
e.g. <c>john.doe@contoso.com</c></param>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByIntegratedWindowsAuthParameterBuilder.WithFederationMetadata(System.String)">
<summary>
Enables MSAL to read the federation metadata for a WS-Trust exchange from the provided input instead of acquiring it from an endpoint.
This is only applicable for managed ADFS accounts. See https://aka.ms/MsalFederationMetadata.
</summary>
<param name="federationMetadata">Federation metadata in the form of XML.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByIntegratedWindowsAuthParameterBuilder.CalculateApiEventId">
<inheritdoc/>
</member>
<member name="T:Microsoft.Identity.Client.AcquireTokenByRefreshTokenParameterBuilder">
<summary>
Parameter builder for the <see cref="M:Microsoft.Identity.Client.IByRefreshToken.AcquireTokenByRefreshToken(System.Collections.Generic.IEnumerable{System.String},System.String)"/>
method. See https://aka.ms/msal-net-migration-adal2-msal2
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByRefreshTokenParameterBuilder.#ctor(Microsoft.Identity.Client.ApiConfig.Executors.IClientApplicationBaseExecutor)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByRefreshTokenParameterBuilder.ExecuteInternalAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByRefreshTokenParameterBuilder.Validate">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByRefreshTokenParameterBuilder.CalculateApiEventId">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByRefreshTokenParameterBuilder.WithSendX5C(System.Boolean)">
<summary>
Applicable to first-party applications only, this method also allows to specify
if the <see href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.7">x5c claim</see> should be sent to Azure AD.
Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
this method will send the certificate chain to Azure AD along with the token request,
so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
This saves the application admin from the need to explicitly manage the certificate rollover
(either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
</summary>
<param name="withSendX5C"><c>true</c> if the x5c should be sent. Otherwise <c>false</c>.
The default is <c>false</c></param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="T:Microsoft.Identity.Client.AcquireTokenByUsernamePasswordParameterBuilder">
<summary>
Parameter builder for the <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByUsernamePassword(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)"/>
operation. See https://aka.ms/msal-net-up
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByUsernamePasswordParameterBuilder.WithFederationMetadata(System.String)">
<summary>
Enables MSAL to read the federation metadata for a WS-Trust exchange from the provided input instead of acquiring it from an endpoint.
This is only applicable for managed ADFS accounts. See https://aka.ms/MsalFederationMetadata.
</summary>
<param name="federationMetadata">Federation metadata in the form of XML.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByUsernamePasswordParameterBuilder.WithProofOfPossession(System.String,System.Net.Http.HttpMethod,System.Uri)">
<summary>
Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token.
PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows.
Note that only the host and path parts of the request URI will be bound.
See https://aka.ms/msal-net-pop
</summary>
<param name="nonce">Nonce of the protected resource (RP) which will be published as part of the WWWAuthenticate header associated with a 401 HTTP response
or as part of the AuthorityInfo header associated with 200 response. Set it here to make it part of the Signed HTTP Request part of the POP token.</param>
<param name="httpMethod">The HTTP method ("GET", "POST" etc.) method that will be bound to the token. If set to null, the PoP token will not be bound to the method.
Corresponds to the "m" part of the a signed HTTP request.</param>
<param name="requestUri">The URI to bind the signed HTTP request to.</param>
<returns>The builder.</returns>
<remarks>
<list type="bullet">
<item><description>An Authentication header is automatically added to the request.</description></item>
<item><description>The PoP token is bound to the HTTP request, more specifically to the HTTP method (GET, POST, etc.) and to the Uri (path and query, but not query parameters).</description></item>
<item><description>Broker is required to use Proof-of-Possession on public clients.</description></item>
</list>
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByUsernamePasswordParameterBuilder.ExecuteInternalAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenByUsernamePasswordParameterBuilder.CalculateApiEventId">
<inheritdoc/>
</member>
<member name="T:Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder">
<summary>
Builder for AcquireTokenForClient (used in client credential flows, in daemon applications).
See https://aka.ms/msal-net-client-credentials
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder.#ctor(Microsoft.Identity.Client.ApiConfig.Executors.IConfidentialClientApplicationExecutor)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder.WithForceRefresh(System.Boolean)">
<summary>
Specifies if the token request will ignore the access token in the application token cache
and will attempt to acquire a new access token using client credentials.
By default the token is taken from the application token cache (forceRefresh=false)
</summary>
<param name="forceRefresh">If <c>true</c>, the request will ignore the token cache. The default is <c>false</c>
</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder.WithSendX5C(System.Boolean)">
<summary>
Applicable to first-party applications only, this method also allows to specify
if the <see href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.7">x5c claim</see> should be sent to Azure AD.
Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
this method will send the certificate chain to Azure AD along with the token request,
so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
This saves the application admin from the need to explicitly manage the certificate rollover
(either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
</summary>
<param name="withSendX5C"><c>true</c> if the x5c should be sent. Otherwise <c>false</c>.
The default is <c>false</c></param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder.WithAzureRegion(System.Boolean)">
<summary>
Please use WithAzureRegion on the ConfidentialClientApplicationBuilder object
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder.WithPreferredAzureRegion(System.Boolean,System.String,System.Boolean)">
<summary>
Please use WithAzureRegion on the ConfidentialClientApplicationBuilder object
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder.ExecuteInternalAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder.Validate">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder.CalculateApiEventId">
<inheritdoc/>
</member>
<member name="T:Microsoft.Identity.Client.AcquireTokenForManagedIdentityParameterBuilder">
<summary>
Builder for AcquireTokenForManagedIdentity (used to get token for managed identities).
See https://aka.ms/msal-net-managed-identity
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenForManagedIdentityParameterBuilder.#ctor(Microsoft.Identity.Client.ApiConfig.Executors.IManagedIdentityApplicationExecutor)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenForManagedIdentityParameterBuilder.WithForceRefresh(System.Boolean)">
<summary>
Specifies if the token request will ignore the access token in the application token cache
and will attempt to acquire a new access token for managed identity.
By default the token is taken from the application token cache (forceRefresh=false)
</summary>
<param name="forceRefresh">If <c>true</c>, the request will ignore the token cache. The default is <c>false</c>
</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenForManagedIdentityParameterBuilder.ExecuteInternalAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenForManagedIdentityParameterBuilder.CalculateApiEventId">
<inheritdoc/>
</member>
<member name="T:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder">
<summary>
Builder for an Interactive token request. See https://aka.ms/msal-net-acquire-token-interactively
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithUseEmbeddedWebView(System.Boolean)">
<summary>
Specifies if the public client application should used an embedded web browser
or the system default browser. If the broker (WAM, Authenticator, Company Portal) is configured,
this setting is only used when the broker is not installed.
On .NET, including net8-windows, app developers must reference Microsoft.Identity.Client.Desktop
and call PublicClientApplicationBuilder.WithDesktopFeatures() to enable the embedded web browser.
</summary>
<param name="useEmbeddedWebView">If <c>true</c>, will use an embedded web browser,
otherwise will attempt to use a system web browser. The default depends on the platform:
<c>false</c> for iOS and Android, and <c>true</c> for .NET Framework</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithSystemWebViewOptions(Microsoft.Identity.Client.SystemWebViewOptions)">
<summary>
Specifies options for using the system OS browser handle interactive authentication.
</summary>
<param name="options">Data object with options</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithEmbeddedWebViewOptions(Microsoft.Identity.Client.EmbeddedWebViewOptions)">
<summary>
Specifies options for using the embedded web view for interactive authentication.
</summary>
<param name="options">Data object with options</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithLoginHint(System.String)">
<summary>
Sets the <paramref name="loginHint"/>, in order to avoid select account
dialogs in the case the user is signed-in with several identities. This method is mutually exclusive
with <see cref="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithAccount(Microsoft.Identity.Client.IAccount)"/>. If both are used, an exception will be thrown
</summary>
<param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithAccount(Microsoft.Identity.Client.IAccount)">
<summary>
Sets the account for which the token will be retrieved. This method is mutually exclusive
with <see cref="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithLoginHint(System.String)"/>. If both are used, an exception will be thrown
</summary>
<param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithExtraScopesToConsent(System.Collections.Generic.IEnumerable{System.String})">
<summary>
</summary>
<param name="extraScopesToConsent">Scopes that you can request the end user to consent upfront,
in addition to the scopes for the protected Web API for which you want to acquire a security token.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithPrompt(Microsoft.Identity.Client.Prompt)">
<summary>
Specifies the what the interactive experience is for the user.
</summary>
<param name="prompt">Requested interactive experience. The default is <see cref="F:Microsoft.Identity.Client.Prompt.SelectAccount"/>
</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithParentActivityOrWindow(System.Object)">
<summary>
Sets a reference to the ViewController (if using iOS), Activity (if using Android)
IWin32Window or IntPtr (if using .Net Framework). Used for invoking the browser.
</summary>
<remarks>Mandatory only on Android. Can also be set via the PublicClientApplication builder.</remarks>
<param name="parent">The parent as an object, so that it can be used from shared NetStandard assemblies</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithParentActivityOrWindow(System.IntPtr)">
<summary>
Sets a reference to the IntPtr to a window that triggers the browser to be shown.
Used to center the browser that pop-up onto this window.
The center of the screen or the foreground app if a value is configured.
</summary>
<param name="window">The current window as IntPtr</param>
<returns>The builder to chain the .With methods</returns>
<remarks></remarks>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithProofOfPossession(System.String,System.Net.Http.HttpMethod,System.Uri)">
<summary>
Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token.
PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows.
Note that only the host and path parts of the request URI will be bound.
See https://aka.ms/msal-net-pop
</summary>
<param name="nonce">Nonce of the protected resource which will be published as part of the WWW-Authenticate header associated with a 401 HTTP response
or as part of the AuthorityInfo header associated with 200 response. Set it here to make it part of the Signed HTTP Request part of the PoP token.</param>
<param name="httpMethod">The HTTP method ("GET", "POST" etc.) method that will be bound to the token. If set to null, the PoP token will not be bound to the method.
Corresponds to the "m" part of the a signed HTTP request.</param>
<param name="requestUri">The URI to bind the signed HTTP request to.</param>
<returns>The builder.</returns>
<remarks>
<list type="bullet">
<item><description>An Authentication header is automatically added to the request.</description></item>
<item><description>The PoP token is bound to the HTTP request, more specifically to the HTTP method (GET, POST, etc.) and to the Uri (path and query, but not query parameters).</description></item>
<item><description>Broker is required to use Proof-of-Possession on public clients.</description></item>
</list>
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.Validate">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.ExecuteInternalAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="T:Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder">
<summary>
Builder for AcquireTokenOnBehalfOf (OBO flow)
See https://aka.ms/msal-net-on-behalf-of
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder.#ctor(Microsoft.Identity.Client.ApiConfig.Executors.IConfidentialClientApplicationExecutor)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder.WithCacheKey(System.String)">
<summary>
Specifies a key by which to look up the token in the cache instead of searching by an assertion.
</summary>
<param name="cacheKey">Key by which to look up the token in the cache</param>
<returns>A builder enabling you to add optional parameters before executing the token request</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder.WithSendX5C(System.Boolean)">
<summary>
Applicable to first-party applications only, this method also allows to specify
if the <see href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.7">x5c claim</see> should be sent to Azure AD.
Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
this method will send the certificate chain to Azure AD along with the token request,
so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
This saves the application admin from the need to explicitly manage the certificate rollover
(either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
</summary>
<param name="withSendX5C"><c>true</c> if the x5c should be sent. Otherwise <c>false</c>.
The default is <c>false</c></param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder.WithForceRefresh(System.Boolean)">
<summary>
Specifies if the client application should force refreshing the
token from the user token cache. By default the token is taken from the
the user token cache (forceRefresh=false)
</summary>
<param name="forceRefresh">If <c>true</c>, ignore any access token in the user token cache
and attempt to acquire new access token using the refresh token for the account
if one is available. This can be useful in the case when the application developer wants to make
sure that conditional access policies are applied immediately, rather than after the expiration of the access token.
The default is <c>false</c></param>
<returns>The builder to chain the .With methods</returns>
<remarks>Avoid unnecessarily setting <paramref name="forceRefresh"/> to <c>true</c> true in order to
avoid negatively affecting the performance of your application</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder.WithCcsRoutingHint(System.String,System.String)">
<summary>
To help with resiliency, the AAD backup authentication system operates as an AAD backup.
This will provide the AAD backup authentication system with a routing hint to help improve performance during authentication.
</summary>
<param name="userObjectIdentifier">GUID which is unique to the user, parsed from the client_info.</param>
<param name="tenantIdentifier">GUID format of the tenant ID, parsed from the client_info.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder.WithCcsRoutingHint(System.String)">
<summary>
To help with resiliency, the AAD backup authentication system operates as an AAD backup.
This will provide the AAD backup authentication system with a routing hint to help improve performance during authentication.
</summary>
<param name="userName">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder.ExecuteInternalAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder.Validate">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder.CalculateApiEventId">
<inheritdoc/>
</member>
<member name="T:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder">
<inheritdoc/>
<summary>
Parameter builder for the <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/>
operation. See https://aka.ms/msal-net-acquiretokensilent
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder.WithAccount(Microsoft.Identity.Client.IAccount)">
<summary>
Sets the account for which the token will be retrieved. This method is mutually exclusive
with <see cref="M:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder.WithLoginHint(System.String)"/>. If both are used, an exception will be thrown
</summary>
<param name="account">Account to use for the silent token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<returns>The builder to chain the .With methods</returns>
<remarks>An exception will be thrown If AAD returns a different account than the one that is being requested for.</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder.WithForceRefresh(System.Boolean)">
<summary>
Specifies if the client application should force refreshing the
token from the user token cache. By default the token is taken from the
the user token cache (forceRefresh=false)
</summary>
<param name="forceRefresh">If <c>true</c>, ignore any access token in the user token cache
and attempt to acquire new access token using the refresh token for the account
if one is available. This can be useful in the case when the application developer wants to make
sure that conditional access policies are applied immediately, rather than after the expiration of the access token.
The default is <c>false</c></param>
<returns>The builder to chain the .With methods</returns>
<remarks>Avoid unnecessarily setting <paramref name="forceRefresh"/> to <c>true</c> true in order to
avoid negatively affecting the performance of your application</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder.ExecuteInternalAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder.Validate">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder.CalculateApiEventId">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder.WithSendX5C(System.Boolean)">
<summary>
Applicable to first-party applications only, this method also allows to specify
if the <see href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.7">x5c claim</see> should be sent to Azure AD.
Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
this method will send the certificate chain to Azure AD along with the token request,
so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
This saves the application admin from the need to explicitly manage the certificate rollover
(either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
</summary>
<param name="withSendX5C"><c>true</c> if the x5c should be sent. Otherwise <c>false</c>.
The default is <c>false</c></param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder.WithProofOfPossession(Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration)">
<summary>
Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token.
PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows.
See https://aka.ms/msal-net-pop
</summary>
<param name="popAuthenticationConfiguration">Configuration properties used to construct a Proof-of-Possession request.</param>
<remarks>
<list type="bullet">
<item><description>An Authentication header is automatically added to the request.</description></item>
<item><description>The PoP token is bound to the HTTP request, more specifically to the HTTP method (GET, POST, etc.) and to the Uri (path and query, but not query parameters).</description></item>
<item><description>MSAL creates, reads and stores a key in memory that will be cycled every 8 hours.</description></item>
<item><description>This is an experimental API. The method signature may change in the future without involving a major version upgrade.</description></item>
</list>
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder.WithProofOfPossession(System.String,System.Net.Http.HttpMethod,System.Uri)">
<summary>
Modifies the token acquisition request so that the acquired token is a Proof-of-Possession token (PoP), rather than a Bearer token.
PoP tokens are similar to Bearer tokens, but are bound to the HTTP request and to a cryptographic key, which MSAL can manage on Windows.
Note that only the host and path parts of the request URI will be bound.
See https://aka.ms/msal-net-pop
</summary>
<param name="nonce">Nonce of the protected resource (RP) which will be published as part of the WWWAuthenticate header associated with a 401 HTTP response
or as part of the AuthorityInfo header associated with 200 response. Set it here to make it part of the Signed HTTP Request part of the POP token.</param>
<param name="httpMethod">The HTTP method ("GET", "POST" etc.) method that will be bound to the token. If set to null, the PoP token will not be bound to the method.
Corresponds to the "m" part of the a signed HTTP request.</param>
<param name="requestUri">The URI to bind the signed HTTP request to.</param>
<returns>The builder.</returns>
<remarks>
<list type="bullet">
<item><description>An Authentication header is automatically added to the request.</description></item>
<item><description>The PoP token is bound to the HTTP request, more specifically to the HTTP method (GET, POST, etc.) and to the Uri (path and query, but not query parameters).</description></item>
<item><description>MSAL creates, reads and stores a key in memory that will be cycled every 8 hours.</description></item>
<item><description>On confidential clients, this is an experimental API. The method signature may change in the future without involving a major version upgrade.</description></item>
<item><description>Broker is required to use Proof-of-Possession on public clients.</description></item>
</list>
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.AcquireTokenWithDeviceCodeParameterBuilder">
<summary>
Parameters builder for the <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenWithDeviceCode(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})"/>
operation. See https://aka.ms/msal-net-device-code-flow
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenWithDeviceCodeParameterBuilder.#ctor(Microsoft.Identity.Client.ApiConfig.Executors.IPublicClientApplicationExecutor)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenWithDeviceCodeParameterBuilder.WithDeviceCodeResultCallback(System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})">
<summary>
Sets the Callback delegate so your application can
interact with the user to direct them to authenticate (to a specific URL, with a code)
</summary>
<param name="deviceCodeResultCallback">callback containing information to show the user about how to authenticate
and enter the device code.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenWithDeviceCodeParameterBuilder.ExecuteInternalAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenWithDeviceCodeParameterBuilder.CalculateApiEventId">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.AcquireTokenWithDeviceCodeParameterBuilder.Validate">
<summary>
</summary>
</member>
<member name="T:Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder`1">
<summary>
Base class for builders of token requests, which attempt to acquire a token
based on the provided parameters.
</summary>
<typeparam name="T"></typeparam>
</member>
<member name="M:Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder`1.#ctor">
<summary>
Default constructor for AbstractAcquireTokenParameterBuilder.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder`1.ExecuteAsync(System.Threading.CancellationToken)">
<summary>
Executes the Token request asynchronously, with a possibility of cancelling the
asynchronous method.
</summary>
<param name="cancellationToken">Cancellation token. See <see cref="T:System.Threading.CancellationToken"/> </param>
<returns>Authentication result containing a token for the requested scopes and parameters
set in the builder.</returns>
<remarks>
<para>
Cancellation is not guaranteed, it is best effort. If the operation reaches a point of no return, e.g.
tokens are acquired and written to the cache, the task will complete even if cancellation was requested.
Do not rely on cancellation tokens for strong consistency.
</para>
<para>
To learn more about potential exceptions thrown by the function, refer to <see href="https://aka.ms/msal-net-exceptions">Exceptions in MSAL.NET</see>.
</para>
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder`1.ExecuteAsync">
<summary>
Executes the Token request asynchronously.
</summary>
<returns>Authentication result containing a token for the requested scopes and parameters
set in the builder.</returns>
</member>
<member name="M:Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder`1.WithCorrelationId(System.Guid)">
<summary>
Sets the correlation id to be used in the authentication request. Used to track a request in the logs of both the SDK and the Identity Provider service.
If not set, a random one will be generated.
</summary>
<param name="correlationId">Correlation id of the authentication request.</param>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder`1.Validate">
<summary>
Validates the parameters of the AcquireToken operation.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.BrokerOptions">
<summary>
The class specifies the options for broker across OperatingSystems
The common properties are direct members
Platform specific properties (if they exist) are part of the corresponding options
</summary>
</member>
<member name="T:Microsoft.Identity.Client.BrokerOptions.OperatingSystems">
<summary>
Supported OperatingSystems
</summary>
</member>
<member name="F:Microsoft.Identity.Client.BrokerOptions.OperatingSystems.None">
<summary>
No OS specified - Invalid options
</summary>
</member>
<member name="F:Microsoft.Identity.Client.BrokerOptions.OperatingSystems.Windows">
<summary>
Use broker on Windows OS
</summary>
</member>
<member name="M:Microsoft.Identity.Client.BrokerOptions.#ctor(Microsoft.Identity.Client.BrokerOptions.OperatingSystems)">
<summary>
Constructor
</summary>
<param name="enabledOn">Choices of OperatingSystems</param>
</member>
<member name="M:Microsoft.Identity.Client.BrokerOptions.CreateFromWindowsOptions(Microsoft.Identity.Client.WindowsBrokerOptions)">
<summary>
Creates BrokerOptions from WindowsBrokerOptions
</summary>
</member>
<member name="P:Microsoft.Identity.Client.BrokerOptions.EnabledOn">
<summary>
Operating systems on which broker is enabled.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.BrokerOptions.Title">
<summary>
Title of the broker window
</summary>
</member>
<member name="P:Microsoft.Identity.Client.BrokerOptions.MsaPassthrough">
<summary>
A legacy option available only to Microsoft First-Party applications. Should be avoided where possible.
</summary>
<remarks>This is a convenience API, the same can be achieved by using WithExtraQueryParameters and passing the extra query parameter "msal_request_type": "consumer_passthrough"</remarks>
</member>
<member name="P:Microsoft.Identity.Client.BrokerOptions.ListOperatingSystemAccounts">
<summary>
Currently only supported on Windows
Allows the Windows broker to list Work and School accounts as part of the <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountsAsync"/>
</summary>
</member>
<member name="T:Microsoft.Identity.Client.EmbeddedWebViewOptions">
<summary>
Options for using the embedded webview.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.EmbeddedWebViewOptions.#ctor">
<summary>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.EmbeddedWebViewOptions.Title">
<summary>
Forces a static title to be set on the window hosting the browser. If not configured, the widow's title is set to the web page title.
</summary>
<remarks>Currently only affects the windows desktop apps (WebView1 / Vulcan and WebView2 browser).</remarks>
</member>
<member name="P:Microsoft.Identity.Client.EmbeddedWebViewOptions.WebView2BrowserExecutableFolder">
<summary>
It is possible for applications to bundle a fixed version of the runtime, and ship it side-by-side.
For this you need to tell MSAL (so it can tell WebView2) where to find the runtime bits by setting this property. If you don't set it, MSAL will attempt to use a system-wide "evergreen" installation of the runtime."
For more details see <see href="https://learn.microsoft.com/dotnet/api/microsoft.web.webview2.core.corewebview2environment.createasync?view=webview2-dotnet-1.0.705.50">CoreWebView2Environment.CreateAsync Method</see>.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ApiConfig.Parameters.AbstractAcquireTokenConfidentialClientParameters">
<summary>
Abstract class for confidential clients
Supports common property(ies)
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApiConfig.Parameters.AbstractAcquireTokenConfidentialClientParameters.SendX5C">
<summary>
Parameter sent to request to send X5C or not.
This overrides application config settings.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApiConfig.Parameters.AbstractAcquireTokenConfidentialClientParameters.SpaCode">
<summary>
if <c>true</c> then Spa code param will be sent via AcquireTokenByAuthorizeCode
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenByIntegratedWindowsAuthParameters">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenByIntegratedWindowsAuthParameters.LogParameters(Microsoft.Identity.Client.Core.ILoggerAdapter)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenByUsernamePasswordParameters.LogParameters(Microsoft.Identity.Client.Core.ILoggerAdapter)">
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenForClientParameters.ForceRefresh">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenForClientParameters.LogParameters(Microsoft.Identity.Client.Core.ILoggerAdapter)">
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenInteractiveParameters.ExtraScopesToConsent">
<summary>
These need to be asked for to the /authorize endpoint (for consent)
but not to the /token endpoint
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenOnBehalfOfParameters.UserAssertion">
<remarks>
User assertion is null when <see cref="M:Microsoft.Identity.Client.ILongRunningWebApi.InitiateLongRunningProcessInWebApi(System.Collections.Generic.IEnumerable{System.String},System.String,System.String@)"/> is called.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenOnBehalfOfParameters.LongRunningOboCacheKey">
<summary>
User-provided cache key for long-running OBO flow.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenOnBehalfOfParameters.SearchInCacheForLongRunningObo">
<summary>
Only affects <see cref="M:Microsoft.Identity.Client.ILongRunningWebApi.InitiateLongRunningProcessInWebApi(System.Collections.Generic.IEnumerable{System.String},System.String,System.String@)"/>.
When enabled, mimics MSAL 4.50.0 and below behavior - checks in cache for cached tokens first,
and if not found, then uses user assertion to request new tokens from AAD.
When disabled (default behavior), doesn't search in cache, but uses the user assertion to retrieve tokens from AAD.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenOnBehalfOfParameters.LogParameters(Microsoft.Identity.Client.Core.ILoggerAdapter)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenSilentParameters.LogParameters(Microsoft.Identity.Client.Core.ILoggerAdapter)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenWithDeviceCodeParameters.LogParameters(Microsoft.Identity.Client.Core.ILoggerAdapter)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ApiConfig.Parameters.GetAuthorizationRequestUrlParameters.LogParameters(Microsoft.Identity.Client.Core.ILoggerAdapter)">
<inheritdoc/>
</member>
<member name="T:Microsoft.Identity.Client.GetAuthorizationRequestUrlParameterBuilder">
<summary>
NOTE: a few of the methods in AbstractAcquireTokenParameterBuilder (e.g. account) don't make sense here.
Do we want to create a further base that contains ALL of the common methods, and then have another one including
account, etc
that are only used for AcquireToken?
</summary>
</member>
<member name="M:Microsoft.Identity.Client.GetAuthorizationRequestUrlParameterBuilder.WithRedirectUri(System.String)">
<summary>
Sets the redirect URI to add to the Authorization request URL
</summary>
<param name="redirectUri">Address to return to upon receiving a response from the authority.</param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.GetAuthorizationRequestUrlParameterBuilder.WithLoginHint(System.String)">
<summary>
</summary>
<param name="loginHint"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.GetAuthorizationRequestUrlParameterBuilder.WithAccount(Microsoft.Identity.Client.IAccount)">
<summary>
</summary>
<param name="account"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.GetAuthorizationRequestUrlParameterBuilder.WithExtraScopesToConsent(System.Collections.Generic.IEnumerable{System.String})">
<summary>
</summary>
<param name="extraScopesToConsent"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.GetAuthorizationRequestUrlParameterBuilder.WithPkce(System.String@)">
<summary>
Used to secure authorization code grant via Proof of Key for Code Exchange (PKCE).
For more information, see the PKCE RCF:
https://tools.ietf.org/html/rfc7636
</summary>
<param name="codeVerifier">MSAL.NET will generate it. </param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.GetAuthorizationRequestUrlParameterBuilder.WithCcsRoutingHint(System.String,System.String)">
<summary>
To help with resiliency, the AAD backup authentication system operates as an AAD backup.
This will provide the AAD backup authentication system with a routing hint to help improve performance during authentication.
The hint created with this api will take precedence over the one created with <see cref="M:Microsoft.Identity.Client.GetAuthorizationRequestUrlParameterBuilder.WithLoginHint(System.String)"/>
</summary>
<param name="userObjectIdentifier">GUID which is unique to the user, parsed from the client_info.</param>
<param name="tenantIdentifier">GUID format of the tenant ID, parsed from the client_info.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.GetAuthorizationRequestUrlParameterBuilder.WithPrompt(Microsoft.Identity.Client.Prompt)">
<summary>
Specifies the interactive experience for the user.
</summary>
<param name="prompt">Requested interactive experience. The default is <see cref="F:Microsoft.Identity.Client.Prompt.SelectAccount"/>
</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.GetAuthorizationRequestUrlParameterBuilder.ExecuteInternalAsync(System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.GetAuthorizationRequestUrlParameterBuilder.ExecuteAsync(System.Threading.CancellationToken)">
<summary>
</summary>
<param name="cancellationToken"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.GetAuthorizationRequestUrlParameterBuilder.ExecuteAsync">
<summary>
</summary>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.GetAuthorizationRequestUrlParameterBuilder.CalculateApiEventId">
<inheritdoc/>
</member>
<member name="T:Microsoft.Identity.Client.SystemWebViewOptions">
<summary>
Options for using the default OS browser as a separate process to handle interactive auth.
MSAL will be listening for the OS browser to finish authenticating, but it cannot close the browser.
It can however respond with a 200 OK message or a 302 Redirect, which can be configured here.
For more details see https://aka.ms/msal-net-os-browser
</summary>
<summary>
Use Microsoft Edge to navigate to the given URI. On non-windows platforms it uses
whatever browser is the default.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.SystemWebViewOptions.#ctor">
<summary>
Constructor
</summary>
</member>
<member name="P:Microsoft.Identity.Client.SystemWebViewOptions.HtmlMessageSuccess">
<summary>
When the user finishes authenticating, MSAL will respond with a 200 OK message,
which the browser will show to the user.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.SystemWebViewOptions.HtmlMessageError">
<summary>
When the user finishes authenticating, but an error occurred,
MSAL will respond with a 200 OK message, which the browser will show to the user.
You can use a string format e.g. "An error has occurred: {0} details: {1}"
</summary>
</member>
<member name="P:Microsoft.Identity.Client.SystemWebViewOptions.BrowserRedirectSuccess">
<summary>
When the user finishes authenticating, MSAL will redirect the browser to the given Uri
</summary>
<remarks>Takes precedence over <see cref="P:Microsoft.Identity.Client.SystemWebViewOptions.HtmlMessageSuccess"/></remarks>
</member>
<member name="P:Microsoft.Identity.Client.SystemWebViewOptions.BrowserRedirectError">
<summary>
When the user finishes authenticating, but an error occurred, MSAL will redirect the browser to the given Uri
</summary>
<remarks>Takes precedence over <see cref="P:Microsoft.Identity.Client.SystemWebViewOptions.HtmlMessageError"/></remarks>
</member>
<member name="P:Microsoft.Identity.Client.SystemWebViewOptions.iOSHidePrivacyPrompt">
<summary>
This hides the privacy prompt displayed on iOS Devices (ver 13.0+) when set to true.
By default, it is false and displays the prompt.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.SystemWebViewOptions.OpenBrowserAsync">
<summary>
Allows developers to implement their own logic for starting a browser and navigating to a specific Uri. MSAL
will use this when opening the browser. Leave it null and the user configured browser will be used.
Consider using the static helpers OpenWithEdgeBrowserAsync and OpenWithChromeEdgeBrowserAsync
</summary>
</member>
<member name="M:Microsoft.Identity.Client.SystemWebViewOptions.OpenWithEdgeBrowserAsync(System.Uri)">
<summary>
Use Microsoft Edge to navigate to the given URI. On non-windows platforms it uses
whatever browser is the default.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.SystemWebViewOptions.OpenWithChromeEdgeBrowserAsync(System.Uri)">
<summary>
Use Microsoft Edge Chromium to navigate to the given URI. Requires the browser to be installed.
On Linux, open edge if available otherwise open the default browser.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.WindowsBrokerOptions">
<summary>
Advanced options for using the Windows 10 broker.
For more details see https://aka.ms/msal-net-wam
</summary>
</member>
<member name="M:Microsoft.Identity.Client.WindowsBrokerOptions.#ctor">
<summary>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.WindowsBrokerOptions.MsaPassthrough">
<summary>
A legacy option available only to Microsoft applications. Should be avoided where possible.
Support is experimental.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.WindowsBrokerOptions.ListWindowsWorkAndSchoolAccounts">
<summary>
Allow the Windows broker to list Work and School accounts as part of the <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountsAsync"/>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.WindowsBrokerOptions.HeaderText">
<summary>
Display a custom text in the broker UI controls which support it.
</summary>
<remarks>
Currently only the WAM account picker allows for this customization, see <see href="https://learn.microsoft.com/windows/uwp/security/web-account-manager#add-a-custom-header">WAM documentation</see>.
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.AadAuthorityAudience">
<summary>
Specifies which Microsoft accounts can be used for sign-in with a given application.
See https://aka.ms/msal-net-application-configuration
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AadAuthorityAudience.None">
<summary>
The sign-in audience was not specified
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AadAuthorityAudience.AzureAdMyOrg">
<summary>
Users with a Microsoft work or school account in my organizations Azure AD tenant (i.e. single tenant).
Maps to https://[instance]/[tenantId]
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AadAuthorityAudience.AzureAdAndPersonalMicrosoftAccount">
<summary>
Users with a personal Microsoft account, or a work or school account in any organizations Azure AD tenant
Maps to https://[instance]/common/
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AadAuthorityAudience.AzureAdMultipleOrgs">
<summary>
Users with a Microsoft work or school account in any organizations Azure AD tenant (i.e. multi-tenant).
Maps to https://[instance]/organizations/
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AadAuthorityAudience.PersonalMicrosoftAccount">
<summary>
Users with a personal Microsoft account. Maps to https://[instance]/consumers/
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AbstractApplicationBuilder`1">
<summary>
</summary>
<typeparam name="T"></typeparam>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithInstanceDicoveryMetadata(System.String)">
<summary>
Allows developers to configure their own valid authorities. A json string similar to https://aka.ms/aad-instance-discovery should be provided.
MSAL uses this information to:
<list type="bullet">
<item><description>Call REST APIs on the environment specified in the preferred_network</description></item>
<item><description>Identify an environment under which to save tokens and accounts in the cache</description></item>
<item><description>Use the environment aliases to match tokens issued to other authorities</description></item>
</list>
For more details see https://aka.ms/msal-net-custom-instance-metadata
</summary>
<remarks>
Developers take responsibility for authority validation if they use this method. Should not be used when the authority is not know in advance.
Has no effect on ADFS or B2C authorities, only for AAD authorities</remarks>
<param name="instanceDiscoveryJson"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithInstanceDiscoveryMetadata(System.String)">
<summary>
Allows developers to configure their own valid authorities. A json string similar to https://aka.ms/aad-instance-discovery should be provided.
MSAL uses this information to:
<list type="bullet">
<item><description>Call REST APIs on the environment specified in the preferred_network</description></item>
<item><description>Identify an environment under which to save tokens and accounts in the cache</description></item>
<item><description>Use the environment aliases to match tokens issued to other authorities</description></item>
</list>
For more details see https://aka.ms/msal-net-custom-instance-metadata
</summary>
<remarks>
Developers take responsibility for authority validation if they use this method. Should not be used when the authority is not known in advance.
Has no effect on ADFS or B2C authorities, only for AAD authorities</remarks>
<param name="instanceDiscoveryJson"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithInstanceDicoveryMetadata(System.Uri)">
<summary>
Lets an organization setup their own service to handle instance discovery, which enables better caching for microservice/service environments.
A Uri that returns a response similar to https://aka.ms/aad-instance-discovery should be provided. MSAL uses this information to:
<list type="bullet">
<item><description>Call REST APIs on the environment specified in the preferred_network</description></item>
<item><description>Identify an environment under which to save tokens and accounts in the cache</description></item>
<item><description>Use the environment aliases to match tokens issued to other authorities</description></item>
</list>
For more details see https://aka.ms/msal-net-custom-instance-metadata
</summary>
<remarks>
Developers take responsibility for authority validation if they use this method. Should not be used when the authority is not know in advance.
Has no effect on ADFS or B2C authorities, only for AAD authorities</remarks>
<param name="instanceDiscoveryUri"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithInstanceDiscoveryMetadata(System.Uri)">
<summary>
Lets an organization setup their own service to handle instance discovery, which enables better caching for microservice/service environments.
A Uri that returns a response similar to https://aka.ms/aad-instance-discovery should be provided. MSAL uses this information to:
<list type="bullet">
<item><description>Call REST APIs on the environment specified in the preferred_network</description></item>
<item><description>Identify an environment under which to save tokens and accounts in the cache</description></item>
<item><description>Use the environment aliases to match tokens issued to other authorities</description></item>
</list>
For more details see https://aka.ms/msal-net-custom-instance-metadata
</summary>
<remarks>
Developers take responsibility for authority validation if they use this method. Should not be used when the authority is not known in advance.
Has no effect on ADFS or B2C authorities, only for AAD authorities</remarks>
<param name="instanceDiscoveryUri"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithCacheOptions(Microsoft.Identity.Client.CacheOptions)">
<summary>
Options for MSAL token caches.
MSAL maintains a token cache internally in memory. By default, this cache object is part of each instance of <see cref="T:Microsoft.Identity.Client.PublicClientApplication"/> or <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>.
This method allows customization of the in-memory token cache of MSAL.
MSAL's memory cache is different than token cache serialization. Cache serialization pulls the tokens from a cache (e.g. Redis, Cosmos, or a file on disk),
where they are stored in JSON format, into MSAL's internal memory cache. Memory cache operations do not involve JSON operations.
External cache serialization remains the recommended way to handle desktop apps, web site and web APIs, as it provides persistence. These options
do not currently control external cache serialization.
Detailed guidance for each application type and platform:
https://aka.ms/msal-net-token-cache-serialization
</summary>
<param name="options">Options for the internal MSAL token caches. </param>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithLegacyCacheCompatibility(System.Boolean)">
<summary>
Enables legacy ADAL cache serialization and deserialization.
</summary>
<param name="enableLegacyCacheCompatibility">Enable legacy ADAL cache compatibility.</param>
<returns>The builder to chain the .With methods.</returns>
<remarks>
ADAL is a previous legacy generation of MSAL.NET authentication library.
If you don't use <c>.WithLegacyCacheCompatibility(false)</c>, then by default, the ADAL cache is used
(along with MSAL cache). <c>true</c> flag is only needed for specific migration scenarios
from ADAL.NET to MSAL.NET when both library versions are running side-by-side.
To improve performance add <c>.WithLegacyCacheCompatibility(false)</c> unless you care about migration scenarios.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithTelemetry(Microsoft.Identity.Client.TelemetryCallback)">
<summary>
Sets the telemetry callback. For details see https://aka.ms/msal-net-telemetry
</summary>
<param name="telemetryCallback">Delegate to the callback sending the telemetry
elaborated by the library to the telemetry endpoint of choice</param>
<returns>The builder to chain the .With methods</returns>
<exception cref="T:System.InvalidOperationException"/> is thrown if the method was already
called on the application builder.
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithClientId(System.String)">
<summary>
Sets the Client ID of the application
</summary>
<param name="clientId">Client ID (also known as <i>Application ID</i>) of the application as registered in the
application registration portal (https://aka.ms/msal-net-register-app)</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithRedirectUri(System.String)">
<summary>
Sets the redirect URI of the application. The URI must also be registered in the application portal.
See https://aka.ms/msal-net-application-configuration
</summary>
<param name="redirectUri">URL where the STS will call back the application with the security token.
Public Client Applications - desktop, mobile, console apps - use different browsers (system browser, embedded browses) and brokers
and each has its own rules.
</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithTenantId(System.String)">
<summary>
Sets the tenant ID of the organization from which the application will let
users sign-in. This is classically a GUID or a domain name. See https://aka.ms/msal-net-application-configuration.
Although it is also possible to set <paramref name="tenantId"/> to <c>common</c>,
<c>organizations</c>, and <c>consumers</c>, it's recommended to use one of the
overrides of <see cref="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance,Microsoft.Identity.Client.AadAuthorityAudience,System.Boolean)"/>.
</summary>
<param name="tenantId">tenant ID of the Azure AD tenant
or a domain associated with this Azure AD tenant, in order to sign-in a user of a specific organization only</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithClientName(System.String)">
<summary>
Sets the name of the calling application for telemetry purposes.
</summary>
<param name="clientName">The name of the application for telemetry purposes.</param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithClientVersion(System.String)">
<summary>
Sets the version of the calling application for telemetry purposes.
</summary>
<param name="clientVersion">The version of the calling application for telemetry purposes.</param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithOptions(Microsoft.Identity.Client.ApplicationOptions)">
<summary>
Sets application options, which can, for instance have been read from configuration files.
See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="applicationOptions">Application options</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithExtraQueryParameters(System.Collections.Generic.IDictionary{System.String,System.String})">
<summary>
Sets Extra Query Parameters for the query string in the HTTP authentication request
</summary>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority
as a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithExtraQueryParameters(System.String)">
<summary>
Sets Extra Query Parameters for the query string in the HTTP authentication request
</summary>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
The string needs to be properly URL-encoded and ready to send as a string of segments of the form <c>key=value</c> separated by an ampersand character.
</param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithClientCapabilities(System.Collections.Generic.IEnumerable{System.String})">
<summary>
Microsoft Identity specific OIDC extension that allows resource challenges to be resolved without interaction.
Allows configuration of one or more client capabilities, e.g. "llt"
</summary>
<remarks>
MSAL will transform these into special claims request. See https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter for
details on claim requests.
For more details see https://aka.ms/msal-net-claims-request
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithInstanceDiscovery(System.Boolean)">
<summary>
Determines whether or not instance discovery is performed when attempting to authenticate. Setting this to false will completely disable
instance discovery and authority validation. This will not affect the behavior of application configured with regional endpoints however.
</summary>
<remarks>If instance discovery is disabled and no user metadata is provided, MSAL will use the provided authority without any checks.
<see cref="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithInstanceDiscoveryMetadata(System.String)"/> takes priority over <paramref name="enableInstanceDiscovery"/>
so instance metadata can be provided regardless of this configuration.
</remarks>
<param name="enableInstanceDiscovery">Determines if instance discovery/Authority validation is performed</param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithTelemetry(Microsoft.Identity.Client.ITelemetryConfig)">
<summary>
Generate telemetry aggregation events.
</summary>
<param name="telemetryConfig"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAuthority(System.Uri,System.Boolean)">
<summary>
Adds a known authority to the application. See <see href="https://aka.ms/msal-net-application-configuration">Application configuration options</see>.
This constructor is mainly used for scenarios where the authority is not a standard Azure AD authority,
nor an ADFS authority, nor an Azure AD B2C authority. For Azure AD, even in sovereign clouds, prefer
using other overrides such as <see cref="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance,Microsoft.Identity.Client.AadAuthorityAudience,System.Boolean)"/>
</summary>
<param name="authorityUri">URI of the authority</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<exception cref="T:System.ArgumentNullException">Thrown if <paramref name="authorityUri"/> is null.</exception>
<exception cref="T:System.ArgumentException">Thrown if <paramref name="authorityUri"/> is not well-formatted (for example, has spaces).</exception>
<exception cref="T:Microsoft.Identity.Client.MsalClientException">Thrown in general exception scenarios (for example if the application was configured with multiple different authority hosts).</exception>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAuthority(System.String,System.Boolean)">
<summary>
Adds a known Azure AD authority to the application to sign-in users specifying
the full authority URI. See <see href="https://aka.ms/msal-net-application-configuration">Application configuration options</see>.
</summary>
<param name="authorityUri">URI of the authority from which MSAL.NET will acquire the tokens.
Authority endpoints for the Azure public Cloud are:
<list type="bullet">
<item><description><c>https://login.microsoftonline.com/tenant/</c> where <c>tenant</c> is the tenant ID of the Azure AD tenant
or a domain associated with this Azure AD tenant, in order to sign-in users of a specific organization only</description></item>
<item><description><c>https://login.microsoftonline.com/common/</c> to sign-in users with any work and school accounts or personal Microsoft accounts</description></item>
<item><description><c>https://login.microsoftonline.com/organizations/</c> to sign-in users with any work and school accounts</description></item>
<item><description><c>https://login.microsoftonline.com/consumers/</c> to sign-in users with only personal Microsoft accounts (live)</description></item>
</list>
Note that this setting needs to be consistent with what is declared in the application registration portal</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<exception cref="T:System.ArgumentNullException">Thrown if <paramref name="authorityUri"/> is null or empty.</exception>
<exception cref="T:System.ArgumentException">Thrown if <paramref name="authorityUri"/> is not well-formatted (for example, has spaces).</exception>
<exception cref="T:Microsoft.Identity.Client.MsalClientException">Thrown in general exception scenarios (for example if the application was configured with multiple different authority hosts).</exception>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAuthority(System.String,System.Guid,System.Boolean)">
<summary>
Adds a known Azure AD authority to the application to sign-in users from a single
organization (single-tenant application) specified by its tenant ID. See <see href="https://aka.ms/msal-net-application-configuration">Application configuration options</see>.
</summary>
<param name="cloudInstanceUri">Azure cloud instance.</param>
<param name="tenantId">GUID of the tenant from which to sign-in users.</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<exception cref="T:System.ArgumentNullException">Thrown if <paramref name="cloudInstanceUri"/> is null or empty.</exception>
<exception cref="T:System.ArgumentException">Thrown if <paramref name="cloudInstanceUri"/> is not well-formatted (for example, has spaces).</exception>
<exception cref="T:Microsoft.Identity.Client.MsalClientException">Thrown in more general exception scenarios (for example if the application was configured with multiple different authority hosts).</exception>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAuthority(System.String,System.String,System.Boolean)">
<summary>
Adds a known Azure AD authority to the application to sign-in users from a single
organization (single-tenant application) described by its domain name. See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="cloudInstanceUri">Uri to the Azure cloud instance (for instance
<c>https://login.microsoftonline.com)</c></param>
<param name="tenant">Domain name associated with the tenant from which to sign-in users</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<remarks>
<paramref name="tenant"/> can also contain the string representation of a GUID (tenantId),
or even <c>common</c>, <c>organizations</c> or <c>consumers</c> but in this case
it's recommended to use another override (<see cref="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance,System.Guid,System.Boolean)"/>
and <see cref="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance,Microsoft.Identity.Client.AadAuthorityAudience,System.Boolean)"/>
</remarks>
<exception cref="T:System.ArgumentNullException">Thrown if <paramref name="cloudInstanceUri"/> or <paramref name="tenant"/> is null or empty.</exception>
<exception cref="T:System.ArgumentException">Thrown if <paramref name="cloudInstanceUri"/> or <paramref name="tenant"/> is not well-formatted (for example, has spaces).</exception>
<exception cref="T:Microsoft.Identity.Client.MsalClientException">Thrown in more general exception scenarios (for example if the application was configured with multiple different authority hosts).</exception>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance,System.Guid,System.Boolean)">
<summary>
Adds a known Azure AD authority to the application to sign-in users from a single
organization (single tenant application) described by its cloud instance and its tenant ID.
See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="azureCloudInstance">Instance of Azure cloud (for example, Azure
public cloud, Azure China, or Azure Government).</param>
<param name="tenantId">Tenant Id of the tenant from which to sign-in users</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance,System.String,System.Boolean)">
<summary>
Adds a known Azure AD authority to the application to sign-in users from a single
organization (single-tenant application) described by its cloud instance and its domain
name or tenant ID. See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="azureCloudInstance">Instance of Azure cloud (for example, Azure
public cloud, Azure China, or Azure Government).</param>
<param name="tenant">Domain name associated with the Azure AD tenant from which
to sign-in users. This can also be a GUID.</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<exception cref="T:System.ArgumentNullException">Thrown if <paramref name="tenant"/> or <paramref name="tenant"/> is null or empty.</exception>
<returns>The builder to chain the .With methods.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance,Microsoft.Identity.Client.AadAuthorityAudience,System.Boolean)">
<summary>
Adds a known Azure AD authority to the application to sign-in users specifying
the cloud instance and the sign-in audience. See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="azureCloudInstance">Instance of Azure Cloud (for instance Azure
worldwide cloud, Azure German Cloud, US government ...)</param>
<param name="authorityAudience">Sign-in audience (one AAD organization,
any work and school accounts, or any work and school accounts and Microsoft personal
accounts</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAuthority(Microsoft.Identity.Client.AadAuthorityAudience,System.Boolean)">
<summary>
Adds a known Azure AD authority to the application to sign-in users specifying
the sign-in audience (the cloud being the Azure public cloud). See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="authorityAudience">Sign-in audience (one AAD organization,
any work and school accounts, or any work and school accounts and Microsoft personal
accounts</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAdfsAuthority(System.String,System.Boolean)">
<summary>
Adds a known Authority corresponding to an ADFS server. See https://aka.ms/msal-net-adfs
</summary>
<param name="authorityUri">Authority URL for an ADFS server</param>
<param name="validateAuthority">Whether the authority should be validated against the server metadata.</param>
<remarks>MSAL.NET will only support ADFS 2019 or later.</remarks>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithB2CAuthority(System.String)">
<summary>
Adds a known authority corresponding to an Azure AD B2C policy.
See https://aka.ms/msal-net-b2c-specificities
</summary>
<param name="authorityUri">Azure AD B2C authority, including the B2C policy (for instance
<c>"https://fabrikamb2c.b2clogin.com/tfp/{Tenant}/{policy}</c></param>)
<returns>The builder to chain the .With methods</returns>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationConfiguration.IsWebviewSsoPolicyEnabled">
<summary>
Applicable to only public client applications to enforce SSO policy with embedded webview.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationConfiguration.KerberosServicePrincipalName">
<summary>
Service principal name for Kerberos Service Ticket.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationConfiguration.TicketContainer">
<summary>
Kerberos Service Ticket container to be used.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationConfiguration.ClientSecret">
<summary>
This is here just to support the public IAppConfig. Should not be used internally, instead use the <see cref="P:Microsoft.Identity.Client.ApplicationConfiguration.ClientCredential" /> abstraction.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationConfiguration.ClientCredentialCertificate">
<summary>
This is here just to support the public IAppConfig. Should not be used internally, instead use the <see cref="P:Microsoft.Identity.Client.ApplicationConfiguration.ClientCredential" /> abstraction.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationConfiguration.AadAuthorityAudience">
<summary>
Should _not_ go in the interface, only for builder usage while determining authorities with ApplicationOptions
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationConfiguration.AzureCloudInstance">
<summary>
Should _not_ go in the interface, only for builder usage while determining authorities with ApplicationOptions
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationConfiguration.Instance">
<summary>
Should _not_ go in the interface, only for builder usage while determining authorities with ApplicationOptions
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationConfiguration.ValidateAuthority">
<summary>
Should _not_ go in the interface, only for builder usage while determining authorities with ApplicationOptions
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ApplicationOptions">
<summary>
Base class for options objects with string values loadable from a configuration file
(for instance a JSON file, as in an asp.net configuration scenario)
See https://aka.ms/msal-net-application-configuration
See also derived classes <see cref="T:Microsoft.Identity.Client.PublicClientApplicationOptions"/>
and <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplicationOptions"/>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationOptions.ClientId">
<summary>
Client ID (also known as App ID) of the application as registered in the
application registration portal (https://aka.ms/msal-net-register-app)
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationOptions.TenantId">
<summary>
Tenant from which the application will allow users to sign it. This can be:
a domain associated with a tenant, a GUID (tenant id), or a meta-tenant (e.g. consumers).
This property is mutually exclusive with <see cref="P:Microsoft.Identity.Client.ApplicationOptions.AadAuthorityAudience"/>. If both
are provided, an exception will be thrown.
</summary>
<remarks>The name of the property was chosen to ensure compatibility with AzureAdOptions
in ASP.NET Core configuration files (even the semantics would be tenant)</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationOptions.AadAuthorityAudience">
<summary>
Sign-in audience. This property is mutually exclusive with TenantId. If both
are provided, an exception will be thrown.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationOptions.Instance">
<summary>
STS instance (for instance https://login.microsoftonline.com for the Azure public cloud).
The name was chosen to ensure compatibility with AzureAdOptions in ASP.NET Core.
This property is mutually exclusive with <see cref="P:Microsoft.Identity.Client.ApplicationOptions.AzureCloudInstance"/>. If both
are provided, an exception will be thrown.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationOptions.AzureCloudInstance">
<summary>
Specific instance in the case of Azure Active Directory.
It allows users to use the enum instead of the explicit URL.
This property is mutually exclusive with <see cref="P:Microsoft.Identity.Client.ApplicationOptions.Instance"/>. If both
are provided, an exception will be thrown.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationOptions.RedirectUri">
<summary>
This redirect URI needs to be registered in the app registration. See https://aka.ms/msal-net-register-app for
details on which redirect URIs are defined by default by MSAL.NET and how to register them.
Also use: <see cref="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.WithDefaultRedirectUri"/> which provides
a good default for public client applications for all platforms.
For web apps and web APIs, the redirect URI is computed from the URL where the application is running
(for instance, <c>baseUrl//signin-oidc</c> for ASP.NET Core web apps).
For daemon applications (confidential client applications using only the Client Credential flow
that is calling <c>AcquireTokenForClient</c>), no reply URI is needed.
</summary>
<remarks>This is especially important when you deploy an application that you have initially tested locally;
you then need to add the reply URL of the deployed application in the application registration portal
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationOptions.ClientName">
<summary>
The name of the calling application for telemetry purposes.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationOptions.ClientVersion">
<summary>
The version of the calling application for telemetry purposes.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationOptions.ClientCapabilities">
<summary>
Microsoft Identity specific OIDC extension that allows resource challenges to be resolved without interaction.
Allows configuration of one or more client capabilities, e.g. "llt"
</summary>
<remarks>
MSAL will transform these into special claims request. See https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter for
details on claim requests.
For more details see https://aka.ms/msal-net-claims-request
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationOptions.LegacyCacheCompatibilityEnabled">
<summary>
Enables legacy ADAL cache serialization and deserialization.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationOptions.KerberosServicePrincipalName">
<summary>
Service principal name for Kerberos Service Ticket.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ApplicationOptions.TicketContainer">
<summary>
Kerberos Service Ticket container to be used.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AssertionRequestOptions">
<summary>
Information about the client assertion that need to be generated See https://aka.ms/msal-net-client-assertion
</summary>
<remarks> Use the provided information to generate the client assertion payload </remarks>
</member>
<member name="P:Microsoft.Identity.Client.AssertionRequestOptions.CancellationToken">
<summary>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AssertionRequestOptions.ClientID">
<summary>
Client ID for which a signed assertion is requested
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AssertionRequestOptions.TokenEndpoint">
<summary>
The intended token endpoint
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AuthorityInfo">
<remarks>
This class must be kept immutable
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.AuthorityInfo.IsWsTrustFlowSupported">
<summary>
For IWA
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthorityInfo.CanBeTenanted">
<summary>
Authority supports multi-tenancy. ADFS and Generic authorities are not tenanted.
B2C doesn't allow multi-tenancy scenarios, but the authority itself is tenanted.
For CIAM, we allow multi-tenancy scenarios, and expect the STS to fail.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthorityInfo.IsSha2CredentialSupported">
<summary>
True if SHA2 and PSS can be used for creating the client credential from a certificate
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthorityInfo.ValidateAndCreateAuthorityUri(System.String,System.Nullable{Microsoft.Identity.Client.AuthorityType})">
<summary>
Validates the authority string and creates a Uri object out of it.
Authority must not be null or whitespace, must be a well-formed URI (e.g. not include spaces), and must have an HTTPS schema.
Non-generic authorities must have at least one segment in the path.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AuthorityInfo.AuthorityInfoHelper">
<summary>
This is extension for AuthorityInfo
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthorityInfo.AuthorityInfoHelper.CreateAuthorityForRequestAsync(Microsoft.Identity.Client.Internal.RequestContext,Microsoft.Identity.Client.AuthorityInfo,Microsoft.Identity.Client.IAccount)">
<summary>
Figures out the authority based on the authority from the config and the authority from the request,
and optionally the homeAccountTenantId, which has an impact on AcquireTokenSilent
If the request authority is consumers, organizations, or common, it should just be set an the app level.
The algorithm is:
1. If there is no request authority (i.e. no authority override), use the config authority.
1.1. For AAD, if the config authority is "common" etc, try to use the tenanted version with the home account tenant ID
2. If there is a request authority, try to use it.
2.1. If the request authority is not "common", then use it
2.2 If the request authority is "common", ignore it, and use 1.1
Special cases:
- if the authority is not defined at the application level and the request level is not AAD, use the request authority
- if the authority is defined at app level, and the request level authority is of different type, throw an exception
- if the intended authority is consumers, please define it at the app level and not at the request level.
known issue: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2929
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AuthorityType">
<summary>
Enumeration for the AuthorityTypes
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AzureCloudInstance">
<summary>
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AzureCloudInstance.None">
<summary>
Value communicating that the AzureCloudInstance is not specified.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AzureCloudInstance.AzurePublic">
<summary>
Microsoft Azure public cloud. Maps to https://login.microsoftonline.com
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AzureCloudInstance.AzureChina">
<summary>
Microsoft Azure China cloud. Maps to https://login.chinacloudapi.cn
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AzureCloudInstance.AzureGermany">
<summary>
Microsoft Azure German cloud ("Black Forest"). Maps to https://login.microsoftonline.de
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AzureCloudInstance.AzureUsGovernment">
<summary>
US Government cloud. Maps to https://login.microsoftonline.us
</summary>
</member>
<member name="T:Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1">
<summary>
</summary>
<typeparam name="T"></typeparam>
</member>
<member name="M:Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1.WithHttpClientFactory(Microsoft.Identity.Client.IMsalHttpClientFactory)">
<summary>
Uses a specific <see cref="T:Microsoft.Identity.Client.IMsalHttpClientFactory"/> to communicate
with the IdP. This enables advanced scenarios such as setting a proxy,
or setting the Agent.
</summary>
<param name="httpClientFactory">HTTP client factory</param>
<remarks>MSAL does not guarantee that it will not modify the HttpClient, for example by adding new headers.
Prior to the changes needed in order to make MSAL's httpClients thread safe (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/2046/files),
the httpClient had the possibility of throwing an exception stating "Properties can only be modified before sending the first request".
MSAL's httpClient will no longer throw this exception after 4.19.0 (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.19.0)
see (https://aka.ms/msal-httpclient-info) for more information.
</remarks>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1.WithHttpClientFactory(Microsoft.Identity.Client.IMsalHttpClientFactory,System.Boolean)">
<summary>
Uses a specific <see cref="T:Microsoft.Identity.Client.IMsalHttpClientFactory"/> to communicate
with the IdP. This enables advanced scenarios such as setting a proxy,
or setting the Agent.
</summary>
<param name="httpClientFactory">HTTP client factory</param>
<param name="retryOnceOn5xx">Configures MSAL to retry on 5xx server errors. When enabled (on by default), MSAL will wait 1 second after receiving
a 5xx error and then retry the http request again.</param>
<remarks>MSAL does not guarantee that it will not modify the HttpClient, for example by adding new headers.
Prior to the changes needed in order to make MSAL's httpClients thread safe (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/2046/files),
the httpClient had the possibility of throwing an exception stating "Properties can only be modified before sending the first request".
MSAL's httpClient will no longer throw this exception after 4.19.0 (https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.19.0)
see (https://aka.ms/msal-httpclient-info) for more information.
If you only want to configure the retryOnceOn5xx parameter, set httpClientFactory to null and MSAL will use the default http client.
</remarks>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1.WithLogging(Microsoft.Identity.Client.LogCallback,System.Nullable{Microsoft.Identity.Client.LogLevel},System.Nullable{System.Boolean},System.Nullable{System.Boolean})">
<summary>
Sets the logging callback. For details see https://aka.ms/msal-net-logging
</summary>
<param name="loggingCallback"></param>
<param name="logLevel">Desired level of logging. The default is LogLevel.Info</param>
<param name="enablePiiLogging">Boolean used to enable/disable logging of
Personally Identifiable Information (PII).
PII logs are never written to default outputs like Console, Logcat or NSLog
Default is set to <c>false</c>, which ensures that your application is compliant with GDPR.
You can set it to <c>true</c> for advanced debugging requiring PII
If both WithLogging apis are set, the other one will override the this one
</param>
<param name="enableDefaultPlatformLogging">Flag to enable/disable logging to platform defaults.
In Desktop, Event Tracing is used. In iOS, NSLog is used.
In android, Logcat is used. The default value is <c>false</c>
</param>
<returns>The builder to chain the .With methods</returns>
<exception cref="T:System.InvalidOperationException"/> is thrown if the loggingCallback
was already set on the application builder
</member>
<member name="M:Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1.WithLogging(Microsoft.IdentityModel.Abstractions.IIdentityLogger,System.Boolean)">
<summary>
Sets the Identity Logger. For details see https://aka.ms/msal-net-logging
</summary>
<param name="identityLogger">IdentityLogger</param>
<param name="enablePiiLogging">Boolean used to enable/disable logging of
Personally Identifiable Information (PII).
PII logs are never written to default outputs like Console, Logcat or NSLog
Default is set to <c>false</c>, which ensures that your application is compliant with GDPR.
You can set it to <c>true</c> for advanced debugging requiring PII
If both WithLogging apis are set, this one will override the other
</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1.WithDebugLoggingCallback(Microsoft.Identity.Client.LogLevel,System.Boolean,System.Boolean)">
<summary>
Sets the Debug logging callback to a default debug method which displays
the level of the message and the message itself. For details see https://aka.ms/msal-net-logging
</summary>
<param name="logLevel">Desired level of logging. The default is LogLevel.Info</param>
<param name="enablePiiLogging">Boolean used to enable/disable logging of
Personally Identifiable Information (PII).
PII logs are never written to default outputs like Console, Logcat or NSLog
Default is set to <c>false</c>, which ensures that your application is compliant with GDPR.
You can set it to <c>true</c> for advanced debugging requiring PII
</param>
<param name="withDefaultPlatformLoggingEnabled">Flag to enable/disable logging to platform defaults.
In Desktop, Event Tracing is used. In iOS, NSLog is used.
In android, logcat is used. The default value is <c>false</c>
</param>
<returns>The builder to chain the .With methods</returns>
<exception cref="T:System.InvalidOperationException"/> is thrown if the loggingCallback
was already set on the application builder by calling <see cref="M:Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1.WithLogging(Microsoft.Identity.Client.LogCallback,System.Nullable{Microsoft.Identity.Client.LogLevel},System.Nullable{System.Boolean},System.Nullable{System.Boolean})"/>
<seealso cref="M:Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1.WithLogging(Microsoft.Identity.Client.LogCallback,System.Nullable{Microsoft.Identity.Client.LogLevel},System.Nullable{System.Boolean},System.Nullable{System.Boolean})"/>
</member>
<member name="M:Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1.WithOptions(Microsoft.Identity.Client.BaseApplicationOptions)">
<summary>
Sets application options, which can, for instance have been read from configuration files.
See https://aka.ms/msal-net-application-configuration.
</summary>
<param name="applicationOptions">Application options</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1.WithExperimentalFeatures(System.Boolean)">
<summary>
Allows usage of experimental features and APIs. If this flag is not set, experimental features
will throw an exception. For details see https://aka.ms/msal-net-experimental-features
</summary>
<remarks>
Changes in the public API of experimental features will not result in an increment of the major version of this library.
For these reason we advise against using these features in production.
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.BaseApplicationOptions">
<summary>
Base class for options objects with string values loadable from a configuration file
(for instance a JSON file, as in an asp.net configuration scenario)
See https://aka.ms/msal-net-application-configuration
See also derived classes <see cref="T:Microsoft.Identity.Client.ApplicationOptions"/>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.BaseApplicationOptions.LogLevel">
<summary>
Enables you to configure the level of logging you want. The default value is <see cref="F:Microsoft.Identity.Client.LogLevel.Info"/>. Setting it to <see cref="F:Microsoft.Identity.Client.LogLevel.Error"/> will only get errors
Setting it to <see cref="F:Microsoft.Identity.Client.LogLevel.Warning"/> will get errors and warning, etc..
See https://aka.ms/msal-net-logging
</summary>
</member>
<member name="P:Microsoft.Identity.Client.BaseApplicationOptions.EnablePiiLogging">
<summary>
Flag to enable/disable logging of Personally Identifiable Information (PII).
PII logs are never written to default outputs like Console, Logcat or NSLog
Default is set to <c>false</c>, which ensures that your application is compliant with GDPR. You can set
it to <c>true</c> for advanced debugging requiring PII. See https://aka.ms/msal-net-logging
</summary>
<seealso cref="P:Microsoft.Identity.Client.BaseApplicationOptions.IsDefaultPlatformLoggingEnabled"/>
</member>
<member name="P:Microsoft.Identity.Client.BaseApplicationOptions.IsDefaultPlatformLoggingEnabled">
<summary>
Flag to enable/disable logging to platform defaults. In Desktop, Event Tracing is used. In iOS, NSLog is used.
In Android, logcat is used. The default value is <c>false</c>. See https://aka.ms/msal-net-logging
</summary>
<seealso cref="P:Microsoft.Identity.Client.BaseApplicationOptions.EnablePiiLogging"/>
</member>
<member name="T:Microsoft.Identity.Client.CacheOptions">
<summary>
Options for MSAL token caches.
</summary>
<remarks>
Detailed cache guidance for each application type and platform, including L2 options:
https://aka.ms/msal-net-token-cache-serialization
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.CacheOptions.EnableSharedCacheOptions">
<summary>
Recommended options for using a static cache.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.CacheOptions.#ctor">
<summary>
Constructor for the options with default values.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.CacheOptions.#ctor(System.Boolean)">
<summary>
Constructor
</summary>
<param name="useSharedCache">Set to true to share the cache between all ClientApplication objects. The cache becomes static. <see cref="P:Microsoft.Identity.Client.CacheOptions.UseSharedCache"/> for a detailed description. </param>
</member>
<member name="P:Microsoft.Identity.Client.CacheOptions.UseSharedCache">
<summary>
Share the cache between all ClientApplication objects. The cache becomes static. Defaults to false.
</summary>
<remarks>
Recommended only for client credentials flow (service to service communication).
Web apps and Web APIs should use external token caching (Redis, Cosmos etc.) for scaling purposes.
Desktop apps should encrypt and persist their token cache to disk, to avoid losing tokens when app restarts.
ADAL used a static cache by default.
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.#ctor(Microsoft.Identity.Client.ApplicationConfiguration)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.ConfidentialClientApplicationOptions)">
<summary>
Constructor of a ConfidentialClientApplicationBuilder from application configuration options.
See https://aka.ms/msal-net-application-configuration
</summary>
<param name="options">Confidential client applications configuration options</param>
<returns>A <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder"/> from which to set more
parameters, and to create a confidential client application instance</returns>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(System.String)">
<summary>
Creates a ConfidentialClientApplicationBuilder from a clientID.
See https://aka.ms/msal-net-application-configuration
</summary>
<param name="clientId">Client ID (also known as App ID) of the application as registered in the
application registration portal (https://aka.ms/msal-net-register-app)/.</param>
<returns>A <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder"/> from which to set more
parameters, and to create a confidential client application instance</returns>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithCertificate(System.Security.Cryptography.X509Certificates.X509Certificate2)">
<summary>
Sets the certificate associated with the application.
</summary>
<param name="certificate">The X509 certificate used as credentials to prove the identity of the application to Azure AD.</param>
<remarks>
You should use certificates with a private key size of at least 2048 bytes. Future versions of this library might reject certificates with smaller keys.
Does not send the certificate (as x5c parameter) with the request by default.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithCertificate(System.Security.Cryptography.X509Certificates.X509Certificate2,System.Boolean)">
<summary>
Sets the certificate associated with the application.
Applicable to first-party applications only, this method also allows to specify
if the <see href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.7">x5c claim</see> should be sent to Azure AD.
Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
this method will send the certificate chain to Azure AD along with the token request,
so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
This saves the application admin from the need to explicitly manage the certificate rollover
(either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
</summary>
<param name="certificate">The X509 certificate used as credentials to prove the identity of the application to Azure AD.</param>
<param name="sendX5C">To send X5C with every request or not. The default is <c>false</c></param>
<remarks>You should use certificates with a private key size of at least 2048 bytes. Future versions of this library might reject certificates with smaller keys. </remarks>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientClaims(System.Security.Cryptography.X509Certificates.X509Certificate2,System.Collections.Generic.IDictionary{System.String,System.String},System.Boolean)">
<summary>
Sets the certificate associated with the application along with the specific claims to sign.
By default, this will merge the <paramref name="claimsToSign"/> with the default required set of claims needed for authentication.
If <paramref name="mergeWithDefaultClaims"/> is set to false, you will need to provide the required default claims. See https://aka.ms/msal-net-client-assertion
</summary>
<param name="certificate">The X509 certificate used as credentials to prove the identity of the application to Azure AD.</param>
<param name="claimsToSign">The claims to be signed by the provided certificate.</param>
<param name="mergeWithDefaultClaims">Determines whether or not to merge <paramref name="claimsToSign"/> with the default claims required for authentication.</param>
<remarks>
You should use certificates with a private key size of at least 2048 bytes. Future versions of this library might reject certificates with smaller keys.
Does not send the certificate (as x5c parameter) with the request by default.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientClaims(System.Security.Cryptography.X509Certificates.X509Certificate2,System.Collections.Generic.IDictionary{System.String,System.String},System.Boolean,System.Boolean)">
<summary>
Sets the certificate associated with the application along with the specific claims to sign.
By default, this will merge the <paramref name="claimsToSign"/> with the default required set of claims needed for authentication.
If <paramref name="mergeWithDefaultClaims"/> is set to false, you will need to provide the required default claims. See https://aka.ms/msal-net-client-assertion
</summary>
<param name="certificate">The X509 certificate used as credentials to prove the identity of the application to Azure AD.</param>
<param name="claimsToSign">The claims to be signed by the provided certificate.</param>
<param name="mergeWithDefaultClaims">Determines whether or not to merge <paramref name="claimsToSign"/> with the default claims required for authentication.</param>
<param name="sendX5C">To send X5C with every request or not.</param>
<remarks>You should use certificates with a private key size of at least 2048 bytes. Future versions of this library might reject certificates with smaller keys.</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientSecret(System.String)">
<summary>
Sets the application secret
</summary>
<param name="clientSecret">Secret string previously shared with AAD at application registration to prove the identity
of the application (the client) requesting the tokens</param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.String)">
<summary>
Sets the application client assertion. See https://aka.ms/msal-net-client-assertion.
This will create an assertion that will be held within the client application's memory for the duration of the client.
You can use <see cref="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func{System.String})"/> to set a delegate that will be executed for each authentication request.
This will allow you to update the client assertion used by the client application once the assertion expires.
</summary>
<param name="signedClientAssertion">The client assertion used to prove the identity of the application to Azure AD. This is a Base-64 encoded JWT.</param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func{System.String})">
<summary>
Configures a delegate that creates a client assertion. See https://aka.ms/msal-net-client-assertion
</summary>
<param name="clientAssertionDelegate">delegate computing the client assertion used to prove the identity of the application to Azure AD.
This is a delegate that computes a Base-64 encoded JWT for each authentication call.</param>
<returns>The ConfidentialClientApplicationBuilder to chain more .With methods</returns>
<remarks> Callers can use this mechanism to cache their assertions </remarks>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func{System.Threading.CancellationToken,System.Threading.Tasks.Task{System.String}})">
<summary>
Configures an async delegate that creates a client assertion. See https://aka.ms/msal-net-client-assertion
</summary>
<param name="clientAssertionAsyncDelegate">An async delegate computing the client assertion used to prove the identity of the application to Azure AD.
This is a delegate that computes a Base-64 encoded JWT for each authentication call.</param>
<returns>The ConfidentialClientApplicationBuilder to chain more .With methods</returns>
<remarks> Callers can use this mechanism to cache their assertions </remarks>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func{Microsoft.Identity.Client.AssertionRequestOptions,System.Threading.Tasks.Task{System.String}})">
<summary>
Configures an async delegate that creates a client assertion. The delegate is invoked only when a token cannot be retrieved from the cache.
See https://aka.ms/msal-net-client-assertion
</summary>
<param name="clientAssertionAsyncDelegate">An async delegate that returns the client assertion. Assertion lifetime is the responsibility of the caller.</param>
<returns>The ConfidentialClientApplicationBuilder to chain more .With methods</returns>
<remarks> Callers can use this mechanism to cache their assertions </remarks>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithAzureRegion(System.String)">
<summary>
Instructs MSAL to use an Azure regional token service. This feature is currently available to
first-party applications only.
</summary>
<param name="azureRegion">Either the string with the region (preferred) or
use <see cref="F:Microsoft.Identity.Client.ConfidentialClientApplication.AttemptRegionDiscovery"/> and MSAL will attempt to auto-detect the region.
</param>
<remarks>
The region value should be a short region name for the region where the service is deployed.
For example, "centralus" is short name for region Central US.
Currently only tokens for the client credential flow can be obtained from the regional service.
Requires configuration at the tenant level.
Auto-detection works on a limited number of Azure artifacts (VMs, Azure functions).
If auto-detection fails, the non-regional endpoint will be used.
If a specific region was provided and the token web request failed, verify that the region name is valid.
See https://aka.ms/msal-net-region-discovery for more details.
</remarks>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithCacheSynchronization(System.Boolean)">
<summary>
When set to <c>true</c>, MSAL will lock cache access at the <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> level, i.e.
the block of code between BeforeAccessAsync and AfterAccessAsync callbacks will be synchronized.
Apps can set this flag to <c>false</c> to enable an optimistic cache locking strategy, which may result in better performance
at the cost of cache consistency.
Setting this flag to <c>false</c> is only recommended for apps which create a new <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> per request.
</summary>
<remarks>
This flag is <c>true</c> by default. The default behavior is recommended.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithGenericAuthority(System.String)">
<summary>
Call <see cref="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithOidcAuthority(System.String)"/> instead.
</summary>
<param name="authorityUri"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithOidcAuthority(System.String)">
<summary>
Adds a known authority corresponding to a generic OpenIdConnect Identity Provider.
MSAL will append ".well-known/openid-configuration" to the authority and retrieve the OIDC
metadata from there, to figure out the endpoints.
See https://openid.net/specs/openid-connect-core-1_0.html#Terminology
</summary>
<remarks>
Do not use this method with Entra ID authorities (e.g. https://login.microsfoftonline.com/common).
Use WithAuthority(string) instead.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithTelemetryClient(Microsoft.IdentityModel.Abstractions.ITelemetryClient[])">
<summary>
Sets telemetry client for the application.
</summary>
<param name="telemetryClients">List of telemetry clients to add telemetry logs.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Validate">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Build">
<summary>
Builds an instance of <see cref="T:Microsoft.Identity.Client.IConfidentialClientApplication"/>
from the parameters set in the <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder"/>.
</summary>
<exception cref="T:Microsoft.Identity.Client.MsalClientException">Thrown when errors occur locally in the library itself (for example, because of incorrect configuration).</exception>
<returns>An instance of <see cref="T:Microsoft.Identity.Client.IConfidentialClientApplication"/></returns>
</member>
<member name="T:Microsoft.Identity.Client.ConfidentialClientApplicationOptions">
<summary>
Configuration options for a confidential client application
(web app / web API / daemon app). See https://aka.ms/msal-net/application-configuration
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ConfidentialClientApplicationOptions.ClientSecret">
<summary>
Client secret for the confidential client application. This secret (application password)
is provided by the application registration portal, or provided to Azure AD during the
application registration with PowerShell AzureAD, PowerShell AzureRM, or Azure CLI.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ConfidentialClientApplicationOptions.AzureRegion">
<summary>
Instructs MSAL.NET to use an Azure regional token service.
This setting should be set to either the string with the region (preferred) or to
"TryAutoDetect" and MSAL.NET will attempt to auto-detect the region.
</summary>
<remarks>
Region names as per <see href="https://learn.microsoft.com/dotnet/api/microsoft.azure.management.resourcemanager.fluent.core.region?view=azure-dotnet-legacy">Region class documentation</see>.
Not all auth flows can use the regional token service.
Service To Service (client credential flow) tokens can be obtained from the regional service.
Requires configuration at the tenant level.
Auto-detection works on a limited number of Azure artifacts (VMs, Azure functions).
If auto-detection fails, the non-regional endpoint will be used.
If an invalid region name is provided, the non-regional endpoint MIGHT be used or the token request MIGHT fail.
See https://aka.ms/msal-net-region-discovery for more details.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ConfidentialClientApplicationOptions.EnableCacheSynchronization">
<summary>
When set to <c>true</c>, MSAL will lock cache access at the <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> level, i.e.
the block of code between BeforeAccessAsync and AfterAccessAsync callbacks will be synchronized.
Apps can set this flag to <c>false</c> to enable an optimistic cache locking strategy, which may result in better performance
at the cost of cache consistency.
Setting this flag to <c>false</c> is only recommended for apps which create a new <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> per request.
</summary>
<remarks>
This flag is <c>true</c> by default. The default behavior is recommended.
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.IAppConfig">
<summary>
Configuration properties used to build a public or confidential client application.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.ClientId">
<summary>
Client ID (also known as App ID) of the application as registered in the
application registration portal (https://aka.ms/msal-net-register-app).
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.EnablePiiLogging">
<summary>
Flag telling if logging of Personally Identifiable Information (PII) is enabled/disabled for
the application. See https://aka.ms/msal-net-logging.
</summary>
<seealso cref="P:Microsoft.Identity.Client.IAppConfig.IsDefaultPlatformLoggingEnabled"/>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.HttpClientFactory">
<summary>
<see cref="T:Microsoft.Identity.Client.IMsalHttpClientFactory"/> used to get HttpClient instances to communicate
with the identity provider.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.LogLevel">
<summary>
Level of logging requested for the app.
See https://aka.ms/msal-net-logging.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.IsDefaultPlatformLoggingEnabled">
<summary>
Flag telling if logging to platform defaults is enabled/disabled for the app.
In Desktop, Event Tracing is used. In iOS, NSLog is used.
In Android, logcat is used. See https://aka.ms/msal-net-logging.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.RedirectUri">
<summary>
Redirect URI for the application. See <see cref="P:Microsoft.Identity.Client.ApplicationOptions.RedirectUri"/>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.TenantId">
<summary>
Audience for the application. See <see cref="P:Microsoft.Identity.Client.ApplicationOptions.TenantId"/>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.LoggingCallback">
<summary>
Callback used for logging. It was set with <see cref="M:Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1.WithLogging(Microsoft.Identity.Client.LogCallback,System.Nullable{Microsoft.Identity.Client.LogLevel},System.Nullable{System.Boolean},System.Nullable{System.Boolean})"/>
See https://aka.ms/msal-net-logging
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.ExtraQueryParameters">
<summary>
Extra query parameters that will be applied to every acquire token operation.
See <see cref="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithExtraQueryParameters(System.Collections.Generic.IDictionary{System.String,System.String})"/>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.IsBrokerEnabled">
<summary>
Indicates whether or not the current application object is configured to use brokered authentication.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.ClientName">
<summary>
The name of the calling application for telemetry purposes.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.ClientVersion">
<summary>
The version of the calling application for telemetry purposes.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.TelemetryConfig">
<summary>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.ExperimentalFeaturesEnabled">
<summary>
Allows usage of features that are experimental and would otherwise throw a specific exception.
Use of experimental features in production is not recommended and are subject to be removed between builds.
For details see https://aka.ms/msal-net-experimental-features.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.ClientCapabilities">
<summary>
Microsoft Identity specific OIDC extension that allows resource challenges to be resolved without interaction.
Allows configuration of one or more client capabilities, e.g. "llt"
</summary>
<remarks>
MSAL will transform these into a "access_token" claims request. See https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter for
details on claim requests.
For more details see https://aka.ms/msal-net-claims-request
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.LegacyCacheCompatibilityEnabled">
<summary>
Enables legacy ADAL cache serialization and deserialization.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.ClientSecret">
<summary>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.ClientCredentialCertificate">
<summary>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAppConfig.ParentActivityOrWindowFunc">
<summary>
</summary>
</member>
<member name="T:Microsoft.Identity.Client.IMsalHttpClientFactory">
<summary>
Factory responsible for creating HttpClient.
See https://learn.microsoft.com/dotnet/api/system.net.http.httpclient?view=net-7.0#instancing for more details.
</summary>
<remarks>
Implementations must be thread safe.
Do not create a new HttpClient for each call to <see cref="M:Microsoft.Identity.Client.IMsalHttpClientFactory.GetHttpClient"/> - this leads to socket exhaustion.
If your app uses Integrated Windows Authentication, ensure <see cref="P:System.Net.Http.HttpClientHandler.UseDefaultCredentials"/> is set to true.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.IMsalHttpClientFactory.GetHttpClient">
<summary>
Method returning an HTTP client that will be used to
communicate with Azure AD. This enables advanced scenarios.
See https://aka.ms/msal-net-application-configuration.
</summary>
<returns>An HTTP client.</returns>
</member>
<member name="T:Microsoft.Identity.Client.TelemetryAudienceType">
<summary>
Describes the types of audiences for telemetry. <see cref="P:Microsoft.Identity.Client.ITelemetryConfig.AudienceType"/>
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="F:Microsoft.Identity.Client.TelemetryAudienceType.PreProduction">
<summary>
Indicates a PreProduction environment. PreProd environments are not sampled.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.TelemetryAudienceType.Production">
<summary>
Indicates a Production environment. These environments are sampled based on the platforms' device info to reduce data load.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ITelemetryConfig">
<summary>
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ITelemetryConfig.AudienceType">
<summary>
Communicates which audience the telemetry is for (e.g. Production or Pre-Production) so that MSAL.NET can change sampling
and filtering behavior.
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ITelemetryConfig.SessionId">
<summary>
ID for the telemetry session.
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ITelemetryConfig.DispatchAction">
<summary>
Implementers of the interface will receive this callback when telemetry data is available. The implementation should transfer
the data in ITelemetryEventPayload to a specific telemetry uploader instance.
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="T:Microsoft.Identity.Client.ITelemetryEventPayload">
<summary>
Data that represents a single snapshot in the series of events that are collected
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ITelemetryEventPayload.Name">
<summary>
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
<returns></returns>
</member>
<member name="P:Microsoft.Identity.Client.ITelemetryEventPayload.BoolValues">
<summary>
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ITelemetryEventPayload.Int64Values">
<summary>
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ITelemetryEventPayload.IntValues">
<summary>
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ITelemetryEventPayload.StringValues">
<summary>
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITelemetryEventPayload.ToJsonString">
<summary>
Used for debugging and testing.
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
<returns></returns>
</member>
<member name="T:Microsoft.Identity.Client.ManagedIdentityApplicationBuilder">
<summary>
Builder for managed identity applications.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.#ctor(Microsoft.Identity.Client.ApplicationConfiguration)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.Create(Microsoft.Identity.Client.AppConfig.ManagedIdentityId)">
<summary>
Creates a ManagedIdentityApplicationBuilder from a user assigned managed identity clientID / resourceId / objectId.
For example, for a system assigned managed identity use ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.SystemAssigned)
and for a user assigned managed identity use ManagedIdentityApplicationBuilder.Create(ManagedIdentityId.WithUserAssignedClientId(clientId)) or
ManagedIdentityId.WithUserAssignedResourceId("resourceId") or
ManagedIdentityId.WithUserAssignedObjectId("objectid").
For more details see https://aka.ms/msal-net-managed-identity
</summary>
<param name="managedIdentityId">Configuration of the Managed Identity assigned to the resource.</param>
<returns>A <see cref="T:Microsoft.Identity.Client.ManagedIdentityApplicationBuilder"/> from which to set more
parameters, and to create a managed identity application instance</returns>
</member>
<member name="M:Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.WithTelemetryClient(Microsoft.IdentityModel.Abstractions.ITelemetryClient[])">
<summary>
Sets telemetry client for the application.
</summary>
<param name="telemetryClients">List of telemetry clients to add telemetry logs.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.ManagedIdentityApplicationBuilder.Build">
<summary>
Builds an instance of <see cref="T:Microsoft.Identity.Client.IManagedIdentityApplication"/>
from the parameters set in the <see cref="T:Microsoft.Identity.Client.ManagedIdentityApplicationBuilder"/>.
</summary>
<exception cref="T:Microsoft.Identity.Client.MsalClientException">Thrown when errors occur locally in the library itself (for example, because of incorrect configuration).</exception>
<returns>An instance of <see cref="T:Microsoft.Identity.Client.IManagedIdentityApplication"/></returns>
</member>
<member name="T:Microsoft.Identity.Client.AppConfig.ManagedIdentityId">
<summary>
Class to store configuration for a managed identity enabled on a resource.
For a system assigned managed identity use ManagedIdentityId.SystemAssigned.
For user assigned managed identity use ManagedIdentityId.WithUserAssignedClientId("clientId") or
ManagedIdentityId.WithUserAssignedResourceId("resourceId") or
ManagedIdentityId.WithUserAssignedObjectId("objectid").
For more details see https://aka.ms/msal-net-managed-identity
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AppConfig.ManagedIdentityId.UserAssignedId">
<summary>
Gets the identifier for a user-assigned managed identity.
</summary>
<remarks>
This property holds the unique identifier of the user-assigned managed identity.
It can be a client ID, a resource ID, or an object ID, depending on how the managed identity is configured.
</remarks>
<value>
The identifier string of the user-assigned managed identity.
</value>
</member>
<member name="P:Microsoft.Identity.Client.AppConfig.ManagedIdentityId.IdType">
<summary>
Gets the type of identifier used for the managed identity.
</summary>
<remarks>
This property indicates the type of the managed identity identifier,
which can be either a client ID, a resource ID, or an object ID.
</remarks>
<value>
The enumeration value representing the managed identity identifier type.
</value>
</member>
<member name="P:Microsoft.Identity.Client.AppConfig.ManagedIdentityId.IsUserAssigned">
<summary>
Gets a value indicating whether the managed identity is user-assigned.
</summary>
<remarks>
This property is true if the managed identity is user-assigned, and false if it is system-assigned.
</remarks>
<value>
True if the managed identity is user-assigned; otherwise, false.
</value>
</member>
<member name="P:Microsoft.Identity.Client.AppConfig.ManagedIdentityId.SystemAssigned">
<summary>
Create an instance of ManagedIdentityId for a system assigned managed identity.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AppConfig.ManagedIdentityId.WithUserAssignedClientId(System.String)">
<summary>
Create an instance of ManagedIdentityId for a user assigned managed identity from a client id.
</summary>
<param name="clientId">Client id of the user assigned managed identity assigned to the azure resource.</param>
<returns>Instance of ManagedIdentityId.</returns>
<exception cref="T:System.ArgumentNullException"></exception>
</member>
<member name="M:Microsoft.Identity.Client.AppConfig.ManagedIdentityId.WithUserAssignedResourceId(System.String)">
<summary>
Create an instance of ManagedIdentityId for a user assigned managed identity from a resource id.
</summary>
<param name="resourceId">Resource id of the user assigned managed identity assigned to the azure resource.</param>
<returns>Instance of ManagedIdentityId.</returns>
<exception cref="T:System.ArgumentNullException"></exception>
</member>
<member name="M:Microsoft.Identity.Client.AppConfig.ManagedIdentityId.WithUserAssignedObjectId(System.String)">
<summary>
Create an instance of ManagedIdentityId for a user assigned managed identity from an object id.
</summary>
<param name="objectId">Object id of the user assigned managed identity assigned to the azure resource.</param>
<returns>Instance of ManagedIdentityId.</returns>
<exception cref="T:System.ArgumentNullException"></exception>
</member>
<member name="T:Microsoft.Identity.Client.AppConfig.MsalClientType">
<summary>
Enum to represent the type of MSAL application.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration">
<summary>
Details about the HTTP request and configuration properties used to construct a proof of possession request.
</summary>
<remarks>
POP tokens are signed by the process making the request. By default, MSAL will generate a key in memory.
To use a hardware key or an external key, implement <see cref="P:Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration.PopCryptoProvider"/>.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration.#ctor">
<summary>
Creates a configuration using the default key management - an RSA key will be created in memory and rotated every 8h.
Uses <see cref="P:Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration.HttpMethod"/>, <see cref="P:Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration.HttpHost"/> etc. to control which elements of the request should be included in the POP token.
</summary>
<remarks>
See https://datatracker.ietf.org/doc/html/draft-ietf-oauth-signed-http-request-03#page-3 for details about signed HTTP requests.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration.#ctor(System.Net.Http.HttpRequestMessage)">
<summary>
Creates a configuration using the default key management, and which binds all the details of the HttpRequestMessage.
</summary>
<remarks>
Currently only the HttpMethod (m), UrlHost (u) and UrlPath (p) are used to create the signed HTTP request - see https://datatracker.ietf.org/doc/html/draft-ietf-oauth-signed-http-request-03#page-3
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration.#ctor(System.Uri)">
<summary>
Creates a configuration using the default key management, and which binds only the Uri part of the HTTP request.
</summary>
<remarks>
The UrlHost (u) and UrlPath (p) are used to create the signed HTTP request - see https://datatracker.ietf.org/doc/html/draft-ietf-oauth-signed-http-request-03#page-3
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration.HttpMethod">
<summary>
The HTTP method ("GET", "POST" etc.) method that will be bound to the token. Leave null and the POP token will not be bound to the method.
Corresponds to the "m" part of the a signed HTTP request. Optional.
</summary>
<remarks>
See https://datatracker.ietf.org/doc/html/draft-ietf-oauth-signed-http-request-03#section-3
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration.HttpHost">
<summary>
The URL host of the protected API. The "u" part of a signed HTTP request. This MAY include the port separated from the host by a colon in host:port format. Optional.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration.HttpPath">
<summary>
The "p" part of the signed HTTP request.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration.PopCryptoProvider">
<summary>
An extensibility point that allows developers to define their own key management.
Leave <c>null</c> and MSAL will use a default implementation, which generates an RSA key pair in memory and refreshes it every 8 hours.
Important note: if you want to change the key (e.g. rotate the key), you should create a new instance of this object,
as MSAL.NET will keep a thumbprint of keys in memory.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration.Nonce">
<summary>
If the protected resource (RP) requires use of a special nonce, they will publish it as part of the WWWAuthenticate header associated with a 401 HTTP response
or as part of the AuthorityInfo header associated with 200 response. Set it here to make it part of the Signed HTTP Request part of the POP token.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration.SignHttpRequest">
<summary>
Allows app developers to bypass the creation of the SignedHttpRequest envelope by setting this property to false.
App developers can use a package like Microsoft.IdentityModel.Protocols.SignedHttpRequest to later create and sign the envelope.
</summary>
<remarks>
If set to false, you do not need to implement the <see cref="M:Microsoft.Identity.Client.AuthScheme.PoP.IPoPCryptoProvider.Sign(System.Byte[])"/> method when using custom keys.
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.PublicClientApplicationBuilder">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.#ctor(Microsoft.Identity.Client.ApplicationConfiguration)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.CreateWithApplicationOptions(Microsoft.Identity.Client.PublicClientApplicationOptions)">
<summary>
Creates a PublicClientApplicationBuilder from public client application
configuration options. See https://aka.ms/msal-net-application-configuration
</summary>
<param name="options">Public client applications configuration options</param>
<returns>A <see cref="T:Microsoft.Identity.Client.PublicClientApplicationBuilder"/> from which to set more
parameters, and to create a public client application instance</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.Create(System.String)">
<summary>
Creates a PublicClientApplicationBuilder from a clientID.
See https://aka.ms/msal-net-application-configuration
</summary>
<param name="clientId">Client ID (also known as App ID) of the application as registered in the
application registration portal (https://aka.ms/msal-net-register-app)/.</param>
<returns>A <see cref="T:Microsoft.Identity.Client.PublicClientApplicationBuilder"/> from which to set more
parameters, and to create a public client application instance</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.WithDefaultRedirectUri">
<summary>
Configures the public client application to use the recommended reply URI for the platform.
See https://aka.ms/msal-net-default-reply-uri.
<list type="table">
<listheader>
<term>Platform</term>
<Description>Default Reply URI</Description>
</listheader>
<item>
<term>.NET desktop</term>
<Description><c>`https://login.microsoftonline.com/common/oauth2/nativeclient`</c></Description>
</item>
<item>
<term>For system browser on .NET Core</term>
<Description><c>http://localhost</c></Description>
</item>
</list>
NOTE:There will be an update to the default redirect URI in the future to accommodate for system browsers on the
.NET desktop and .NET Core platforms.
</summary>
<returns>A <see cref="T:Microsoft.Identity.Client.PublicClientApplicationBuilder"/> from which to set more
parameters, and to create a public client application instance</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.WithMultiCloudSupport(System.Boolean)">
<summary>
Enables multi cloud support for this instance of public client application.
It enables applications to use in a global public cloud authority to the library and can still get tokens for resources from sovereign clouds.
</summary>
<param name="enableMultiCloudSupport">Enable or disable multi cloud support.</param>
<returns>A <see cref="T:Microsoft.Identity.Client.PublicClientApplicationBuilder"/> from which to set more
parameters, and to create a public client application instance</returns>
<remarks>This feature is available to Microsoft applications, which have the same client id across all clouds</remarks>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.WithIosKeychainSecurityGroup(System.String)">
<summary>
You can specify a Keychain Access Group to use for persisting the token cache across multiple applications.
This enables you to share the token cache between several applications having the same Keychain access group.
Sharing the token cache allows single sign-on between all of the applications that use the same Keychain access Group.
See https://aka.ms/msal-net-ios-keychain-security-group for more information.
</summary>
<param name="keychainSecurityGroup"></param>
<returns>A <see cref="T:Microsoft.Identity.Client.PublicClientApplicationBuilder"/> from which to set more
parameters, and to create a public client application instance</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.WithBroker(System.Boolean)">
<summary>
</summary>
<param name="enableBroker"></param>
<returns></returns>
<exception cref="T:System.PlatformNotSupportedException"></exception>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.WithWindowsBrokerOptions(Microsoft.Identity.Client.WindowsBrokerOptions)">
<summary>
Allows customization of the Windows 10 Broker experience.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.WithParentActivityOrWindow(System.Func{System.Object})">
<summary>
Sets a reference to the ViewController (if using iOS), Activity (if using Android)
IWin32Window or IntPtr (if using .Net Framework). Used for invoking the browser.
</summary>
<remarks>
Mandatory only on Android to be set either from here or from AcquireTokenInteractive builder.
See https://aka.ms/msal-net-android-activity for further documentation and details.
</remarks>
<param name="parentActivityOrWindowFunc">The parent as an object, so that it can be used from shared NetStandard assemblies</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.WithOidcAuthority(System.String)">
<summary>
Adds a known authority corresponding to a generic OpenIdConnect Identity Provider.
MSAL will append ".well-known/openid-configuration" to the authority and retrieve the OIDC
metadata from there, to figure out the endpoints.
See https://openid.net/specs/openid-connect-core-1_0.html#Terminology
</summary>
<remarks>
Experimental on public clients.
Do not use this method with Entra ID authorities (e.g. https://login.microsfoftonline.com/common).
Use WithAuthority(string) instead.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.WithParentActivityOrWindow(System.Func{System.IntPtr})">
<summary>
Sets a reference to the IntPtr to a window that triggers the browser to be shown.
Used to center the browser that pop-up onto this window.
</summary>
<param name="windowFunc">A function to return the current window</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.WithKerberosTicketClaim(System.String,Microsoft.Identity.Client.Kerberos.KerberosTicketContainer)">
<summary>
Sets the parameters required to get a Kerberos Ticket from Azure AD service.
</summary>
<param name="servicePrincipalName">Service principal name to get Kerberos Service Ticket.</param>
<param name="ticketContainer">Specify where the Kerberos ticket will be returned - as a claim in the ID token or as a claim in the access token.
If the ticket is for the client application, use the ID token. If the ticket is for the downstream API, use the access token.</param>
<remarks>
The expiry of the Kerberos ticket is tied to the expiry of the token that contains it.
MSAL provides several helper APIs to read and write Kerberos tickets from the Windows Ticket Cache - see <see cref="T:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicketManager"/>.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.IsBrokerAvailable">
<summary>
Returns <c>true</c> if a broker can be used.
This method is only needed to be used in mobile scenarios which support Mobile Application Management. In other supported scenarios, use <c>WithBroker</c> by itself, which will fall back to use a browser if broker is unavailable.
</summary>
<remarks>
<list type="bullet">
<item><description>On Windows, the broker (WAM) can be used on Windows 10 and is always installed. See https://aka.ms/msal-net-wam </description></item>
<item><description>On Mac, Linux, and older versions of Windows a broker is not available.</description></item>
<item><description>In .NET classic or .NET, install Microsoft.Identity.Client.Desktop first and call <c>WithDesktopFeatures()</c>.</description></item>
<item><description>In mobile apps, the device must be Intune joined and Authenticator or Company Portal must be installed. See https://aka.ms/msal-brokers </description></item>
</list>
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.Build">
<summary>
Builds an instance of <see cref="T:Microsoft.Identity.Client.IPublicClientApplication"/>
from the parameters set in the <see cref="T:Microsoft.Identity.Client.PublicClientApplicationBuilder"/>.
</summary>
<exception cref="T:Microsoft.Identity.Client.MsalClientException">Thrown when errors occur locally in the library itself (for example, because of incorrect configuration).</exception>
<returns>An instance of <see cref="T:Microsoft.Identity.Client.IPublicClientApplication"/></returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationBuilder.Validate">
<inheritdoc/>
</member>
<member name="T:Microsoft.Identity.Client.PublicClientApplicationOptions">
<summary>
Configuration options for a public client application (desktop/mobile app).
See https://aka.ms/msal-net/application-configuration
</summary>
</member>
<member name="T:Microsoft.Identity.Client.TraceTelemetryConfig">
<summary>
A simple <see cref="T:Microsoft.Identity.Client.ITelemetryConfig"/> implementation that writes data using System.Diagnostics.Trace.
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="M:Microsoft.Identity.Client.TraceTelemetryConfig.#ctor">
<summary>
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="P:Microsoft.Identity.Client.TraceTelemetryConfig.AudienceType">
<summary>
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="P:Microsoft.Identity.Client.TraceTelemetryConfig.SessionId">
<summary>
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="P:Microsoft.Identity.Client.TraceTelemetryConfig.DispatchAction">
<summary>
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="P:Microsoft.Identity.Client.TraceTelemetryConfig.AllowedScopes">
<summary>
</summary>
<remarks>This API is experimental and it may change in future versions of the library without an major version increment</remarks>
</member>
<member name="T:Microsoft.Identity.Client.ApplicationBase">
<inheritdoc/>
</member>
<member name="F:Microsoft.Identity.Client.ApplicationBase.DefaultAuthority">
<summary>
Default authority used for interactive calls.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AuthenticationHeaderParser">
<summary>
Parsed authentication headers to retrieve header values from <see cref="T:System.Net.Http.Headers.HttpResponseHeaders"/>.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationHeaderParser.WwwAuthenticateParameters">
<summary>
Parameters returned by the <c>WWW-Authenticate</c> header. This allows for dynamic
scenarios such as Claims challenge, Continuous Access Evaluation (CAE), and Conditional Access auth context.
See <see href="https://aka.ms/msal-net/wwwAuthenticate">our documentation</see> for additional details.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationHeaderParser.AuthenticationInfoParameters">
<summary>
Parameters returned by the <c>Authentication-Info</c> header.
This allows for more complex authentication scenarios, such as Proof-Of-Possession.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationHeaderParser.PopNonce">
<summary>
Nonce parsed from <see cref="T:System.Net.Http.Headers.HttpResponseHeaders"/>. This is acquired from the Proof-of-Possession <c>WWW-Authenticate</c> header or the <c>Authentication-Info</c> header
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthenticationHeaderParser.ParseAuthenticationHeadersAsync(System.String,System.Threading.CancellationToken)">
<summary>
Creates the authentication parameters by attempting to call the resource unauthenticated and analyzing the response.
</summary>
<param name="resourceUri">Resource URI.</param>
<param name="cancellationToken">Cancellation token to cancel the operation.</param>
<returns>An instance of <see cref="T:Microsoft.Identity.Client.AuthenticationHeaderParser"/> containing authentication header data.</returns>
<overloads></overloads>
</member>
<member name="M:Microsoft.Identity.Client.AuthenticationHeaderParser.ParseAuthenticationHeadersAsync(System.String,System.Net.Http.HttpClient,System.Threading.CancellationToken)">
<inheritdoc cref="M:Microsoft.Identity.Client.AuthenticationHeaderParser.ParseAuthenticationHeadersAsync(System.String,System.Threading.CancellationToken)"/>
<param name="resourceUri">Resource URI.</param>
<param name="httpClient">Instance of <see cref="T:System.Net.Http.HttpClient"/> to make the request with.</param>
<param name="cancellationToken">Cancellation token to cancel the operation.</param>
<exception cref="T:System.ArgumentNullException">Thrown if the <c>resourceUri</c> or <c>httpClient</c> is null.</exception>
</member>
<member name="M:Microsoft.Identity.Client.AuthenticationHeaderParser.ParseAuthenticationHeaders(System.Net.Http.Headers.HttpResponseHeaders)">
<summary>
Creates a parsed set of parameters from the provided <see cref="T:System.Net.Http.Headers.HttpResponseHeaders"/>.
</summary>
<param name="httpResponseHeaders">HTTP response headers.</param>
<remarks>For known values, such as the nonce used for Proof-of-Possession, the parser will first check for it in the <c>WWW-Authenticate</c> headers
If it cannot find it, it will then check the <c>Authentication-Info</c> parameters for the value.</remarks>
<returns>An instance of <see cref="T:Microsoft.Identity.Client.AuthenticationHeaderParser"/>.</returns>
</member>
<member name="M:Microsoft.Identity.Client.AuthenticationHeaderParser.GetHttpClient">
<summary>
Creates a new <see cref="T:System.Net.Http.HttpClient"/> instance.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthenticationHeaderParser.CreateKeyValuePair(System.String,System.String)">
<summary>
Creates a key-value pair from an expression of the form a=b if possible.
Otherwise, the key value pair will be returned as (key:<paramref name="authScheme"/>, value:<paramref name="paramValue"/>).
</summary>
<param name="paramValue">assignment</param>
<param name="authScheme">authScheme</param>
<returns>An instance of <see cref="T:System.Collections.Generic.KeyValuePair`2"/>.</returns>
</member>
<member name="T:Microsoft.Identity.Client.AuthenticationInfoParameters">
<summary>
Parameters returned by the Authentication-Info header. This allows for
scenarios such as proof-of-possession, etc.
See https://www.rfc-editor.org/rfc/rfc7615
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationInfoParameters.NextNonce">
<summary>
The next nonce to be used in the preceding authentication request.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationInfoParameters.Item(System.String)">
<summary>
Return the <see cref="P:Microsoft.Identity.Client.AuthenticationInfoParameters.RawParameters"/> of key <paramref name="key"/>.
</summary>
<param name="key">Name of the raw parameter to retrieve.</param>
<returns>The raw parameter if it exists,
or throws a <see cref="T:System.Collections.Generic.KeyNotFoundException"/> otherwise.
</returns>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationInfoParameters.RawParameters">
<summary>
Dictionary of raw parameters in the Authentication-Info header (extracted from the Authentication-Info header
string value, without any processing). This allows support for APIs which are not mappable easily to the standard
or framework specific (Microsoft.Identity.Model, Microsoft.Identity.Web).
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthenticationInfoParameters.CreateFromResponseHeaders(System.Net.Http.Headers.HttpResponseHeaders)">
<summary>
Create Authentication-Info parameters from the HttpResponseHeaders for each auth scheme.
</summary>
<param name="httpResponseHeaders">HttpResponseHeaders.</param>
<returns>Authentication-Info provided by the endpoint</returns>
</member>
<member name="T:Microsoft.Identity.Client.AuthenticationResult">
<summary>
Contains the results of one token acquisition operation in <see cref="T:Microsoft.Identity.Client.PublicClientApplication"/>
or ConfidentialClientApplication. For details see https://aka.ms/msal-net-authenticationresult
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthenticationResult.#ctor(System.String,System.Boolean,System.String,System.DateTimeOffset,System.DateTimeOffset,System.String,Microsoft.Identity.Client.IAccount,System.String,System.Collections.Generic.IEnumerable{System.String},System.Guid,System.String,Microsoft.Identity.Client.AuthenticationResultMetadata,System.Security.Claims.ClaimsPrincipal,System.String,System.Collections.Generic.IReadOnlyDictionary{System.String,System.String})">
<summary>
Constructor meant to help application developers test their apps. Allows mocking of authentication flows.
App developers should <b>never</b> new-up <see cref="T:Microsoft.Identity.Client.AuthenticationResult"/> in product code.
</summary>
<param name="accessToken">Access Token that can be used as a bearer token to access protected web APIs</param>
<param name="account">Account information</param>
<param name="expiresOn">Expiry date-time for the access token</param>
<param name="extendedExpiresOn">See <see cref="P:Microsoft.Identity.Client.AuthenticationResult.ExtendedExpiresOn"/></param>
<param name="idToken">ID token</param>
<param name="isExtendedLifeTimeToken">See <see cref="P:Microsoft.Identity.Client.AuthenticationResult.IsExtendedLifeTimeToken"/></param>
<param name="scopes">Granted scope values as returned by the service</param>
<param name="tenantId">Identifier for the Azure AD tenant from which the token was acquired. Can be <c>null</c></param>
<param name="uniqueId">Unique Id of the account. It can be null. When the <see cref="P:Microsoft.Identity.Client.AuthenticationResult.IdToken"/> is not <c>null</c>, this is its ID, that is its ObjectId claim, or if that claim is <c>null</c>, the Subject claim.</param>
<param name="correlationId">The correlation id of the authentication request</param>
<param name="tokenType">The token type, defaults to Bearer. Note: this property is experimental and may change in future versions of the library.</param>
<param name="authenticationResultMetadata">Contains metadata related to the Authentication Result.</param>
<param name="claimsPrincipal">Claims from the ID token</param>
<param name="spaAuthCode">Auth Code returned by the Microsoft identity platform when you use AcquireTokenByAuthorizationCode.WithSpaAuthorizationCode(). This auth code is meant to be redeemed by the frontend code. See https://aka.ms/msal-net/spa-auth-code</param>
<param name="additionalResponseParameters">Other properties from the token response.</param>
</member>
<member name="M:Microsoft.Identity.Client.AuthenticationResult.#ctor(System.String,System.Boolean,System.String,System.DateTimeOffset,System.DateTimeOffset,System.String,Microsoft.Identity.Client.IAccount,System.String,System.Collections.Generic.IEnumerable{System.String},System.Guid,Microsoft.Identity.Client.AuthenticationResultMetadata,System.String)">
<summary>
Constructor meant to help application developers test their apps. Allows mocking of authentication flows.
App developers should <b>never</b> new-up <see cref="T:Microsoft.Identity.Client.AuthenticationResult"/> in product code.
</summary>
<param name="accessToken">Access Token that can be used as a bearer token to access protected web APIs</param>
<param name="account">Account information</param>
<param name="expiresOn">Expiry date-time for the access token</param>
<param name="extendedExpiresOn">See <see cref="P:Microsoft.Identity.Client.AuthenticationResult.ExtendedExpiresOn"/></param>
<param name="idToken">ID token</param>
<param name="isExtendedLifeTimeToken">See <see cref="P:Microsoft.Identity.Client.AuthenticationResult.IsExtendedLifeTimeToken"/></param>
<param name="scopes">Granted scope values as returned by the service</param>
<param name="tenantId">Identifier for the Azure AD tenant from which the token was acquired. Can be <c>null</c></param>
<param name="uniqueId">Unique Id of the account. It can be null. When the <see cref="P:Microsoft.Identity.Client.AuthenticationResult.IdToken"/> is not <c>null</c>, this is its ID, that is its ObjectId claim, or if that claim is <c>null</c>, the Subject claim.</param>
<param name="correlationId">The correlation id of the authentication request</param>
<param name="authenticationResultMetadata">Contains metadata related to the Authentication Result.</param>
<param name="tokenType">The token type, defaults to Bearer. Note: this property is experimental and may change in future versions of the library.</param>
<remarks>For backwards compatibility with MSAL 4.17-4.20 </remarks>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.AccessToken">
<summary>
Access Token that can be used as a bearer token to access protected web APIs
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.IsExtendedLifeTimeToken">
<summary>
In case when Azure AD has an outage, to be more resilient, it can return tokens with
an expiration time, and also with an extended expiration time.
The tokens are then automatically refreshed by MSAL when the time is more than the
expiration time, except when ExtendedLifeTimeEnabled is true and the time is less
than the extended expiration time. This goes in pair with Web APIs middleware which,
when this extended life time is enabled, can accept slightly expired tokens.
Client applications accept extended life time tokens only if
the ExtendedLifeTimeEnabled Boolean is set to true on ClientApplicationBase.
</summary>
<remarks>This feature is not in use</remarks>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.UniqueId">
<summary>
Gets the Unique Id of the account in this <see cref="P:Microsoft.Identity.Client.AuthenticationResult.TenantId" />
It is set as the oid (ObjectId) claim, or if that claim is <c>null</c>, as the sub (Subject) claim which is guaranteed not-null.
</summary>
<remarks>
The oid claim identifies a user in all apps - Microsoft Identity Providers issue ID tokens with this claim, although it can be null in rare cases.
The sub claim is "a locally unique and never reassigned identifier within the Issuer for the End-User" as per https://openid.net/specs/openid-connect-core-1_0.html and it is a
mandatory claim with OIDC compliant issuers.
Guest AAD accounts have different oid claim values in each tenant. Use <see cref="P:Microsoft.Identity.Client.Account.HomeAccountId"/> to uniquely identify users across tenants.
See https://docs.microsoft.com/azure/active-directory/develop/id-tokens#payload-claims
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.ExpiresOn">
<summary>
Gets the point in time in which the Access Token returned in the <see cref="P:Microsoft.Identity.Client.AuthenticationResult.AccessToken"/> property ceases to be valid.
This value is calculated based on current UTC time measured locally and the value expiresIn received from the
service.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.ExtendedExpiresOn">
<summary>
Gets the point in time in which the Access Token returned in the AccessToken property ceases to be valid in MSAL's extended LifeTime.
This value is calculated based on current UTC time measured locally and the value ext_expiresIn received from the service.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.TenantId">
<summary>
Gets an identifier for the Azure AD tenant from which the token was acquired. This property will be null if tenant information is
not returned by the service.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.Account">
<summary>
Gets the account information. Some elements in <see cref="T:Microsoft.Identity.Client.IAccount"/> might be null if not returned by the
service. The account can be passed back in some API overloads to identify which account should be used such
as <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> or
<see cref="M:Microsoft.Identity.Client.IClientApplicationBase.RemoveAsync(Microsoft.Identity.Client.IAccount)"/> for instance
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.IdToken">
<summary>
Gets the Id Token if returned by the service or null if no Id Token is returned.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.Scopes">
<summary>
Gets the granted scope values returned by the service.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.CorrelationId">
<summary>
Gets the correlation id used for the request.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.TokenType">
<summary>
Identifies the type of access token. By default tokens returned by Azure Active Directory are Bearer tokens.
<seealso cref="M:Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader"/> for getting an HTTP authorization header from an AuthenticationResult.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.SpaAuthCode">
<summary>
Gets the SPA Authorization Code, if it was requested using WithSpaAuthorizationCode method on the
AcquireTokenByAuthorizationCode builder. See https://aka.ms/msal-net/spa-auth-code for details.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.AdditionalResponseParameters">
<summary>
Exposes additional response parameters returned by the token issuer (AAD).
</summary>
<remarks>
Not all parameters are added here, only the ones that MSAL doesn't interpret itself and only scalars.
Not supported on mobile frameworks (e.g. net6-android or net6-ios)
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.ClaimsPrincipal">
<summary>
All the claims present in the ID token.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.AuthenticationResultMetadata">
<summary>
Contains metadata for the Authentication result.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader">
<summary>
Creates the content for an HTTP authorization header from this authentication result, so
that you can call a protected API
</summary>
<returns>Created authorization header of the form "Bearer {AccessToken}"</returns>
<example>
Here is how you can call a protected API from this authentication result (in the <c>result</c>
variable):
<code>
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Add("Authorization", result.CreateAuthorizationHeader());
HttpResponseMessage r = await client.GetAsync(urlOfTheProtectedApi);
</code>
</example>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResult.User">
<summary>
In MSAL.NET 1.x, returned the user who signed in to get the authentication result. From MSAL 2.x
rather use <see cref="P:Microsoft.Identity.Client.AuthenticationResult.Account"/> instead. See https://aka.ms/msal-net-2-released for more details.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AuthenticationResultMetadata">
<summary>
Contains metadata of the authentication result. <see cref="T:Microsoft.Identity.Client.Metrics"/> for additional MSAL-wide metrics.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthenticationResultMetadata.#ctor(Microsoft.Identity.Client.TokenSource)">
<summary>
Constructor for the class AuthenticationResultMetadata
<param name="tokenSource">The token source.</param>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResultMetadata.TokenSource">
<summary>
The source of the token in the result.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResultMetadata.TokenEndpoint">
<summary>
The token endpoint used to contact the Identity Provider (e.g. Azure Active Directory).
Can be null, for example when the token comes from the cache.
</summary>
<remarks>
This may be different from the endpoint you'd infer from the authority configured in the application object:
- if regional auth is used.
- if AAD instructs MSAL to use a different environment.
- if the authority or tenant is overridden at the request level.
- during a refresh_token operation, when MSAL must resolve "common" and "organizations" to a tenant ID.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResultMetadata.DurationTotalInMs">
<summary>
Time, in milliseconds, spent to service this request. Includes time spent making HTTP requests <see cref="P:Microsoft.Identity.Client.AuthenticationResultMetadata.DurationInHttpInMs"/>, time spent
in token cache callbacks <see cref="P:Microsoft.Identity.Client.AuthenticationResultMetadata.DurationInCacheInMs"/>, time spent in MSAL and context switching.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResultMetadata.DurationInCacheInMs">
<summary>
Time, in milliseconds, MSAL spent during this request reading and writing to the token cache, i.e. in the OnBeforeAccess, OnAfterAccess, etc. callbacks.
Does not include internal MSAL logic for searching through the cache once loaded.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResultMetadata.DurationInHttpInMs">
<summary>
Time, in milliseconds, MSAL spent for HTTP communication during this request.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResultMetadata.RefreshOn">
<summary>
Specifies the time when the cached token should be proactively refreshed.
This value may be null if proactive refresh is not enabled.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResultMetadata.CacheRefreshReason">
<summary>
Specifies the reason for fetching the access token from the identity provider.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResultMetadata.CacheLevel">
<summary>
Indicates the type of cache that the token was read from.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResultMetadata.RegionDetails">
<summary>
Contains the outcome of the region discovery if region was used.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthenticationResultMetadata.Telemetry">
<summary>
May contain telemetry data.
</summary>
<remarks>
Currently it is emitted only for desktop public client flows when the broker is used and it is
also included in the verbose logs. May contain Personal Identifiable Information (PII), as per the logging settings.
See https://aka.ms/msal-net-logging for more details about logging.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.AuthScheme.AuthSchemeHelper.StoreTokenTypeInCacheKey(System.String)">
<summary>
For backwards compatibility reasons, keep the cache key unchanged for Bearer and SSH tokens.
For PoP and future tokens, the cache should support both several types of tokens for the same scope (e.g. PoP and Bearer)
</summary>
<param name="tokenType"></param>
<returns></returns>
</member>
<member name="T:Microsoft.Identity.Client.AuthScheme.IAuthenticationScheme">
<summary>
Used to modify the experience depending on the type of token asked.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthScheme.IAuthenticationScheme.TelemetryTokenType">
<summary>
Value to log to telemetry to indicate pop usage.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthScheme.IAuthenticationScheme.AuthorizationHeaderPrefix">
<summary>
Prefix for the HTTP header that has the token. E.g. "Bearer" or "POP"
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthScheme.IAuthenticationScheme.GetTokenRequestParams">
<summary>
Extra parameters that are added to the request to the /token endpoint.
</summary>
<returns>Name and values of params</returns>
</member>
<member name="P:Microsoft.Identity.Client.AuthScheme.IAuthenticationScheme.KeyId">
<summary>
Key ID of the public / private key pair used by the encryption algorithm, if any.
Tokens obtained by authentication schemes that use this are bound to the KeyId, i.e.
if a different kid is presented, the access token cannot be used.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthScheme.IAuthenticationScheme.FormatAccessToken(Microsoft.Identity.Client.Cache.Items.MsalAccessTokenCacheItem)">
<summary>
Creates the access token that goes into an Authorization HTTP header.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthScheme.IAuthenticationScheme.AccessTokenType">
<summary>
Expected to match the token_type parameter returned by ESTS. Used to disambiguate
between ATs of different types (e.g. Bearer and PoP) when loading from cache etc.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AuthScheme.PoP.InMemoryCryptoProvider">
<summary>
The default implementation will store a key in memory
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthScheme.PoP.InMemoryCryptoProvider.ComputeCanonicalJwk(System.Security.Cryptography.RSAParameters)">
<summary>
Creates the canonical representation of the JWK. See https://tools.ietf.org/html/rfc7638#section-3.
The number of parameters as well as the lexicographic order is important, as this string will be hashed to get a thumbprint.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AuthScheme.PoP.IPoPCryptoProvider">
<summary>
An abstraction over an the asymmetric key operations needed by POP, that encapsulates a pair of
public and private keys and some typical crypto operations.
All symmetric operations are SHA256.
</summary>
<remarks>
Important: The 2 methods on this interface will be called at different times but MUST return details of
the same private / public key pair, i.e. do not change to a different key pair mid way. Best to have this class immutable.
Ideally there should be a single public / private key pair associated with a machine, so implementers of this interface
should consider exposing a singleton.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.AuthScheme.PoP.IPoPCryptoProvider.CannonicalPublicKeyJwk">
<summary>
The canonical representation of the JWK.
See https://tools.ietf.org/html/rfc7638#section-3
</summary>
</member>
<member name="P:Microsoft.Identity.Client.AuthScheme.PoP.IPoPCryptoProvider.CryptographicAlgorithm">
<summary>
Algorithm used to sign proof of possession request.
See <see href="https://learn.microsoft.com/azure/key-vault/keys/about-keys-details#signverify">EC algorithms</see> for ECD.
See <see href="https://learn.microsoft.com/azure/key-vault/keys/about-keys-details#signverify-1">RSA algorithms</see> for RSA.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthScheme.PoP.IPoPCryptoProvider.Sign(System.Byte[])">
<summary>
Signs the byte array using the private key
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AuthScheme.PoP.JsonWebKeyParameterNames">
<summary>
Names for Json Web Key Values
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AuthScheme.PoP.JsonWebAlgorithmsKeyTypes">
<summary>
Constants for JsonWebAlgorithms "kty" Key Type (sec 6.1)
http://tools.ietf.org/html/rfc7518#section-6.1
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthScheme.PoP.PopAuthenticationScheme.#ctor(Microsoft.Identity.Client.AppConfig.PoPAuthenticationConfiguration,Microsoft.Identity.Client.Internal.IServiceBundle)">
<summary>
Creates POP tokens, i.e. tokens that are bound to an HTTP request and are digitally signed.
</summary>
<remarks>
Currently the signing credential algorithm is hard-coded to RSA with SHA256. Extensibility should be done
by integrating Wilson's SigningCredentials
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.AuthScheme.PoP.PopAuthenticationScheme.KeyId">
<summary>
For PoP, we chose to use the base64(jwk_thumbprint)
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthScheme.PoP.PopAuthenticationScheme.ComputeThumbprint(System.String)">
<summary>
A key ID that uniquely describes a public / private key pair. While KeyID is not normally
strict, AAD support for PoP requires that we use the base64 encoded JWK thumbprint, as described by
https://tools.ietf.org/html/rfc7638
</summary>
</member>
<member name="M:Microsoft.Identity.Client.AuthScheme.PoP.PopAuthenticationScheme.CreateJWS(System.String,System.String)">
<summary>
Creates a JWS (json web signature) as per: https://tools.ietf.org/html/rfc7515
Format: header.payload.signed_payload
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AuthScheme.PoP.PoPClaimTypes.At">
<summary>
Access token with response cnf
https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03#section-3
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AuthScheme.PoP.PoPClaimTypes.HttpMethod">
<summary>
Http method (GET or POST)
https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03#section-3
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AuthScheme.PoP.PoPClaimTypes.Ts">
<summary>
Timestamp
https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03#section-3
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AuthScheme.PoP.PoPClaimTypes.Host">
<summary>
Uri host
https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03#section-3
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AuthScheme.PoP.PoPClaimTypes.Path">
<summary>
Uri path
https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03#section-3
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AuthScheme.PoP.PoPClaimTypes.Query">
<summary>
Uri path
https://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-03#section-3
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AuthScheme.PoP.PoPClaimTypes.Cnf">
<summary>
Confirmation claim. By including this in a JWT, the issuer states that the presenter
possesses a particular key (i.e. the private key) and that the recipient can confirm this
cryptographically.
https://tools.ietf.org/html/rfc7800
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AuthScheme.PoP.PoPClaimTypes.JWK">
<summary>
Also part of the confirmation claim. <seealso cref="F:Microsoft.Identity.Client.AuthScheme.PoP.PoPClaimTypes.Cnf"/>
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AuthScheme.PoP.PoPClaimTypes.Nonce">
<summary>
Non-standard claim representing a nonce that protects against replay attacks.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AuthScheme.PoP.PoPProviderFactory">
<summary>
This factory ensures key rotation every 8h
</summary>
</member>
<member name="T:Microsoft.Identity.Client.AuthScheme.TokenType">
<summary>
Specifies the token type to log to telemetry.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AuthScheme.TokenType.Bearer">
<summary>
Bearer token type.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AuthScheme.TokenType.Pop">
<summary>
Pop token type.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AuthScheme.TokenType.SshCert">
<summary>
Ssh-cert token type.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.AuthScheme.TokenType.External">
<summary>
External token type.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Cache.AdalResult">
<summary>
Contains the results of an ADAL token acquisition. Access Tokens from ADAL are not compatible
with MSAL, only Refresh Tokens are.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.AdalResult.UserInfo">
<summary>
Gets user information including user Id. Some elements in UserInfo might be null if not returned by the service.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.AdalResultWrapper.RefreshToken">
<summary>
Gets the Refresh Token associated with the requested Access Token. Note: not all operations will return a Refresh Token.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.AdalResultWrapper.IsMultipleResourceRefreshToken">
<summary>
Gets a value indicating whether the refresh token can be used for requesting access token for other resources.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Cache.AdalResultWrapper.Deserialize(System.String)">
<summary>
Serializes the object to a JSON string
</summary>
<returns>Deserialized authentication result</returns>
</member>
<member name="M:Microsoft.Identity.Client.Cache.AdalResultWrapper.Serialize">
<summary>
Serializes the object to a JSON string
</summary>
<returns>Serialized authentication result</returns>
</member>
<member name="T:Microsoft.Identity.Client.Cache.TokenSubjectType">
<summary>
Determines what type of subject the token was issued for.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Cache.TokenSubjectType.User">
<summary>
User
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Cache.TokenSubjectType.Client">
<summary>
Client
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Cache.TokenSubjectType.UserPlusClient">
<summary>
UserPlusClient: This is for confidential clients used in middle tier.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Cache.AdalTokenCacheKey">
<summary>
<see cref="T:Microsoft.Identity.Client.Cache.AdalTokenCacheKey"/> can be used with Linq to access items from the TokenCache dictionary.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.AdalTokenCacheKey.Resource">
<summary>
For the purposes of MSAL, the resource is irrelevant, since only RTs can be migrated.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Cache.AdalTokenCacheKey.Equals(System.Object)">
<summary>
Determines whether the specified object is equal to the current object.
</summary>
<returns>
true if the specified object is equal to the current object; otherwise, false.
</returns>
<param name="obj">The object to compare with the current object. </param><filterpriority>2</filterpriority>
</member>
<member name="M:Microsoft.Identity.Client.Cache.AdalTokenCacheKey.Equals(Microsoft.Identity.Client.Cache.AdalTokenCacheKey)">
<summary>
Determines whether the specified TokenCacheKey is equal to the current object.
</summary>
<returns>
true if the specified TokenCacheKey is equal to the current object; otherwise, false.
</returns>
<param name="other">The TokenCacheKey to compare with the current object. </param><filterpriority>2</filterpriority>
</member>
<member name="M:Microsoft.Identity.Client.Cache.AdalTokenCacheKey.GetHashCode">
<summary>
Returns the hash code for this TokenCacheKey.
</summary>
<returns>
A 32-bit signed integer hash code.
</returns>
</member>
<member name="T:Microsoft.Identity.Client.Cache.AdalUserInfo">
<summary>
Contains information of a single user. This information is used for token cache lookup. Also if created with userId, userId is sent to the service when login_hint is accepted.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Cache.AdalUserInfo.#ctor">
<summary>
Create user information for token cache lookup
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Cache.AdalUserInfo.#ctor(Microsoft.Identity.Client.Cache.AdalUserInfo)">
<summary>
Create user information copied from another UserInfo object
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.AdalUserInfo.UniqueId">
<summary>
Gets identifier of the user authenticated during token acquisition.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.AdalUserInfo.DisplayableId">
<summary>
Gets a displayable value in UserPrincipalName (UPN) format. The value can be null.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.AdalUserInfo.GivenName">
<summary>
Gets given name of the user if provided by the service. If not, the value is null.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.AdalUserInfo.FamilyName">
<summary>
Gets family name of the user if provided by the service. If not, the value is null.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.AdalUserInfo.PasswordExpiresOn">
<summary>
Gets the time when the password expires. Default value is 0.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.AdalUserInfo.PasswordChangeUrl">
<summary>
Gets the URL where the user can change the expiring password. The value can be null.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.AdalUserInfo.IdentityProvider">
<summary>
Gets identity provider if returned by the service. If not, the value is null.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Cache.CacheData">
<summary>
Data class, common to ADAL.NET and MSAL.NET V2 used for the token cache serialization
in a dual format: the ADAL V3 cache format, and the new unified cache format, common
to ADAL.NET 4.x, MSAL.NET 2.x and other libraries in the same Operating System
(for instance ADAL and MSAL for objective C in iOS)
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.CacheData.AdalV3State">
<summary>
Array of bytes containing the serialized cache in ADAL.NET V3 format
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.CacheData.UnifiedState">
<summary>
Array of bytes containing the serialized MSAL.NET V2 cache
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Cache.CacheFallbackOperations.GetAllAdalUsersForMsal(Microsoft.Identity.Client.Core.ILoggerAdapter,Microsoft.Identity.Client.Cache.ILegacyCachePersistence,System.String)">
<summary>
Returns a tuple where
Item1 is a map of ClientInfo -> AdalUserInfo for those users that have ClientInfo
Item2 is a list of AdalUserInfo for those users that do not have ClientInfo
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Cache.CacheFallbackOperations.RemoveAdalUser(Microsoft.Identity.Client.Core.ILoggerAdapter,Microsoft.Identity.Client.Cache.ILegacyCachePersistence,System.String,System.String,System.String)">
<summary>
Algorithm to delete:
DisplayableId cannot be null
Removal is scoped by environment and clientId;
If accountId != null then delete everything with the same clientInfo
otherwise, delete everything with the same displayableId
Notes:
- displayableId can change rarely
- ClientCredential Grant uses the app token cache, not the user token cache, so this algorithm does not apply
(nor will GetAccounts / RemoveAccount work)
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Cache.CacheKeyFactory">
<summary>
Responsible for computing:
- external distributed cache key (from request and responses)
- internal cache partition keys (as above, but also from cache items)
These are the same string, but MSAL cannot control if the app developer actually uses distributed caching.
However, MSAL's in-memory cache needs to be partitioned, and this class computes the partition key.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Cache.CacheLevel">
<summary>
Identifies the type of cache that the token was read from.
</summary>
<remarks>
Token cache serialization implementations must provide this value.
</remarks>
</member>
<member name="F:Microsoft.Identity.Client.Cache.CacheLevel.None">
<summary>
Indicates that the token was retrieved from the identity provider.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Cache.CacheLevel.Unknown">
<summary>
Indicates that the cache level used is unknown.
Token was retrieved from cache but the token cache implementation didn't specify which cache level was used.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Cache.CacheLevel.L1Cache">
<summary>
Indicates that the token was read from the L1 cache.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Cache.CacheLevel.L2Cache">
<summary>
Indicates that the token was read from the L2 cache.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Cache.CacheSessionManager">
<summary>
MSAL should only interact with the cache though this object. It is responsible for firing cache notifications.
Flows should only perform (at most) 2 cache accesses: one to read data and one to write tokens. Reading data multiple times
(e.g. read all ATs, read all RTs) should not refresh the cache from disk because of performance impact.
Write operations are still the responsibility of TokenCache.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Cache.CacheSessionManager.RefreshCacheForReadOperationsAsync">
<remarks>
Possibly refreshes the internal cache by calling OnBeforeAccessAsync and OnAfterAccessAsync delegates.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Cache.Items.MsalAccessTokenCacheItem.WithExpiresOn(System.DateTimeOffset)">
<summary>
Creates a new object with a different expires on
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.Items.MsalAccessTokenCacheItem.OboCacheKey">
<summary>
Used to find the token in the cache.
Can be a token assertion hash (normal OBO flow) or a user provided key (long-running OBO flow).
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.Items.MsalAccessTokenCacheItem.KeyId">
<summary>
Used when the token is bound to a public / private key pair which is identified by a key id (kid).
Currently used by PoP tokens
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Cache.Items.MsalAccountCacheItem">
<summary>
Example account json:
"authority_type":"MSSTS",
"client_info":"",
"environment":"login.windows.net",
"family_name":"",
"given_name":"Some Name",
"home_account_id":"69c374a4-1df6-46f8-b83a-a2fcd8823ee2.49f548d0-12b7-4169-a390-bb5304d24462",
"local_account_id":"69c374a4-1df6-46f8-b83a-a2fcd8823ee2",
"middle_name":"",
"name":"Some Name",
"realm":"49f548d0-12b7-4169-a390-bb5304d24462",
"username":"subzero@bogavrilltd.onmicrosoft.com",
"wam_account_ids":"{\"00000000480FA373\":\"ob7b8h79td9gs6hfqoh2r37m\",\"4b0db8c2-9f26-4417-8bde-3f0e3656f8e0\":\"ob7b8h79td9gs6hfqoh2r37m\"}"
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.Items.MsalAccountCacheItem.WamAccountIds">
<summary>
WAM special implementation: MSA accounts (and also AAD accounts) cannot be discovered through WAM
however the broker offers an interactive experience for the user to login, even with an MSA account.
After an interactive login, MSAL must be able to silently login the MSA user. To do this, MSAL must save the
account ID in its token cache. Accounts with associated WAM account ID can be used in silent WAM flows.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Cache.Items.MsalAppMetadataCacheItem">
<summary>
Apps shouldn't rely on its presence, unless the app itself wrote it. It means that SDK should translate absence of app metadata to the default values of its required fields.
Other apps that don't support app metadata should never remove existing app metadata.
App metadata is a non-removable entity.It means there's no need for a public API to remove app metadata, and it shouldn't be removed when removeAccount is called.
App metadata is a non-secret entity. It means that it cannot store any secret information, like tokens, nor PII, like username etc.
App metadata can be extended by adding additional fields when required.Absence of any non-required field should translate to default values for those field.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.Items.MsalAppMetadataCacheItem.ClientId">
<remarks>mandatory</remarks>
</member>
<member name="P:Microsoft.Identity.Client.Cache.Items.MsalAppMetadataCacheItem.Environment">
<remarks>mandatory</remarks>
</member>
<member name="P:Microsoft.Identity.Client.Cache.Items.MsalAppMetadataCacheItem.FamilyId">
<summary>
The family id of which this application is part of. This is an internal feature and there is currently a single app,
with id 1. If familyId is empty, it means an app is not part of a family. A missing entry means unknown status.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Cache.Items.MsalItemWithAdditionalFields.PopulateFieldsFromJObject(System.Text.Json.Nodes.JsonObject)">
<remarks>
Important: order matters. This MUST be the last one called since it will extract the
remaining fields out.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.Cache.Items.MsalRefreshTokenCacheItem.FamilyId">
<summary>
Optional. A value here means the token in an FRT.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.Items.MsalRefreshTokenCacheItem.OboCacheKey">
<summary>
Used to find the token in the cache.
Can be a token assertion hash (normal OBO flow) or a user provided key (long-running OBO flow).
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Cache.Items.MsalRefreshTokenCacheItem.IsFRT">
<summary>
Family Refresh Tokens, can be used for all clients part of the family
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Cache.ITokenCacheAccessor.GetAllAccessTokens(System.String,Microsoft.Identity.Client.Core.ILoggerAdapter)">
<summary>
Returns all access tokens from the underlying cache collection.
If <paramref name="optionalPartitionKey"/> is specified, returns access tokens from that partition only.
</summary>
<remarks>
WARNING: if partitionKey is null, this API is slow as it loads all tokens, not just from 1 partition.
It should only support external token caching, in the hope that the external token cache is partitioned.
Not all classes that implement this method are required to filter by partition (e.g. mobile)
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Cache.ITokenCacheAccessor.GetAllRefreshTokens(System.String,Microsoft.Identity.Client.Core.ILoggerAdapter)">
<summary>
Returns all refresh tokens from the underlying cache collection.
If <paramref name="optionalPartitionKey"/> is specified, returns refresh tokens from that partition only.
</summary>
<remarks>
WARNING: if partitionKey is null, this API is slow as it loads all tokens, not just from 1 partition.
It should only support external token caching, in the hope that the external token cache is partitioned.
Not all classes that implement this method are required to filter by partition (e.g. mobile)
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Cache.ITokenCacheAccessor.GetAllIdTokens(System.String,Microsoft.Identity.Client.Core.ILoggerAdapter)">
<summary>
Returns all ID tokens from the underlying cache collection.
If <paramref name="optionalPartitionKey"/> is specified, returns ID tokens from that partition only.
</summary>
<remarks>
WARNING: if partitionKey is null, this API is slow as it loads all tokens, not just from 1 partition.
It should only support external token caching, in the hope that the external token cache is partitioned.
Not all classes that implement this method are required to filter by partition (e.g. mobile)
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Cache.ITokenCacheAccessor.GetAllAccounts(System.String,Microsoft.Identity.Client.Core.ILoggerAdapter)">
<summary>
Returns all accounts from the underlying cache collection.
If <paramref name="optionalPartitionKey"/> is specified, returns accounts from that partition only.
</summary>
<remarks>
WARNING: if partitionKey is null, this API is slow as it loads all tokens, not just from 1 partition.
It should only support external token caching, in the hope that the external token cache is partitioned.
Not all classes that implement this method are required to filter by partition (e.g. mobile)
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Cache.ITokenCacheAccessor.HasAccessOrRefreshTokens">
<remarks>
WARNING: this API is slow as it loads all tokens, not just from 1 partition.
It should only support external token caching, in the hope that the external token cache is partitioned.
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.Cache.TokenCacheDictionarySerializer">
<remarks>
The dictionary serializer does not handle unknown nodes.
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.CacheRefreshReason">
<summary>
Specifies the reason for fetching the access token from the identity provider when using AcquireTokenSilent, AcquireTokenForClient or AcquireTokenOnBehalfOf.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.CacheRefreshReason.NotApplicable">
<summary>
When a token is found in the cache or the cache is not supposed to be hit when making the request (interactive call, username password call, device code flow, etc.)
</summary>
</member>
<member name="F:Microsoft.Identity.Client.CacheRefreshReason.ForceRefreshOrClaims">
<summary>
When the token request goes to the identity provider because force_refresh was set to true. Also occurs if WithClaims() is used.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.CacheRefreshReason.NoCachedAccessToken">
<summary>
When the token request goes to the identity provider because no cached access token exists
</summary>
</member>
<member name="F:Microsoft.Identity.Client.CacheRefreshReason.Expired">
<summary>
When the token request goes to the identity provider because cached access token expired
</summary>
</member>
<member name="F:Microsoft.Identity.Client.CacheRefreshReason.ProactivelyRefreshed">
<summary>
When the token request goes to the identity provider because refresh_in was used and the existing token needs to be refreshed
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ClientApplicationBase">
<inheritdoc/>
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.ClientApplicationBase.AppConfig">
<summary>
Details on the configuration of the ClientApplication for debugging purposes.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ClientApplicationBase.UserTokenCache">
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.ClientApplicationBase.Authority">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountsAsync">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountsAsync(System.Threading.CancellationToken)">
<summary>
Returns all the available <see cref="T:Microsoft.Identity.Client.IAccount">accounts</see> in the user token cache for the application.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountsAsync(System.String)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountsAsync(System.String,System.Threading.CancellationToken)">
<summary>
Get the <see cref="T:Microsoft.Identity.Client.IAccount"/> collection by its identifier among the accounts available in the token cache,
based on the user flow. This is for Azure AD B2C scenarios.
</summary>
<param name="userFlow">The identifier is the user flow being targeted by the specific B2C authority/>.
</param>
<param name="cancellationToken">Cancellation token </param>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountAsync(System.String,System.Threading.CancellationToken)">
<summary>
Get the <see cref="T:Microsoft.Identity.Client.IAccount"/> by its identifier among the accounts available in the token cache.
</summary>
<param name="accountId">Account identifier. The identifier is typically the
value of the <see cref="P:Microsoft.Identity.Client.AccountId.Identifier"/> property of <see cref="T:Microsoft.Identity.Client.AccountId"/>.
You typically get the account ID from an <see cref="T:Microsoft.Identity.Client.IAccount"/> by using the <see cref="P:Microsoft.Identity.Client.IAccount.HomeAccountId"/> property>
</param>
<param name="cancellationToken">Cancellation token </param>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountAsync(System.String)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.RemoveAsync(Microsoft.Identity.Client.IAccount)">
<summary>
Removes all tokens in the cache for the specified account.
</summary>
<param name="account">Instance of the account that needs to be removed</param>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.RemoveAsync(Microsoft.Identity.Client.IAccount,System.Threading.CancellationToken)">
<summary>
Removes all tokens in the cache for the specified account.
</summary>
<param name="account">Instance of the account that needs to be removed</param>
<param name="cancellationToken">Cancellation token</param>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},System.String)">
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.ClientApplicationBase.Users">
<summary>
In MSAL 1.x returned an enumeration of <see cref="T:Microsoft.Identity.Client.IUser"/>. From MSAL 2.x, use <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountsAsync"/> instead.
See https://aka.ms/msal-net-2-released for more details.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.GetUser(System.String)">
<summary>
In MSAL 1.x, return a user from its identifier. From MSAL 2.x, use <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.GetAccountsAsync"/> instead.
See https://aka.ms/msal-net-2-released for more details.
</summary>
<param name="identifier">Identifier of the user to retrieve</param>
<returns>the user in the cache with the identifier passed as an argument</returns>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.Remove(Microsoft.Identity.Client.IUser)">
<summary>
In MSAL 1.x removed a user from the cache. From MSAL 2.x, use <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.RemoveAsync(Microsoft.Identity.Client.IAccount)"/> instead.
See https://aka.ms/msal-net-2-released for more details.
</summary>
<param name="user">User to remove from the cache</param>
</member>
<member name="P:Microsoft.Identity.Client.ClientApplicationBase.Component">
<summary>
Identifier of the component (libraries/SDK) consuming MSAL.NET.
This will allow for disambiguation between MSAL usage by the app vs MSAL usage by component libraries.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ClientApplicationBase.SliceParameters">
<summary>
Sets or Gets a custom query parameters that may be sent to the STS for dogfood testing or debugging. This is a string of segments
of the form <c>key=value</c> separated by an ampersand character.
Unless requested otherwise, this parameter should not be set by application developers as it may have adverse effect on the application.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ClientApplicationBase.ValidateAuthority">
<summary>
Gets/sets a boolean value telling the application if the authority needs to be verified against a list of known authorities. The default
value is <c>true</c>. It should currently be set to <c>false</c> for Azure AD B2C authorities as those are customer specific
(a list of known B2C authorities cannot be maintained by MSAL.NET). This property can be set just after the construction of the application
and before an operation acquiring a token or interacting with the STS.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ClientApplicationBase.RedirectUri">
<summary>
The redirect URI (also known as Reply URI or Reply URL), is the URI at which Azure AD will contact back the application with the tokens.
This redirect URI needs to be registered in the app registration (https://aka.ms/msal-net-register-app).
In MSAL.NET, <see cref="T:PublicClientApplication"/> define the following default RedirectUri values:
<list type="bullet">
<item><description><c>https://login.microsoftonline.com/common/oauth2/nativeclient</c> for desktop (.NET Framework and .NET Core) applications</description></item>
<item><description><c>msal{ClientId}</c> for Xamarin iOS and Xamarin Android (as this will be used by the system web browser by default on these
platforms to call back the application)
</description></item>
</list>
These default URIs could change in the future.
In Microsoft.Identity.Client.ConfidentialClientApplication, this can be the URL of the web application / web API.
</summary>
<remarks>This is especially important when you deploy an application that you have initially tested locally;
you then need to add the reply URL of the deployed application in the application registration portal</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ClientApplicationBase.ClientId">
<summary>
Gets the Client ID (also known as <i>Application ID</i>) of the application as registered in the application registration portal (https://aka.ms/msal-net-register-app)
and as passed in the constructor of the application
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,System.String,System.Boolean)">
<summary>
[V2 API] Attempts to acquire an access token for the <paramref name="account"/> from the user token cache, with advanced parameters controlling network call.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account for which the token is requested. <see cref="T:Microsoft.Identity.Client.IAccount"/></param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured in the application constructor
narrows down the selection to a specific tenant. This does not change the configured value in the application. This is specific
to applications managing several accounts (like a mail client with several mailboxes)</param>
<param name="forceRefresh">If <c>true</c>, ignore any access token in the cache and attempt to acquire new access token
using the refresh token for the account if this one is available. This can be useful in the case when the application developer wants to make
sure that conditional access policies are applied immediately, rather than after the expiration of the access token</param>
<returns>An <see cref="T:Microsoft.Identity.Client.AuthenticationResult"/> containing the requested access token</returns>
<exception cref="T:Microsoft.Identity.Client.MsalUiRequiredException">can be thrown in the case where an interaction is required with the end user of the application,
for instance, if no refresh token was in the cache,a or the user needs to consent, or re-sign-in (for instance if the password expired),
or performs two factor authentication</exception>
<remarks>
The access token is considered a match if it contains <b>at least</b> all the requested scopes. This means that an access token with more scopes than
requested could be returned as well. If the access token is expired or close to expiration (within a 5 minute window),
then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
See https://aka.ms/msal-net-acquiretokensilent for more details
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)">
<summary>
[V2 API] Attempts to acquire an access token for the <paramref name="account"/> from the user token cache.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account for which the token is requested. <see cref="T:Microsoft.Identity.Client.IAccount"/></param>
<returns>An <see cref="T:Microsoft.Identity.Client.AuthenticationResult"/> containing the requested token</returns>
<exception cref="T:Microsoft.Identity.Client.MsalUiRequiredException">can be thrown in the case where an interaction is required with the end user of the application,
for instance so that the user consents, or re-signs-in (for instance if the password expired), or performs two factor authentication</exception>
<remarks>
The access token is considered a match if it contains <b>at least</b> all the requested scopes.
This means that an access token with more scopes than requested could be returned as well. If the access token is expired or
close to expiration (within a 5 minute window), then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
See https://aka.ms/msal-net-acquiretokensilent for more details
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.ConfidentialClientApplication">
<inheritdoc cref="T:Microsoft.Identity.Client.IConfidentialClientApplication"/>
</member>
<member name="F:Microsoft.Identity.Client.ConfidentialClientApplication.AttemptRegionDiscovery">
<summary>
Instructs MSAL to try to auto discover the Azure region.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenByAuthorizationCode(System.Collections.Generic.IEnumerable{System.String},System.String)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenForClient(System.Collections.Generic.IEnumerable{System.String})">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOf(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.InitiateLongRunningProcessInWebApi(System.Collections.Generic.IEnumerable{System.String},System.String,System.String@)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenInLongRunningProcess(System.Collections.Generic.IEnumerable{System.String},System.String)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.StopLongRunningProcessInWebApiAsync(System.String,System.Threading.CancellationToken)">
<summary>
Stops an in-progress long-running on-behalf-of session by removing the tokens associated with the provided cache key.
See <see href="https://aka.ms/msal-net-long-running-obo">Long-running OBO in MSAL.NET</see>.
</summary>
<param name="longRunningProcessSessionKey">OBO cache key used to remove the tokens.</param>
<param name="cancellationToken">Cancellation token.</param>
<returns>True if tokens are removed from the cache; false, otherwise.</returns>
<exception cref="T:System.ArgumentNullException"><paramref name="longRunningProcessSessionKey"/> is not set.</exception>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.GetAuthorizationRequestUrl(System.Collections.Generic.IEnumerable{System.String})">
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.ConfidentialClientApplication.AppTokenCache">
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.ConfidentialClientApplication.Certificate">
<summary>
The certificate used to create this <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>, if any.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.#ctor(System.String,System.String,Microsoft.Identity.Client.ClientCredential,Microsoft.Identity.Client.TokenCache,Microsoft.Identity.Client.TokenCache)">
<summary>
[V2 API] Constructor for a confidential client application requesting tokens with the default authority (<see cref="F:Microsoft.Identity.Client.ApplicationBase.DefaultAuthority"/>)
</summary>
<param name="clientId">Client ID (also known as App ID) of the application as registered in the
application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED</param>
<param name="redirectUri">URL where the STS will call back the application with the security token. REQUIRED</param>
<param name="clientCredential">Credential, previously shared with Azure AD during the application registration and proving the identity
of the application. An instance of ClientCredential can be created either from an application secret, or a certificate. REQUIRED.</param>
<param name="userTokenCache">Token cache for saving user tokens. Can be set to null if the confidential client
application only uses the Client Credentials grants (that is requests token in its own name and not in the name of users).
Otherwise should be provided. REQUIRED</param>
<param name="appTokenCache">Token cache for saving application (that is client token). Can be set to <c>null</c> except if the application
uses the client credentials grants</param>
<remarks>
See https://aka.ms/msal-net-client-applications for a description of confidential client applications (and public client applications)
Client credential grants are overrides of <see cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenForClientAsync(System.Collections.Generic.IEnumerable{System.String})"/>
See also <see cref="T:ConfidentialClientApplicationBuilder"/> for the V3 API way of building a confidential client application
with a builder pattern. It offers building the application from configuration options, and a more fluid way of providing parameters.
</remarks>
<seealso cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> which
enables app developers to specify the authority
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.#ctor(System.String,System.String,System.String,Microsoft.Identity.Client.ClientCredential,Microsoft.Identity.Client.TokenCache,Microsoft.Identity.Client.TokenCache)">
<summary>
[V2 API] Constructor for a confidential client application requesting tokens with a specified authority
</summary>
<param name="clientId">Client ID (also named Application ID) of the application as registered in the
application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED</param>
<param name="authority">Authority of the security token service (STS) from which MSAL.NET will acquire the tokens.
Usual authorities are:
<list type="bullet">
<item><description><c>https://login.microsoftonline.com/tenant/</c>, where <c>tenant</c> is the tenant ID of the Azure AD tenant
or a domain associated with this Azure AD tenant, in order to sign-in users of a specific organization only</description></item>
<item><description><c>https://login.microsoftonline.com/common/</c> to sign-in users with any work and school accounts or Microsoft personal accounts</description></item>
<item><description><c>https://login.microsoftonline.com/organizations/</c> to sign-in users with any work and school accounts</description></item>
<item><description><c>https://login.microsoftonline.com/consumers/</c> to sign-in users with only personal Microsoft accounts(live)</description></item>
</list>
Note that this setting needs to be consistent with what is declared in the application registration portal
</param>
<param name="redirectUri">URL where the STS will call back the application with the security token. REQUIRED</param>
<param name="clientCredential">Credential, previously shared with Azure AD during the application registration and proving the identity
of the application. An instance of <see cref="T:Microsoft.Identity.Client.ClientCredential"/> can be created either from an application secret, or a certificate. REQUIRED.</param>
<param name="userTokenCache">Token cache for saving user tokens. Can be set to null if the confidential client
application only uses the Client Credentials grants (that is requests token in its own name and not in the name of users).
Otherwise should be provided. REQUIRED</param>
<param name="appTokenCache">Token cache for saving application (that is client token). Can be set to <c>null</c> except if the application
uses the client credentials grants</param>
<remarks>
See https://aka.ms/msal-net-client-applications for a description of confidential client applications (and public client applications)
Client credential grants are overrides of <see cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenForClientAsync(System.Collections.Generic.IEnumerable{System.String})"/>
See also <see cref="T:ConfidentialClientApplicationBuilder"/> for the V3 API way of building a confidential client application
with a builder pattern. It offers building the application from configuration options, and a more fluid way of providing parameters.
</remarks>
<seealso cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> which
enables app developers to create a confidential client application requesting tokens with the default authority.
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)">
<summary>
[V2 API] Acquires an access token for this application (usually a web API) from the authority configured in the application, in order to access
another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of).
This confidential client application was itself called with a token which will be provided in the
<paramref name="userAssertion">userAssertion</paramref> parameter.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="userAssertion">Instance of <see cref="T:Microsoft.Identity.Client.UserAssertion"/> containing credential information about
the user on behalf of whom to get a token.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
<seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion,System.String)"/> for the on-behalf-of flow when specifying the authority
<seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOf(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)"/> which is the corresponding V3 API.
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion,System.String)">
<summary>
[V2 API] Acquires an access token for this application (usually a web API) from a specific authority, in order to access
another downstream protected web API on behalf of a user (See https://aka.ms/msal-net-on-behalf-of).
This confidential client application was itself called with a token which will be provided in the
<paramref name="userAssertion">userAssertion</paramref> parameter.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="userAssertion">Instance of <see cref="T:Microsoft.Identity.Client.UserAssertion"/> containing credential information about
the user on behalf of whom to get a token.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
<seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)"/> for the on-behalf-of flow without specifying the authority
<seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOf(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)"/> which is the corresponding V3 API.
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.Microsoft#Identity#Client#IConfidentialClientApplicationWithCertificate#AcquireTokenOnBehalfOfWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)">
<summary>
[V2 API] Acquires an access token for this application (usually a web API) from the authority configured in the application, in order to access
another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of).
This confidential client application was itself called with a token which will be provided in the
<paramref name="userAssertion">userAssertion</paramref> parameter.
This override sends the certificate, which helps certificate rotation in Azure AD
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="userAssertion">Instance of <see cref="T:Microsoft.Identity.Client.UserAssertion"/> containing credential information about
the user on behalf of whom to get a token.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
<seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOf(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)"/> which is the corresponding V3 API
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.Microsoft#Identity#Client#IConfidentialClientApplicationWithCertificate#AcquireTokenOnBehalfOfWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion,System.String)">
<summary>
[V2 API] Acquires an access token for this application (usually a web API) from a specific authority, in order to access
another downstream protected web API on behalf of a user (See https://aka.ms/msal-net-on-behalf-of).
This confidential client application was itself called with a token which will be provided in the
This override sends the certificate, which helps certificate rotation in Azure AD
<paramref name="userAssertion">userAssertion</paramref> parameter.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="userAssertion">Instance of <see cref="T:Microsoft.Identity.Client.UserAssertion"/> containing credential information about
the user on behalf of whom to get a token.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
<seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenOnBehalfOf(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)"/> which is the corresponding V3 API
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenByAuthorizationCodeAsync(System.String,System.Collections.Generic.IEnumerable{System.String})">
<summary>
[V2 API] Acquires a security token from the authority configured in the app using the authorization code previously received from the STS. It uses
the OAuth 2.0 authorization code flow (See https://aka.ms/msal-net-authorization-code).
It's usually used in web apps (for instance ASP.NET / ASP.NET Core web apps) which sign-in users, and therefore receive an authorization code.
This method does not lookup the token cache, but stores the result in it, so it can be looked up using other methods
such as <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/>.
</summary>
<param name="authorizationCode">The authorization code received from service authorization endpoint.</param>
<param name="scopes">Scopes requested to access a protected API</param>
<returns>Authentication result containing token of the user for the requested scopes</returns>
<seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenByAuthorizationCode(System.Collections.Generic.IEnumerable{System.String},System.String)"/> which is the corresponding V2 API
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenForClientAsync(System.Collections.Generic.IEnumerable{System.String})">
<summary>
[V3 API] Acquires a token from the authority configured in the app, for the confidential client itself (in the name of no user)
using the client credentials flow. (See https://aka.ms/msal-net-client-credentials)
</summary>
<param name="scopes">scopes requested to access a protected API. For this flow (client credentials), the scopes
should be of the form "{ResourceIdUri/.default}" for instance <c>https://management.azure.net/.default</c> or, for Microsoft
Graph, <c>https://graph.microsoft.com/.default</c> as the requested scopes are really defined statically at application registration
in the portal, and cannot be overridden in the application. See also </param>
<returns>Authentication result containing the token of the user for the requested scopes</returns>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenForClientAsync(System.Collections.Generic.IEnumerable{System.String},System.Boolean)">
<summary>
[V2 API] Acquires a token from the authority configured in the app, for the confidential client itself (in the name of no user)
using the client credentials flow. (See https://aka.ms/msal-net-client-credentials)
</summary>
<param name="scopes">Scopes requested to access a protected API. For this flow (client credentials), the scopes
should be of the form "{ResourceIdUri/.default}" for instance <c>https://management.azure.net/.default</c> or, for Microsoft
Graph, <c>https://graph.microsoft.com/.default</c> as the requested scopes are really defined statically at application registration
in the portal, and cannot be overridden in the application</param>
<param name="forceRefresh">If <c>true</c>, API will ignore the access token in the cache and attempt to acquire new access token using client credentials.
This override can be used in case the application knows that conditional access policies changed</param>
<returns>Authentication result containing token of the user for the requested scopes</returns>
<seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenForClient(System.Collections.Generic.IEnumerable{System.String})"/> which is the corresponding V3 API
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.Microsoft#Identity#Client#IConfidentialClientApplicationWithCertificate#AcquireTokenForClientWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String})">
<summary>
[V2 API] Acquires token from the service for the confidential client using the client credentials flow. (See https://aka.ms/msal-net-client-credentials)
This method enables application developers to achieve easy certificate roll-over
in Azure AD: this method will send the public certificate to Azure AD
along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
This saves the application admin from the need to explicitly manage the certificate rollover
(either via portal or PowerShell/CLI operation)
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<returns>Authentication result containing application token for the requested scopes</returns>
<seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenForClient(System.Collections.Generic.IEnumerable{System.String})"/> which is the corresponding V3 API
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.Microsoft#Identity#Client#IConfidentialClientApplicationWithCertificate#AcquireTokenForClientWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String},System.Boolean)">
<summary>
[V2 API] Acquires token from the service for the confidential client using the client credentials flow. (See https://aka.ms/msal-net-client-credentials)
This method attempts to look up valid access token in the cache unless<paramref name="forceRefresh"/> is true
This method enables application developers to achieve easy certificate roll-over
in Azure AD: this method will send the public certificate to Azure AD
along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
This saves the application admin from the need to explicitly manage the certificate rollover
(either via portal or PowerShell/CLI operation)
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="forceRefresh">If TRUE, API will ignore the access token in the cache and attempt to acquire new access token using client credentials</param>
<returns>Authentication result containing application token for the requested scopes</returns>
<seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.AcquireTokenForClient(System.Collections.Generic.IEnumerable{System.String})"/> which is the corresponding V3 API
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.Microsoft#Identity#Client#IByRefreshToken#AcquireTokenByRefreshTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Acquires an access token from an existing refresh token and stores it and the refresh token into
the application user token cache, where it will be available for further AcquireTokenSilentAsync calls.
This method can be used in migration to MSAL from ADAL v2 and in various integration
scenarios where you have a RefreshToken available.
(see https://aka.ms/msal-net-migration-adal2-msal2)
</summary>
<param name="scopes">Scope to request from the token endpoint.
Setting this to null or empty will request an access token, refresh token and ID token with default scopes</param>
<param name="refreshToken">The refresh token (for example previously obtained from ADAL 2.x)</param>
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.GetAuthorizationRequestUrlAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)">
<summary>
[V2 API] Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in
the user's name. The URL targets the /authorize endpoint of the authority configured in the application.
This override enables you to specify a login hint and extra query parameter.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="loginHint">Identifier of the user. Generally a UPN. This can be empty</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<returns>URL of the authorize endpoint including the query parameters.</returns>
<seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.GetAuthorizationRequestUrl(System.Collections.Generic.IEnumerable{System.String})"/> which is the corresponding V3 API
</member>
<member name="M:Microsoft.Identity.Client.ConfidentialClientApplication.GetAuthorizationRequestUrlAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.String,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
[V2 API] Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in
the user's name. The URL targets the /authorize endpoint of the authority specified as the <paramref name="authority"/> parameter.
This override enables you to specify a redirectUri, login hint extra query parameters, extra scope to consent (which are not for the
same resource as the <paramref name="scopes"/>), and an authority.
</summary>
<param name="scopes">Scopes requested to access a protected API (a resource)</param>
<param name="redirectUri">Address to return to upon receiving a response from the authority.</param>
<param name="loginHint">Identifier of the user. Generally a UPN.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="extraScopesToConsent">Scopes for additional resources (other than the resource for which <paramref name="scopes"/> are requested),
which a developer can request the user to consent to upfront.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<returns>URL of the authorize endpoint including the query parameters.</returns>
<seealso cref="M:Microsoft.Identity.Client.ConfidentialClientApplication.GetAuthorizationRequestUrl(System.Collections.Generic.IEnumerable{System.String})"/> which is the corresponding V3 API
</member>
<member name="T:Microsoft.Identity.Client.DeviceCodeResult">
<summary>
This object is returned as part of the device code flow
and has information intended to be shown to the user about
where to navigate to login and what the device code needs
to be entered on that device.
See https://aka.ms/msal-device-code-flow.
</summary>
<seealso cref="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenWithDeviceCode(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})"> and
the other overrides
</seealso>
</member>
<member name="P:Microsoft.Identity.Client.DeviceCodeResult.UserCode">
<summary>
User code returned by the service
</summary>
</member>
<member name="P:Microsoft.Identity.Client.DeviceCodeResult.DeviceCode">
<summary>
Device code returned by the service
</summary>
</member>
<member name="P:Microsoft.Identity.Client.DeviceCodeResult.VerificationUrl">
<summary>
Verification URL where the user must navigate to authenticate using the device code and credentials.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.DeviceCodeResult.ExpiresOn">
<summary>
Time when the device code will expire.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.DeviceCodeResult.Interval">
<summary>
Polling interval time to check for completion of authentication flow.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.DeviceCodeResult.Message">
<summary>
User friendly text response that can be used for display purpose.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.DeviceCodeResult.ClientId">
<summary>
Identifier of the client requesting device code.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.DeviceCodeResult.Scopes">
<summary>
List of the scopes that would be held by token.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension">
<summary>
Extensions for all AcquireToken methods
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.OnBeforeTokenRequest``1(Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder{``0},System.Func{Microsoft.Identity.Client.Extensibility.OnBeforeTokenRequestData,System.Threading.Tasks.Task})">
<summary>
Intervenes in the request pipeline, by executing a user provided delegate before MSAL makes the token request.
The delegate can modify the request payload by adding or removing body parameters and headers. <see cref="T:Microsoft.Identity.Client.Extensibility.OnBeforeTokenRequestData"/>
</summary>
<typeparam name="T"></typeparam>
<param name="builder">The builder to chain options to</param>
<param name="onBeforeTokenRequestHandler">An async delegate which gets invoked just before MSAL makes a token request</param>
<returns>The builder to chain other options to.</returns>
</member>
<member name="M:Microsoft.Identity.Client.Extensibility.AbstractConfidentialClientAcquireTokenParameterBuilderExtension.WithProofOfPosessionKeyId``1(Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder{``0},System.String,System.String)">
<summary>
Binds the token to a key in the cache.No cryptographic operations is performed on the token.
</summary>
<typeparam name="T"></typeparam>
<param name="builder">The builder to chain options to</param>
<param name="keyId">A key id to which the access token is associated. The token will not be retrieved from the cache unless the same key id is presented. Can be null.</param>
<param name="expectedTokenTypeFromAad">AAD issues several types of bound tokens. MSAL checks the token type, which needs to match the value set by ESTS. Normal POP tokens have this as "pop"</param>
<returns>the builder</returns>
</member>
<member name="T:Microsoft.Identity.Client.Extensibility.AcquireTokenForClientBuilderExtensions">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Extensibility.AcquireTokenForClientBuilderExtensions.WithProofOfPosessionKeyId(Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder,System.String,System.String)">
<summary>
Binds the token to a key in the cache. L2 cache keys contain the key id.
No cryptographic operations is performed on the token.
</summary>
<param name="builder"></param>
<param name="keyId">A key id to which the access token is associated. The token will not be retrieved from the cache unless the same key id is presented. Can be null.</param>
<param name="expectedTokenTypeFromAad">AAD issues several types of bound tokens. MSAL checks the token type, which needs to match the value set by ESTS. Normal POP tokens have this as "pop"</param>
<returns>the builder</returns>
</member>
<member name="T:Microsoft.Identity.Client.Extensibility.AcquireTokenInteractiveParameterBuilderExtensions">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Extensibility.AcquireTokenInteractiveParameterBuilderExtensions.WithCustomWebUi(Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder,Microsoft.Identity.Client.Extensibility.ICustomWebUi)">
<summary>
Extension method enabling MSAL.NET extenders for public client applications to set a custom web UI
that will let the user sign-in with Azure AD, present consent if needed, and get back the authorization
code
</summary>
<param name="builder">Builder for an AcquireTokenInteractive</param>
<param name="customWebUi">Customer implementation for the Web UI</param>
<returns>the builder to be able to chain .With methods</returns>
</member>
<member name="T:Microsoft.Identity.Client.Extensibility.AcquireTokenOnBehalfOfParameterBuilderExtensions">
<summary>
Extension methods for the <see cref="T:Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder" />
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Extensibility.AcquireTokenOnBehalfOfParameterBuilderExtensions.WithSearchInCacheForLongRunningProcess(Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder,System.Boolean)">
<summary>
Only affects <see cref="M:Microsoft.Identity.Client.ILongRunningWebApi.InitiateLongRunningProcessInWebApi(System.Collections.Generic.IEnumerable{System.String},System.String,System.String@)"/>.
When enabled, mimics MSAL 4.50.0 and below behavior - checks in cache for cached tokens first,
and if not found, then uses user assertion to request new tokens from AAD.
When disabled (default behavior), doesn't search in cache, but uses the user assertion to retrieve tokens from AAD.
</summary>
<remarks>
This method should only be used in specific cases for backwards compatibility. For most cases, rely on the default behavior
of <see cref="M:Microsoft.Identity.Client.ILongRunningWebApi.InitiateLongRunningProcessInWebApi(System.Collections.Generic.IEnumerable{System.String},System.String,System.String@)"/> and
<see cref="M:Microsoft.Identity.Client.ILongRunningWebApi.AcquireTokenInLongRunningProcess(System.Collections.Generic.IEnumerable{System.String},System.String)"/> described in https://aka.ms/msal-net-long-running-obo .
</remarks>
<param name="builder"></param>
<param name="searchInCache">Whether to search in cache.</param>
<returns>The builder to chain the .With methods</returns>
</member>
<member name="T:Microsoft.Identity.Client.Extensibility.AppTokenProviderParameters">
<summary>
The authentication parameters provided to the app token provider callback.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Extensibility.AppTokenProviderParameters.Scopes">
<summary>
Specifies which scopes to request.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Extensibility.AppTokenProviderParameters.CorrelationId">
<summary>
Correlation id of the authentication request.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Extensibility.AppTokenProviderParameters.Claims">
<summary>
A string with one or multiple claims.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Extensibility.AppTokenProviderParameters.TenantId">
<summary>
Tenant id of the
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Extensibility.AppTokenProviderParameters.CancellationToken">
<summary>
Used to cancel the authentication attempt made by the token provider
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Extensibility.AppTokenProviderResult">
<summary>
Token result from external app token provider
</summary>
<remarks>
This is part of an extensibility mechanism designed to be used by Azure SDK in order to
enhance managed identity support.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.Extensibility.AppTokenProviderResult.AccessToken">
<summary>
The actual token, usually in JWT format
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Extensibility.AppTokenProviderResult.ExpiresInSeconds">
<summary>
Expiration of token
</summary>
<remarks>Mandatory</remarks>
</member>
<member name="P:Microsoft.Identity.Client.Extensibility.AppTokenProviderResult.RefreshInSeconds">
<summary>
When the token should be refreshed.
</summary>
<remarks>If not set, MSAL will set it to half of the expiry time if that time is longer than 2 hours.</remarks>
</member>
<member name="T:Microsoft.Identity.Client.Extensibility.ConfidentialClientApplicationBuilderExtensions">
<summary>
Extensibility methods for <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplicationBuilder"/>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Extensibility.ConfidentialClientApplicationBuilderExtensions.WithAppTokenProvider(Microsoft.Identity.Client.ConfidentialClientApplicationBuilder,System.Func{Microsoft.Identity.Client.Extensibility.AppTokenProviderParameters,System.Threading.Tasks.Task{Microsoft.Identity.Client.Extensibility.AppTokenProviderResult}})">
<summary>
Allows setting a callback which returns an access token, based on the passed-in parameters.
MSAL will pass in its authentication parameters to the callback and it is expected that the callback
will construct a <see cref="T:Microsoft.Identity.Client.Extensibility.AppTokenProviderResult"/> and return it to MSAL.
MSAL will cache the token response the same way it does for other authentication results.
</summary>
<remarks>This is part of an extensibility mechanism designed to be used only by Azure SDK in order to
enhance managed identity support. Only client_credential flow is supported.</remarks>
</member>
<member name="T:Microsoft.Identity.Client.Extensibility.ConfidentialClientApplicationExtensions">
<summary>
Extensibility methods for <see cref="T:Microsoft.Identity.Client.IConfidentialClientApplication"/>.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Extensibility.ConfidentialClientApplicationExtensions.StopLongRunningProcessInWebApiAsync(Microsoft.Identity.Client.ILongRunningWebApi,System.String,System.Threading.CancellationToken)">
<summary>
Stops an in-progress long-running on-behalf-of session by removing the tokens associated with the provided cache key.
See <see href="https://aka.ms/msal-net-long-running-obo">Long-running OBO in MSAL.NET</see>.
</summary>
<param name="clientApp">Client application to remove tokens from.</param>
<param name="longRunningProcessSessionKey">OBO cache key used to remove the tokens.</param>
<param name="cancellationToken">Cancellation token.</param>
<returns>True if tokens are removed from the cache; false, otherwise.</returns>
<exception cref="T:System.ArgumentNullException"><paramref name="longRunningProcessSessionKey"/> is not set.</exception>
</member>
<member name="T:Microsoft.Identity.Client.Extensibility.ICustomWebUi">
<summary>
Interface that an MSAL.NET extender can implement to provide their own web UI in public client applications
to sign-in user and have them consented part of the Authorization code flow.
MSAL.NET provides an embedded web view for Windows and Mac, but there are other scenarios not yet supported.
This extensibility point enables them to provide such UI in a secure way
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Extensibility.ICustomWebUi.AcquireAuthorizationCodeAsync(System.Uri,System.Uri,System.Threading.CancellationToken)">
<summary>
Method called by MSAL.NET to delegate the authentication code web with the Secure Token Service (STS)
</summary>
<param name="authorizationUri"> URI computed by MSAL.NET that will let the UI extension
navigate to the STS authorization endpoint in order to sign-in the user and have them consent
</param>
<param name="redirectUri">The redirect URI that was configured. The auth code will be appended to this redirect URI and the browser
will redirect to it.
</param>
<param name="cancellationToken">The cancellation token to which you should respond to.
See <see href="https://learn.microsoft.com/dotnet/standard/parallel-programming/task-cancellation">Task cancellation</see> for details.
</param>
<returns> The URI returned back from the STS authorization endpoint. This URI contains a code=CODE
parameters that MSAL.NET will extract and redeem.
</returns>
<remarks>
The <paramref name="authorizationUri">authorizationUri</paramref>"/> is crafted to
leverage PKCE in order to protect the token from a man in the middle attack.
Only MSAL.NET can redeem the code.
In the event of cancellation, the implementer should return OperationCanceledException.
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.Extensibility.OnBeforeTokenRequestData">
<summary>
Authentication request details
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Extensibility.OnBeforeTokenRequestData.#ctor(System.Collections.Generic.IDictionary{System.String,System.String},System.Collections.Generic.IDictionary{System.String,System.String},System.Uri,System.Threading.CancellationToken)">
<summary>
Constructor.
</summary>
<remarks>Apps should not have to use this constructor. It is provided for testability purposes.</remarks>
</member>
<member name="P:Microsoft.Identity.Client.Extensibility.OnBeforeTokenRequestData.BodyParameters">
<summary>
Parameters which will be sent in the request body, as POST parameters.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Extensibility.OnBeforeTokenRequestData.Headers">
<summary>
Headers which will be sent with the request.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Extensibility.OnBeforeTokenRequestData.RequestUri">
<summary>
The token endpoint, including any query parameters, where the request is being sent to.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Extensibility.OnBeforeTokenRequestData.CancellationToken">
<summary>
The cancellation token associated with the request
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Advanced.AcquireTokenParameterBuilderExtensions">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Advanced.AcquireTokenParameterBuilderExtensions.WithExtraHttpHeaders``1(Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder{``0},System.Collections.Generic.IDictionary{System.String,System.String})">
<summary>
Adds additional Http Headers to the token request.
</summary>
<param name="builder">Parameter builder for a acquiring tokens.</param>
<param name="extraHttpHeaders">additional Http Headers to add to the token request.</param>
<returns></returns>
</member>
<member name="T:Microsoft.Identity.Client.PublicClientApplicationExtensions">
<summary>
Extensibility methods for <see cref="T:Microsoft.Identity.Client.IPublicClientApplication"/>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplicationExtensions.IsProofOfPossessionSupportedByClient(Microsoft.Identity.Client.IPublicClientApplication)">
<summary>
Used to determine if the currently available broker is able to perform Proof-of-Possession.
</summary>
<returns>Boolean indicating if Proof-of-Possession is supported</returns>
</member>
<member name="T:Microsoft.Identity.Client.SSHCertificates.SSHExtensions">
<summary>
Extensions that add support for SSH certificates
</summary>
</member>
<member name="M:Microsoft.Identity.Client.SSHCertificates.SSHExtensions.WithSSHCertificateAuthenticationScheme(Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder,System.String,System.String)">
<summary>
Instructs AAD to return an SSH certificate instead of a Bearer token. The SSH certificate
(not the same as public / private key pair used by SSH), can be used to securely deploy
a public SSH key to a machine. See https://aka.ms/msal-net-ssh for details.
</summary>
<param name="builder">Interactive authentication builder</param>
<param name="publicKeyJwk">The public SSH key in JWK format (https://tools.ietf.org/html/rfc7517).
Currently only RSA is supported, and the JWK should contain only the RSA modulus and exponent</param>
<param name="keyId">A key identifier, it can be in any format. Used to distinguish between
different keys when fetching an SSH certificate from the token cache.</param>
</member>
<member name="M:Microsoft.Identity.Client.SSHCertificates.SSHExtensions.WithSSHCertificateAuthenticationScheme(Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder,System.String,System.String)">
<summary>
Instructs AAD to return an SSH certificate instead of a Bearer token. Attempts to retrieve
the certificate from the token cache, and if one is not found, attempts to acquire one silently,
using the refresh token. See https://aka.ms/msal-net-ssh for details.
</summary>
<remarks>
The same keyID must be used to distinguish between various
</remarks>
<param name="builder">Silent authentication builder</param>
<param name="publicKeyJwk">The public SSH key in JWK format (https://tools.ietf.org/html/rfc7517).
Currently only RSA is supported, and the JWK should contain only the RSA modulus and exponent</param>
<param name="keyId"></param>
<returns></returns>
</member>
<member name="T:Microsoft.Identity.Client.Http.HttpManager">
<remarks>
We invoke this class from different threads and they all use the same HttpClient.
To prevent race conditions, make sure you do not get / set anything on HttpClient itself,
instead rely on HttpRequest objects which are thread specific.
In particular, do not change any properties on HttpClient such as BaseAddress, buffer sizes and Timeout. You should
also not access DefaultRequestHeaders because the getters are not thread safe (use HttpRequestMessage.Headers instead).
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Http.HttpManager.SendGetForceResponseAsync(System.Uri,System.Collections.Generic.IDictionary{System.String,System.String},Microsoft.Identity.Client.Core.ILoggerAdapter,System.Boolean,System.Threading.CancellationToken)">
<summary>
Performs the GET request just like <see cref="M:Microsoft.Identity.Client.Http.HttpManager.SendGetAsync(System.Uri,System.Collections.Generic.IDictionary{System.String,System.String},Microsoft.Identity.Client.Core.ILoggerAdapter,System.Boolean,System.Threading.CancellationToken)"/>
but does not throw a ServiceUnavailable service exception. Instead, it returns the <see cref="T:Microsoft.Identity.Client.Http.HttpResponse"/> associated
with the request.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Http.HttpManager.SendPostForceResponseAsync(System.Uri,System.Collections.Generic.IDictionary{System.String,System.String},System.Collections.Generic.IDictionary{System.String,System.String},Microsoft.Identity.Client.Core.ILoggerAdapter,System.Threading.CancellationToken)">
<summary>
Performs the POST request just like <see cref="M:Microsoft.Identity.Client.Http.HttpManager.SendPostAsync(System.Uri,System.Collections.Generic.IDictionary{System.String,System.String},System.Collections.Generic.IDictionary{System.String,System.String},Microsoft.Identity.Client.Core.ILoggerAdapter,System.Threading.CancellationToken)"/>
but does not throw a ServiceUnavailable service exception. Instead, it returns the <see cref="T:Microsoft.Identity.Client.Http.HttpResponse"/> associated
with the request.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Http.HttpManager.SendPostForceResponseAsync(System.Uri,System.Collections.Generic.IDictionary{System.String,System.String},System.Net.Http.StringContent,Microsoft.Identity.Client.Core.ILoggerAdapter,System.Threading.CancellationToken)">
<summary>
Performs the POST request just like <see cref="M:Microsoft.Identity.Client.Http.HttpManager.SendPostAsync(System.Uri,System.Collections.Generic.IDictionary{System.String,System.String},System.Net.Http.HttpContent,Microsoft.Identity.Client.Core.ILoggerAdapter,System.Threading.CancellationToken)"/>
but does not throw a ServiceUnavailable service exception. Instead, it returns the <see cref="T:Microsoft.Identity.Client.Http.HttpResponse"/> associated
with the request.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Http.HttpManager.IsRetryableStatusCode(System.Int32)">
<summary>
In HttpManager, the retry policy is based on this simple condition.
Avoid changing this, as it's breaking change.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Http.HttpManagerFactory">
<summary>
Factory to return the instance of HttpManager based on retry configuration and type of MSAL application.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Http.HttpManagerManagedIdentity">
<remarks>
HTTP Manager specific to managed identity to implement the retry for specific HTTP status codes.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Http.HttpManagerManagedIdentity.IsRetryableStatusCode(System.Int32)">
<summary>
Retry policy specific to managed identity flow.
Avoid changing this, as it's breaking change.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Http.HttpManagerWithRetry">
<remarks>
We invoke this class from different threads and they all use the same HttpClient.
To prevent race conditions, make sure you do not get / set anything on HttpClient itself,
instead rely on HttpRequest objects which are thread specific.
In particular, do not change any properties on HttpClient such as BaseAddress, buffer sizes and Timeout. You should
also not access DefaultRequestHeaders because the getters are not thread safe (use HttpRequestMessage.Headers instead).
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Http.HttpManagerWithRetry.SendPostAsync(System.Uri,System.Collections.Generic.IDictionary{System.String,System.String},System.Net.Http.HttpContent,Microsoft.Identity.Client.Core.ILoggerAdapter,System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.Http.HttpManagerWithRetry.SendGetAsync(System.Uri,System.Collections.Generic.IDictionary{System.String,System.String},Microsoft.Identity.Client.Core.ILoggerAdapter,System.Boolean,System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.Http.HttpManagerWithRetry.SendGetForceResponseAsync(System.Uri,System.Collections.Generic.IDictionary{System.String,System.String},Microsoft.Identity.Client.Core.ILoggerAdapter,System.Boolean,System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.Http.HttpManagerWithRetry.SendPostForceResponseAsync(System.Uri,System.Collections.Generic.IDictionary{System.String,System.String},System.Collections.Generic.IDictionary{System.String,System.String},Microsoft.Identity.Client.Core.ILoggerAdapter,System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.Http.HttpManagerWithRetry.SendPostForceResponseAsync(System.Uri,System.Collections.Generic.IDictionary{System.String,System.String},System.Net.Http.StringContent,Microsoft.Identity.Client.Core.ILoggerAdapter,System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.Http.RedirectUriHelper.Validate(System.Uri,System.Boolean)">
<summary>
Check common redirect URI problems.
Optionally check that the redirect URI is not the OAuth2 standard redirect URI https://login.microsoftonline.com/common/oauth2/nativeclientb
when using a system browser, because the browser cannot redirect back to the app.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.IAccount">
<summary>
The IAccount interface represents information about a single account.
The same user can be present in different tenants, that is, a user can have multiple accounts.
An <c>IAccount</c> is returned in the <see cref="T:Microsoft.Identity.Client.AuthenticationResult"/>.<see cref="P:Microsoft.Identity.Client.AuthenticationResult.Account"/> property, and can be used as parameters
of PublicClientApplication and ConfidentialClientApplication methods acquiring tokens such as <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IAccount.Username">
<summary>
Gets a string containing the displayable value in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c>.
This can be null.
</summary>
<remarks>This property replaces the <c>DisplayableId</c> property of <c>IUser</c> in previous versions of MSAL.NET</remarks>
</member>
<member name="P:Microsoft.Identity.Client.IAccount.Environment">
<summary>
Gets a string containing the identity provider for this account, e.g. <c>login.microsoftonline.com</c>.
</summary>
<remarks>This property replaces the <c>IdentityProvider</c> property of <c>IUser</c> in previous versions of MSAL.NET
except that IdentityProvider was a URL with information about the tenant (in addition to the cloud environment), whereas Environment is only the <see cref="P:System.Uri.Host"/></remarks>
</member>
<member name="P:Microsoft.Identity.Client.IAccount.HomeAccountId">
<summary>
AccountId of the home account for the user. This uniquely identifies the user across AAD tenants.
</summary>
<remarks>Can be null, for example if this account was migrated to MSAL.NET from ADAL.NET v3's token cache</remarks>
</member>
<member name="T:Microsoft.Identity.Client.IApplicationBase">
<summary>
Interface used for creation of client applications. For details see https://aka.ms/msal-net-client-applications.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.IByRefreshToken">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.IByRefreshToken.AcquireTokenByRefreshToken(System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Acquires an access token from an existing refresh token and stores it, and the refresh token, in
the user token cache, where it will be available for further AcquireTokenSilent calls.
This method can be used in migration to MSAL from ADAL v2, and in various integration
scenarios where you have a RefreshToken available.
See https://aka.ms/msal-net-migration-adal2-msal2.
</summary>
<param name="scopes">Scope to request from the token endpoint.
Setting this to null or empty will request an access token, refresh token and ID token with default scopes</param>
<param name="refreshToken">The refresh token from ADAL 2.x</param>
<returns>A builder enabling you to add optional parameters before executing the token request</returns>
</member>
<member name="M:Microsoft.Identity.Client.IByRefreshToken.AcquireTokenByRefreshTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Acquires an access token from an existing refresh token and stores it and the refresh token into
the user token cache, where it will be available for further AcquireTokenSilentAsync calls.
This method can be used in migration to MSAL from ADAL v2 and in various integration
scenarios where you have a RefreshToken available.
(see https://aka.ms/msal-net-migration-adal2-msal2)
</summary>
<param name="scopes">Scope to request from the token endpoint.
Setting this to null or empty will request an access token, refresh token and ID token with default scopes</param>
<param name="refreshToken">The refresh token from ADAL 2.x</param>
</member>
<member name="T:Microsoft.Identity.Client.IClientApplicationBase">
<inheritdoc/>
<summary>
Interface defining common API methods and properties. Both <see cref="T:PublicClientApplication"/> and <see cref="T:ConfidentialClientApplication"/>
extend this class. For details see https://aka.ms/msal-net-client-applications
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IClientApplicationBase.AppConfig">
<summary>
Details on the configuration of the ClientApplication for debugging purposes.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IClientApplicationBase.UserTokenCache">
<summary>
User token cache which holds ID tokens, access tokens, and refresh tokens for accounts. It's used
and updated silently if needed when calling <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/>
It is updated by each acquire token method, with the exception of <see cref="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenForClient(System.Collections.Generic.IEnumerable{System.String})"/> which only uses the application
cache (see <see cref="P:Microsoft.Identity.Client.IConfidentialClientApplication.AppTokenCache"/>).
</summary>
<remarks>On .NET Framework and .NET Core you can also customize the token cache serialization.
See https://aka.ms/msal-net-token-cache-serialization. This is taken care of by MSAL.NET on mobile platforms.
It is recommended to use token cache serialization for web site and web api scenarios.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.IClientApplicationBase.Authority">
<summary>
Gets the URL of the authority, or the security token service (STS) from which MSAL.NET will acquire security tokens.
The return value of this property is either the value provided by the developer in the constructor of the application, or otherwise
the value of the <see cref="F:Microsoft.Identity.Client.ApplicationBase.DefaultAuthority"/> static member (that is <c>https://login.microsoftonline.com/common/</c>)
</summary>
</member>
<member name="M:Microsoft.Identity.Client.IClientApplicationBase.GetAccountsAsync">
<summary>
Returns all the available <see cref="T:Microsoft.Identity.Client.IAccount">accounts</see> in the user token cache for the application.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.IClientApplicationBase.GetAccountAsync(System.String)">
<summary>
Get the <see cref="T:Microsoft.Identity.Client.IAccount"/> by its identifier among the accounts available in the token cache and of the same
environment (authority host) as <see cref="P:Microsoft.Identity.Client.IClientApplicationBase.Authority"/>.
</summary>
<param name="identifier">Account identifier. The value of the identifier will probably have been stored value from the
value of the <see cref="P:Microsoft.Identity.Client.AccountId.Identifier"/> property of <see cref="T:Microsoft.Identity.Client.AccountId"/>.
You typically get the account ID from an <see cref="T:Microsoft.Identity.Client.IAccount"/> by using the <see cref="P:Microsoft.Identity.Client.IAccount.HomeAccountId"/> property.</param>
</member>
<member name="M:Microsoft.Identity.Client.IClientApplicationBase.GetAccountsAsync(System.String)">
<summary>
Only for Azure AD B2C scenarios, get the <see cref="T:Microsoft.Identity.Client.IAccount"/> collection by its identifier
among the accounts available in the token cache based on the user flow.
</summary>
<param name="userFlow">The identifier is the user flow being targeted by the specific B2C authority.</param>
</member>
<member name="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)">
<summary>
Attempts to acquire an access token for the <paramref name="account"/> from the user token cache,
with advanced parameters controlling the network call. See <see href="https://aka.ms/msal-net-acquiretokensilent">Acquire tokens silently</see>.
</summary>
<param name="scopes">Scopes requested to access a protected API.</param>
<param name="account">Account for which the token is requested. <see cref="T:Microsoft.Identity.Client.IAccount"/></param>
<returns>An <see cref="T:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder"/> used to build the token request, adding optional
parameters.</returns>
<exception cref="T:Microsoft.Identity.Client.MsalUiRequiredException">When an interaction is required with the end user of the application,
for instance, if no refresh token was in the cache; the user needs to consent or to re-sign-in (for instance if the password expired);
or the user needs to perform two factor authentication.</exception>
<remarks>
The access token is considered a match if it contains <b>at least</b> all the requested scopes. This means that an access token with more scopes than
requested could be returned as well. If the access token is expired or close to expiration (within a 5 minute window),
then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Attempts to acquire an access token for the <paramref name="loginHint"/> from the user token cache,
with advanced parameters controlling the network call. See <see href="https://aka.ms/msal-net-acquiretokensilent">Acquire tokens silently</see>.
</summary>
<param name="scopes">Scopes requested to access a protected API.</param>
<param name="loginHint">Typically the username, in UPN format, e.g. <c>johnd@contoso.com</c>.</param>
<returns>An <see cref="T:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder"/> used to build the token request, adding optional
parameters.</returns>
<exception cref="T:Microsoft.Identity.Client.MsalUiRequiredException">When an interaction is required with the end user of the application,
for instance, if no refresh token was in the cache; the user needs to consent or to re-sign-in (for instance if the password expired);
or the user needs to perform two factor authentication.</exception>
<remarks>
The access token is considered a match if it contains <b>at least</b> all the requested scopes. This means that an access token with more scopes than
requested could be returned as well. If the access token is expired or close to expiration (within a 5 minute window),
then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.IClientApplicationBase.RemoveAsync(Microsoft.Identity.Client.IAccount)">
<summary>
Removes all tokens in the cache for the specified account.
</summary>
<param name="account">Instance of the account that needs to be removed.</param>
</member>
<member name="P:Microsoft.Identity.Client.IClientApplicationBase.Users">
<summary>
In MSAL 1.x returned an enumeration of <see cref="T:Microsoft.Identity.Client.IUser"/>. From MSAL 2.x, use <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.GetAccountsAsync"/> instead.
See https://aka.ms/msal-net-2-released for more details.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.IClientApplicationBase.GetUser(System.String)">
<summary>
In MSAL 1.x, return a user from its identifier. From MSAL 2.x, use <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.GetAccountsAsync"/> instead.
See https://aka.ms/msal-net-2-released for more details.
</summary>
<param name="identifier">Identifier of the user to retrieve</param>
<returns>the user in the cache with the identifier passed as an argument</returns>
</member>
<member name="M:Microsoft.Identity.Client.IClientApplicationBase.Remove(Microsoft.Identity.Client.IUser)">
<summary>
In MSAL 1.x removed a user from the cache. From MSAL 2.x, use <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.RemoveAsync(Microsoft.Identity.Client.IAccount)"/> instead.
See https://aka.ms/msal-net-2-released for more details.
</summary>
<param name="user">User to remove from the cache</param>
</member>
<member name="P:Microsoft.Identity.Client.IClientApplicationBase.Component">
<summary>
Identifier of the component (libraries/SDK) consuming MSAL.NET.
This will allow for disambiguation between MSAL usage by the app vs MSAL usage by component libraries.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IClientApplicationBase.SliceParameters">
<summary>
Sets or Gets a custom query parameters that may be sent to the STS for dogfood testing or debugging. This is a string of segments
of the form <c>key=value</c> separated by an ampersand character.
Unless requested otherwise, this parameter should not be set by application developers as it may have adverse effect on the application.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IClientApplicationBase.ValidateAuthority">
<summary>
Gets a boolean value telling the application if the authority needs to be verified against a list of known authorities. The default
value is <c>true</c>. It should currently be set to <c>false</c> for Azure AD B2C authorities as those are customer specific
(a list of known B2C authorities cannot be maintained by MSAL.NET)
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IClientApplicationBase.RedirectUri">
<summary>
The redirect URI (also known as Reply URI or Reply URL), is the URI at which Azure AD will contact back the application with the tokens.
This redirect URI needs to be registered in the app registration (https://aka.ms/msal-net-register-app)
In MSAL.NET, <see cref="T:PublicClientApplication"/> define the following default RedirectUri values:
<list type="bullet">
<item><description><c>urn:ietf:wg:oauth:2.0:oob</c> for desktop (.NET Framework and .NET Core) applications</description></item>
<item><description><c>msal{ClientId}</c> for Xamarin iOS and Xamarin Android (as this will be used by the system web browser by default on these
platforms to call back the application)
</description></item>
</list>
These default URIs could change in the future.
In <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>, this can be the URL of the web application / web API.
</summary>
<remarks>This is especially important when you deploy an application that you have initially tested locally;
you then need to add the reply URL of the deployed application in the application registration portal.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)">
<summary>
Attempts to acquire an access token for the <paramref name="account"/> from the user token cache.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account for which the token is requested. <see cref="T:Microsoft.Identity.Client.IAccount"/></param>
<returns>An <see cref="T:Microsoft.Identity.Client.AuthenticationResult"/> containing the requested token</returns>
<exception cref="T:Microsoft.Identity.Client.MsalUiRequiredException">can be thrown in the case where an interaction is required with the end user of the application,
for instance so that the user consents, or re-signs-in (for instance if the password expired), or performs two factor authentication</exception>
<remarks>
The access token is considered a match if it contains <b>at least</b> all the requested scopes.
This means that an access token with more scopes than requested could be returned as well. If the access token is expired or
close to expiration (within 5 minute window), then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
See https://aka.ms/msal-net-acuiretokensilent for more details
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,System.String,System.Boolean)">
<summary>
Attempts to acquire and access token for the <paramref name="account"/> from the user token cache, with advanced parameters making a network call.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account for which the token is requested. <see cref="T:Microsoft.Identity.Client.IAccount"/></param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured in the application constructor
narrows down the selection of tenants for which to get a tenant, but does not change the configured value</param>
<param name="forceRefresh">If <c>true</c>, the will ignore the access token in the cache and attempt to acquire new access token
using the refresh token for the account if this one is available. This can be useful in the case when the application developer wants to make
sure that conditional access policies are applies immediately, rather than after the expiration of the access token</param>
<returns>An <see cref="T:Microsoft.Identity.Client.AuthenticationResult"/> containing the requested token</returns>
<exception cref="T:Microsoft.Identity.Client.MsalUiRequiredException">can be thrown in the case where an interaction is required with the end user of the application,
for instance, if no refresh token was in the cache, or the user needs to consents, or re-sign-in (for instance if the password expired),
or performs two factor authentication</exception>
<remarks>
The access token is considered a match if it contains <b>at least</b> all the requested scopes. This means that an access token with more scopes than
requested could be returned as well. If the access token is expired or close to expiration (within 5 minute window),
then the cached refresh token (if available) is used to acquire a new access token by making a silent network call.
See https://aka.ms/msal-net-acquiretokensilent for more details
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.IClientApplicationBase.ClientId">
<summary>
Gets the Client ID (also known as Application ID) of the application as registered in the application registration portal (https://aka.ms/msal-net-register-app)
and as passed in the constructor of the application.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.IConfidentialClientApplication">
<summary>
Represents confidential client applications - web apps, web APIs, daemon applications.
</summary>
<remarks>
Confidential client applications are typically applications which run on servers (web apps, web API, or even service/daemon applications).
They are considered difficult to access, and therefore capable of keeping an application secret (hold configuration
time secrets as these values would be difficult for end users to extract).
A web app is the most common confidential client. The client ID is exposed through the web browser, but the secret is passed only in the back channel
and never directly exposed. For details, see <see href="https://aka.ms/msal-net-client-applications">Client Applications</see>.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.IConfidentialClientApplication.AppTokenCache">
<summary>
Application token cache which holds access tokens for this application. It's maintained
and updated silently when calling <see cref="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenForClient(System.Collections.Generic.IEnumerable{System.String})"/>
</summary>
<remarks>On .NET Framework and .NET Core you can also customize the token cache serialization.
See <see href="https://aka.ms/msal-net-token-cache-serialization">Token Cache Serialization</see>. This is taken care of by MSAL.NET on other platforms.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenByAuthorizationCode(System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Acquires a token from the authority configured in the app using the authorization code
previously received from the identity provider using the OAuth 2.0 authorization code flow.
See <see href="https://aka.ms/msal-net-authorization-code">Authorization Code Flow</see>.
This flow is usually used in web apps (for instance, ASP.NET and ASP.NET Core web apps)
which sign-in users and can request an authorization code.
This method does not look in the token cache, but stores the result in it. Before calling this method, use other methods
such as <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> to check the token cache.
</summary>
<param name="scopes">Scopes requested to access a protected API.</param>
<param name="authorizationCode">The authorization code received from the service authorization endpoint.</param>
<returns>A builder enabling you to add optional parameters before executing the token request.</returns>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenForClient(System.Collections.Generic.IEnumerable{System.String})">
<summary>
Acquires a token from the authority configured in the app for the confidential client itself (not for a user)
using the client credentials flow. See <see href="https://aka.ms/msal-net-client-credentials">Client Credentials Flow</see>.
During this operation MSAL will first search in the cache for an unexpired token before acquiring a new one from Microsoft Entra ID.
</summary>
<param name="scopes">Scopes requested to access a protected API. For this flow (client credentials), the scopes
should be in the form of "{ResourceIdUri/.default}" for instance <c>https://management.azure.net/.default</c> or, for Microsoft
Graph, <c>https://graph.microsoft.com/.default</c> as the requested scopes are defined statically in the application registration
in the portal, and cannot be overridden in the application.</param>
<returns>A builder enabling you to add optional parameters before executing the token request.</returns>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenOnBehalfOf(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)">
<summary>
Acquires an access token for this application (usually a web API) from the authority configured in the application,
in order to access another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow.
During this operation MSAL will first search in the cache for an unexpired token before acquiring a new one from Microsoft Entra ID.
See <see href="https://aka.ms/msal-net-on-behalf-of">On-Behalf-Of Flow</see>.
</summary>
<param name="scopes">Scopes requested to access a protected API.</param>
<param name="userAssertion">Instance of <see cref="T:Microsoft.Identity.Client.UserAssertion"/> containing credential information about
the user on behalf of whom to get a token.</param>
<returns>A builder enabling you to add optional parameters before executing the token request.</returns>
<remarks>
Pass an access token (not an ID token) which was used to access this application in the
<paramref name="userAssertion">userAssertion</paramref> parameter.
For long-running or background processes in web API, see <see href="https://aka.ms/msal-net-long-running-obo">Long-running OBO in MSAL.NET</see>.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.GetAuthorizationRequestUrl(System.Collections.Generic.IEnumerable{System.String})">
<summary>
Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in
the user's name. The URL targets the /authorize endpoint of the authority configured in the application.
</summary>
<param name="scopes">Scopes requested to access a protected API.</param>
<returns>A builder enabling you to add optional parameters before executing the token request to get the
URL of the authorization endpoint with the specified parameters.</returns>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
In confidential client apps use <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> instead.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.GetAccountsAsync">
<summary>
Use <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.GetAccountAsync(System.String)"/> in web apps and web APIs, and use a token cache serializer for better security and performance. See https://aka.ms/msal-net-cca-token-cache-serialization.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)">
<summary>
[V3 API] Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of)
</summary>
<param name="scopes">Array of scopes requested for resource</param>
<param name="userAssertion">Instance of UserAssertion containing user's token.</param>
<returns>Authentication result containing token of the user for the requested scopes</returns>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenOnBehalfOfAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion,System.String)">
<summary>
[V3 API] Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of)
</summary>
<param name="scopes">Array of scopes requested for resource</param>
<param name="userAssertion">Instance of UserAssertion containing user's token.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<returns>Authentication result containing token of the user for the requested scopes</returns>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenByAuthorizationCodeAsync(System.String,System.Collections.Generic.IEnumerable{System.String})">
<summary>
[V2 API] Acquires security token from the authority using authorization code previously received.
This method does not lookup token cache, but stores the result in it, so it can be looked up using other methods such as <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilentAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/>.
</summary>
<param name="authorizationCode">The authorization code received from service authorization endpoint.</param>
<param name="scopes">Array of scopes requested for resource</param>
<returns>Authentication result containing token of the user for the requested scopes</returns>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenForClientAsync(System.Collections.Generic.IEnumerable{System.String})">
<summary>
[V2 API] Acquires token from the service for the confidential client. This method attempts to look up valid access token in the cache.
</summary>
<param name="scopes">Array of scopes requested for resource</param>
<returns>Authentication result containing application token for the requested scopes</returns>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenForClientAsync(System.Collections.Generic.IEnumerable{System.String},System.Boolean)">
<summary>
[V2 API] Acquires token from the service for the confidential client. This method attempts to look up valid access token in the cache.
</summary>
<param name="scopes">Array of scopes requested for resource</param>
<param name="forceRefresh">If TRUE, API will ignore the access token in the cache and attempt to acquire new access token using client credentials</param>
<returns>Authentication result containing application token for the requested scopes</returns>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.GetAuthorizationRequestUrlAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)">
<summary>
[V2 API] URL of the authorize endpoint including the query parameters.
</summary>
<param name="scopes">Array of scopes requested for resource</param>
<param name="loginHint">Identifier of the user. Generally a UPN.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. The parameter can be null.</param>
<returns>URL of the authorize endpoint including the query parameters.</returns>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplication.GetAuthorizationRequestUrlAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.String,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
[V2 API] Gets URL of the authorize endpoint including the query parameters.
</summary>
<param name="scopes">Array of scopes requested for resource</param>
<param name="redirectUri">Address to return to upon receiving a response from the authority.</param>
<param name="loginHint">Identifier of the user. Generally a UPN.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. The parameter can be null.</param>
<param name="extraScopesToConsent">Array of scopes for which a developer can request consent upfront.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<returns>URL of the authorize endpoint including the query parameters.</returns>
</member>
<member name="T:Microsoft.Identity.Client.ILongRunningWebApi">
<summary>
Methods for long-running or background processes in web APIs.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ILongRunningWebApi.InitiateLongRunningProcessInWebApi(System.Collections.Generic.IEnumerable{System.String},System.String,System.String@)">
<summary>
Acquires an access token for this web API from the authority configured in the application,
in order to access another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow.
See <see href="https://aka.ms/msal-net-long-running-obo">Long-running OBO in MSAL.NET</see>.
Pass an access token (not an ID token) which was used to call this confidential client application in the
<paramref name="userToken">userToken</paramref> parameter.
Use <seealso cref="M:Microsoft.Identity.Client.Extensibility.ConfidentialClientApplicationExtensions.StopLongRunningProcessInWebApiAsync(Microsoft.Identity.Client.ILongRunningWebApi,System.String,System.Threading.CancellationToken)"/> to stop the long running process
and remove the associated tokens from the cache.
</summary>
<remarks>
This method should be called once when the long-running session is started.
</remarks>
<param name="scopes">Scopes requested to access a protected API.</param>
<param name="userToken">A JSON Web Token which was used to call this web API and contains the credential information
about the user on behalf of whom to get a token.</param>
<param name="longRunningProcessSessionKey">Key by which to look up the token in the cache.
If null, it will be set to the assertion hash of the <paramref name="userToken">userToken</paramref> by default.</param>
<returns>A builder enabling you to add other parameters before executing the token request.</returns>
</member>
<member name="M:Microsoft.Identity.Client.ILongRunningWebApi.AcquireTokenInLongRunningProcess(System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Retrieves an access token from the cache using the provided cache key that can be used to
access another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow.
See <see href="https://aka.ms/msal-net-long-running-obo">Long-running OBO in MSAL.NET</see>.
Use <seealso cref="M:Microsoft.Identity.Client.Extensibility.ConfidentialClientApplicationExtensions.StopLongRunningProcessInWebApiAsync(Microsoft.Identity.Client.ILongRunningWebApi,System.String,System.Threading.CancellationToken)"/> to stop the long running process
and remove the associated tokens from the cache.
</summary>
<remarks>
This method should be called during the long-running session to retrieve the token from the cache.
</remarks>
<param name="scopes">Scopes requested to access a protected API.</param>
<param name="longRunningProcessSessionKey">Key by which to look up the token in the cache.</param>
<returns>A builder enabling you to add other parameters before executing the token request.</returns>
<exception cref="T:Microsoft.Identity.Client.MsalClientException"> The token cache does not contain a token
with an OBO cache key that matches the <paramref name="longRunningProcessSessionKey"/>.</exception>
</member>
<member name="T:Microsoft.Identity.Client.IManagedIdentityApplication">
<summary>
Component to be used with managed identity applications for Azure resources.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.IManagedIdentityApplication.AcquireTokenForManagedIdentity(System.String)">
<summary>
Acquires token for a managed identity configured on Azure resource. See https://aka.ms/msal-net-managed-identity.
</summary>
<param name="resource">resource requested to access the protected API. For this flow (managed identity), the resource
should be of the form "{ResourceIdUri}" or {ResourceIdUri/.default} for instance <c>https://management.azure.net</c> or, for Microsoft
Graph, <c>https://graph.microsoft.com/.default</c>.</param>
<returns>A builder enabling you to add optional parameters before executing the token request</returns>
<remarks>You can also chain the following optional parameters:
<see cref="M:Microsoft.Identity.Client.AcquireTokenForManagedIdentityParameterBuilder.WithForceRefresh(System.Boolean)"/>
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Instance.AdfsAuthority.GetTenantedAuthority(System.String,System.Boolean)">
<summary>
ADFS seems to support tenanted authorities, but the tenant ID is fixed so for all intents and purposes
it remains constant
</summary>
<param name="tenantId"></param>
<param name="forceSpecifiedTenant"></param>
<returns></returns>
<exception cref="T:System.NotImplementedException"></exception>
</member>
<member name="T:Microsoft.Identity.Client.Instance.Authority">
<remarks>
Must be kept immutable
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Instance.Authority.CreateAuthorityForRequestAsync(Microsoft.Identity.Client.Internal.RequestContext,Microsoft.Identity.Client.AuthorityInfo,Microsoft.Identity.Client.IAccount)">
<summary>
Figures out the authority based on the authority from the config and the authority from the request,
and optionally the homeAccountTenantId, which has an impact on AcquireTokenSilent
The algorithm is:
1. If there is no request authority (i.e. no authority override), use the config authority.
1.1. For AAD, if the config authority is "common" etc, try to use the tenanted version with the home account tenant ID
2. If there is a request authority, try to use it.
2.1. If the request authority is not "common", then use it
2.2 If the request authority is "common", ignore it, and use 1.1
Special cases:
- if the authority is not defined at the application level and the request level is not AAD, use the request authority
- if the authority is defined at app level, and the request level authority of is of different type, throw an exception
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Instance.Authority.GetTenantedAuthority(System.String,System.Boolean)">
<summary>
Changes the tenant ID of the authority, if the authority supports tenants. If not, throws exception.
</summary>
<param name="tenantId">The new tenant ID</param>
<param name="forceSpecifiedTenant">Forces the change, even if the current tenant is not "common" or "organizations" or "consumers"</param>
</member>
<member name="T:Microsoft.Identity.Client.Instance.AuthorityManager">
<summary>
This object is at REQUEST level.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Instance.CiamAuthority.TransformAuthority(System.Uri)">
<summary>
Translates CIAM authorities into a usable form. This is needed only until ESTS is updated to support the north star format
North star format: https://idgciamdemo.ciamlogin.com
Transformed format: https://idgciamdemo.ciamlogin.com/idgciamdemo.onmicrosoft.com
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Instance.Discovery.IInstanceDiscoveryManager">
<summary>
Provides instance metadata across all authority types. Deals with metadata caching.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Instance.Discovery.InstanceDiscoveryManager">
<summary>
Priority order of metadata providers:
If user provided metadata via <see cref="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithInstanceDiscoveryMetadata(System.String)"/> use it exclusively. Otherwise:
1. Static cache (this is populated from the network)
2. Well-known cache if all environments present in the token cache are known (this is hard-coded into MSAL)
3. Cache stored in token cache (Not currently implemented)
5. AAD discovery endpoint
6. If going to the network fails with an error different than "invalid_instance" (i.e.authority validation failed), use the well-known instance metadata entry for the given authority
7. On failure, use the authority itself(i.e.preferred cache = preferred network = aliases = configured_authority)
Spec: https://identitydivision.visualstudio.com/DevEx/_git/AuthLibrariesApiReview?path=%2FInstance%20Discovery%20Caching%2Fdesktop_web_caching.md
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Instance.Validation.AadAuthorityValidator.ValidateAuthorityAsync(Microsoft.Identity.Client.AuthorityInfo)">
<summary>
AAD performs authority validation by calling the instance metadata endpoint. This is a bit unfortunate,
because instance metadata is used for aliasing, and authority validation is orthogonal to that.
MSAL must figure out aliasing even if ValidateAuthority is set to false.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Instance.Validation.IAuthorityValidator.ValidateAuthorityAsync(Microsoft.Identity.Client.AuthorityInfo)">
<summary>
Validates the authority. This is specific to each authority type.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Instance.Validation.NullAuthorityValidator.ValidateAuthorityAsync(Microsoft.Identity.Client.AuthorityInfo)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.Region.IRegionManager.GetAzureRegionAsync(Microsoft.Identity.Client.Internal.RequestContext)">
<summary>
Gets the azure region and adds telemetry to the ApiEvents
</summary>
<returns>Returns null if region should not be used or cannot be discovered.</returns>
</member>
<member name="T:Microsoft.Identity.Client.Region.RegionAutodetectionSource">
<summary>
Indicates where the region information came from.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Region.RegionAutodetectionSource.None">
<summary>
Indicates that the API .WithAzureRegion() was not used
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Region.RegionAutodetectionSource.FailedAutoDiscovery">
<summary>
Auto-detection failed, fallback to global
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Region.RegionAutodetectionSource.Cache">
<summary>
Auto-detected from MSAL's static cache
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Region.RegionAutodetectionSource.EnvVariable">
<summary>
Auto-detected from Env Variable
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Region.RegionAutodetectionSource.Imds">
<summary>
Auto-detected from IMDS
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Region.RegionOutcome">
<summary>
Indicates where the region information came from.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Region.RegionOutcome.None">
<summary>
Indicates that the API .WithAzureRegion() was not used
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Region.RegionOutcome.UserProvidedValid">
<summary>
Region provided by the user, matches auto detected region
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Region.RegionOutcome.UserProvidedAutodetectionFailed">
<summary>
Region provided by the user, auto detection cannot be done
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Region.RegionOutcome.UserProvidedInvalid">
<summary>
Region provided by the user, does not match auto detected region
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Region.RegionOutcome.AutodetectSuccess">
<summary>
Region autodetect requested and was successful
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Region.RegionOutcome.FallbackToGlobal">
<summary>
Region autodetect requested but failed. Fallback to global
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Internal.Broker.BrokerResponseConst">
<summary>
For Android there are from: https://github.com/AzureAD/microsoft-authentication-library-common-for-android/blob/dev/common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerResult.java
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Internal.Broker.IBroker.HandleInstallUrl(System.String)">
<summary>
If device auth is required but the broker is not enabled, AAD will
signal this by returning an URL pointing to the broker app that needs to be installed.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Internal.Broker.NullBroker">
<summary>
For platforms that do not support a broker
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Internal.IdToken.ObjectId">
<summary>
The OID claim is a unique identifier (GUID) for the user object in Azure AD.
Guest Users have different OID.
This is a stable ID across all apps.
IMPORTANT: There are rare cases where this is missing!
</summary>
<remarks>
Avoid using as it is not guaranteed non-null. Use <see cref="M:Microsoft.Identity.Client.Internal.IdToken.GetUniqueId"/> instead.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.Internal.IdToken.Subject">
<summary>
The sub claim is a unique identifier for user + app.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Internal.IServiceBundle.ApplicationLogger">
<summary>
When outside of a request, the normal logger (requestContext.Logger) is not available.
This logger is at the app level - it is just not tied to a correlation ID.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Internal.JsonWebTokenConstants.Algorithm">
<summary>
Encryption algorithm used, e.g. ES256
https://tools.ietf.org/html/rfc7515#section-4.1.1
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Internal.JsonWebTokenConstants.Type">
<summary>
The type of token e.g. JWT
https://tools.ietf.org/html/rfc7519#section-5.1
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Internal.JsonWebTokenConstants.KeyId">
<summary>
Key ID, can be an X509 cert thumbprint. When used with a JWK, the "kid" value is used to match a JWK "kid"
parameter value
https://tools.ietf.org/html/rfc7515#section-4.1.4
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Internal.MsalIdParameter.Product">
<summary>
MSAL Flavor: .NET or WinRT
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Internal.MsalIdParameter.Version">
<summary>
MSAL assembly version
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Internal.MsalIdParameter.OS">
<summary>
Version of the operating system. This will not be sent on WinRT
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Internal.MsalIdParameter.DeviceModel">
<summary>
Device model. This will not be sent on .NET
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Internal.MsalIdHelper">
<summary>
This class adds additional query parameters or headers to the requests sent to STS. This can help us in
collecting statistics and potentially on diagnostics.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Internal.RequestContext.ApiEvent">
<summary>
One and only one ApiEvent is associated with each request.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Internal.Requests.AuthenticationRequestParameters">
<summary>
This class is responsible for merging app level and request level parameters.
Not all parameters need to be merged - app level parameters can be accessed via AppConfig property
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Internal.Requests.AuthenticationRequestParameters.Authority">
<summary>
Authority is the URI used by MSAL for communication and storage
During a request it can be updated:
- with the preferred environment
- with actual tenant
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Internal.Requests.AuthenticationRequestParameters.Claims">
<summary>
Indicates if the user configured claims via .WithClaims. Not affected by Client Capabilities
</summary>
<remarks>If user configured claims, request should bypass cache</remarks>
</member>
<member name="P:Microsoft.Identity.Client.Internal.Requests.AuthenticationRequestParameters.OnBeforeTokenRequestHandler">
<summary>
If set, MSAL should add the key / value pairs from the provider to the token endpoint instead of generating a client assertion
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Internal.Requests.AuthenticationRequestParameters.UserAssertion">
<remarks>
User assertion is null when <see cref="M:Microsoft.Identity.Client.ILongRunningWebApi.AcquireTokenInLongRunningProcess(System.Collections.Generic.IEnumerable{System.String},System.String)"/> is called.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.Internal.Requests.AuthenticationRequestParameters.LongRunningOboCacheKey">
<summary>
User-provided cache key for long-running OBO flow.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Internal.Requests.IntegratedWindowsAuthRequest">
<summary>
Handles requests that are non-interactive. Currently MSAL supports Integrated Windows Auth (IWA).
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Internal.Requests.InteractiveRequest">
<summary>
This class decides the workflow of an interactive request. The business rules are:
1. If WithBroker is set to true
1.1. Attempt to invoke the broker and get the token
1.2. If this fails, e.g. if broker is not installed, the use a web view (goto 2)
2. Use a webview and get an auth code and look at the auth code
2.1. If the auth code has a special format, showing that a broker is needed then. Invoke the broker flow (step 1) with a broker installation URL
2.2. Otherwise exchange the auth code for tokens (normal authorize_code grant)
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Internal.Requests.RequestBase">
<summary>
Base class for all flows. Use by implementing <see cref="M:Microsoft.Identity.Client.Internal.Requests.RequestBase.ExecuteAsync(System.Threading.CancellationToken)"/>
and optionally calling protected helper methods such as SendTokenRequestAsync, which know
how to use all params when making the request.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Internal.Requests.RequestBase.GetOverriddenScopes(System.Collections.Generic.ISet{System.String})">
<summary>
Return a custom set of scopes to override the default MSAL logic of merging
input scopes with reserved scopes (openid, profile etc.)
Leave as is / return null otherwise
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Internal.Requests.RequestBase.CreateRegionDetails(Microsoft.Identity.Client.TelemetryCore.Internal.Events.ApiEvent)">
<summary>
Creates the region Details
</summary>
<param name="apiEvent"></param>
<returns></returns>
</member>
<member name="T:Microsoft.Identity.Client.Internal.Requests.UsernamePasswordRequest">
<summary>
Handles requests that are non-interactive. Currently MSAL supports Integrated Windows Auth.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Internal.AuthCodeRequestComponent">
<summary>
Responsible for getting an auth code
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Internal.SilentRequestHelper.ProcessFetchInBackground(Microsoft.Identity.Client.Cache.Items.MsalAccessTokenCacheItem,System.Func{System.Threading.Tasks.Task{Microsoft.Identity.Client.AuthenticationResult}},Microsoft.Identity.Client.Core.ILoggerAdapter,Microsoft.Identity.Client.Internal.IServiceBundle,Microsoft.Identity.Client.TelemetryCore.Internal.Events.ApiEvent.ApiIds)">
<summary>
Fire and forget the fetch action on a background thread.
Do not change to Task and do not await it.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Internal.ServiceBundle.ApplicationLogger">
<summary>
This logger does not contain a correlation ID and should be used only when the correlation ID is not available
i.e. before a request exists
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Internal.ServiceBundle.HttpManager">
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.Internal.ServiceBundle.WsTrustWebRequestManager">
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.Internal.ServiceBundle.PlatformProxy">
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.Internal.ServiceBundle.Config">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.Core.ILoggerAdapter.IsLoggingEnabled(Microsoft.Identity.Client.LogLevel)">
<summary>
For expensive logging messages (e.g. when the log message evaluates a variable),
it is better to check the log level ahead of time so as not to evaluate the expensive message and then discard it.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Core.MsalLoggerExtensions">
<summary>
Extension methods for ILoggerAdapter
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Core.MsalLoggerExtensions.Info(Microsoft.Identity.Client.Core.ILoggerAdapter,System.Func{System.String})">
<summary>
This method is used to avoid string concatenation when the log level is not enabled.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Core.MsalLoggerExtensions.InfoPii(Microsoft.Identity.Client.Core.ILoggerAdapter,System.Func{System.String},System.Func{System.String})">
<summary>
This method is used to avoid string concatenation when the log level is not enabled.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.IntuneAppProtectionPolicyRequiredException">
<summary>
This exception is thrown when Intune requires app protection policy.
The information in this exception can be used by app to obtain the required
enrollment ID from Mobile App Management (MAM) SDK.
See https://aka.ms/msal-net-trueMAM
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IntuneAppProtectionPolicyRequiredException.Upn">
<summary>
UPN of the user
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IntuneAppProtectionPolicyRequiredException.AccountUserId">
<summary>
Local account id
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IntuneAppProtectionPolicyRequiredException.TenantId">
<summary>
Tenant ID of the App
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IntuneAppProtectionPolicyRequiredException.AuthorityUrl">
<summary>
Authority URL
</summary>
</member>
<member name="M:Microsoft.Identity.Client.IntuneAppProtectionPolicyRequiredException.#ctor(System.String,System.String)">
<summary>
Initializes a new instance of the exception class with a specified
error code and error message.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
</member>
<member name="T:Microsoft.Identity.Client.IPublicClientApplication">
<summary>
Represents public client applications - desktop and mobile applications.
</summary>
<remarks>
Public client applications are not trusted to safely keep application secrets and therefore they can only access web APIs in the name of the authenticating user.
See <see href="https://aka.ms/msal-net-client-applications">Client Applications</see>.
<para>
Unlike <see cref="T:Microsoft.Identity.Client.IConfidentialClientApplication"/>, public clients are unable to securely store secrets on a client device and as a result do not require the use of a client secret.
</para>
<para>
The redirect URI needed for interactive authentication is automatically determined by the library. It does not need to be passed explicitly in the constructor. Depending
on the authentication strategy (e.g., through the <see href="https://aka.ms/msal-net-wam">Web Account Manager</see>, the Authenticator app, web browser, etc.), different redirect URIs will be used by MSAL. Redirect URIs must always be configured for the application in the Azure Portal.
</para>
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.IPublicClientApplication.IsSystemWebViewAvailable">
<summary>
Tells if the application can use the system web browser, therefore enabling single-sign-on with web applications.
By default, MSAL will try to use a system browser on the mobile platforms, if it is available.
See <see href="https://aka.ms/msal-net-uses-web-browser">our documentation</see> for more details.
</summary>
<remarks>
On Windows, macOS, and Linux a system browser can always be used, except in cases where there is no UI (e.g., a SSH session).
On Android, the browser must support tabs.
</remarks>
<returns>Returns <c>true</c> if MSAL can use the system web browser.</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenInteractive(System.Collections.Generic.IEnumerable{System.String})">
<summary>
Acquires a token interactively for the specified scopes. Either a system browser, an embedded browser, or a broker will
handle this request, depending on the version of .NET framework used and on configuration.
For Microsoft Entra applications, a broker is recommended. See <see href="https://aka.ms/msal-net-wam">Windows Broker</see>.
This method does not look in the token cache, but stores the result in it. Before calling this method, use other methods
such as <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> to check the token cache.
See <see href="https://aka.ms/adal-to-msal-net/interactive">Interactive Authentication</see>.
</summary>
<param name="scopes">Scopes requested to access a protected API.</param>
<returns>A builder enabling you to add optional parameters before executing the token request.</returns>
<remarks>The user will be signed-in interactively and will consent to scopes, as well as perform a multi-factor authentication step if such a policy was enabled in the Azure AD tenant.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenWithDeviceCode(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})">
<summary>
Acquires a token on a device without a web browser by letting the user authenticate on
another device.
This method does not look in the token cache, but stores the result in it. Before calling this method, use other methods
such as <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> to check the token cache.
</summary>
<remarks>
The token acquisition is done in two steps:
<list type="bullet">
<item><description>The method first acquires a device code from the authority and returns it to the caller via
the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user
to direct them to authenticate (i.e., to a specific URL, with a code).</description></item>
<item><description>The method then proceeds to poll for the security
token which is granted upon successful login by the user based on the device code information.</description></item>
</list>
See <see href="https://aka.ms/msal-device-code-flow">Device Code Flow</see>.
</remarks>
<param name="scopes">Scopes requested to access a protected API.</param>
<param name="deviceCodeResultCallback">Callback containing information to show the user about how to authenticate and enter the device code.</param>
<returns>A builder enabling you to add optional parameters before executing the token request.</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByIntegratedWindowsAuth(System.Collections.Generic.IEnumerable{System.String})">
<summary>
<para>
This API is no longer recommended and will be deprecated in future versions in favor of
similar functionality via <see href="https://aka.ms/msal-net-wam">the Windows broker (WAM)</see>.
WAM does not require any setup for desktop apps to login with the Windows account.
</para>
<para>
Acquires a token non-interactively for the signed-in user in Windows
via Integrated Windows Authentication.
The account used in this overrides is pulled from the operating system as the current user principal name.
This method does not look in the token cache, but stores the result in it. Before calling this method, use other methods
such as <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> to check the token cache.
</para>
</summary>
<param name="scopes">Scopes requested to access a protected API.</param>
<returns>A builder enabling you to add optional parameters before executing the token request.</returns>
<remarks>
See <see href="https://aka.ms/msal-net-iwa">our documentation</see> for more details.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByUsernamePassword(System.Collections.Generic.IEnumerable{System.String},System.String,System.Security.SecureString)">
<summary>
Non-interactive request to acquire a token via username and password authentication.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="username">Identifier of the user application requests token on behalf.
Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<param name="password">User password as a secure string.</param>
<returns>A builder enabling you to add optional parameters before executing the token request</returns>
<remarks>
Available only for .NET Framework and .NET Core applications. See <see href="https://aka.ms/msal-net-up">our documentation</see> for details.
.NET no longer recommends using SecureString and MSAL puts the plaintext value of the password on the wire, as required by the OAuth protocol. See <see href="https://docs.microsoft.com/dotnet/api/system.security.securestring?view=net-6.0#remarks">SecureString documentation</see> for details.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByUsernamePassword(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)">
<summary>
Acquires a token without user interaction using username and password authentication.
This method does not look in the token cache, but stores the result in it. Before calling this method, use other methods
such as <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> to check the token cache.
</summary>
<param name="scopes">Scopes requested to access a protected API.</param>
<param name="username">Identifier of the user application requests token on behalf.
Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<param name="password">User password as a string.</param>
<returns>A builder enabling you to add optional parameters before executing the token request.</returns>
<remarks>
Available only for .NET Framework and .NET Core applications. See <see href="https://aka.ms/msal-net-up">our documentation</see> for details.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String})">
<summary>
Interactive request to acquire token for the specified scopes. The user is required to select an account
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
<remarks>The user will be signed-in interactively if needed,
and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.</remarks>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed
based on the <paramref name="loginHint"/>
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)">
<summary>
Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed
based on the provided <paramref name="account"/>
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.Prompt,System.String)">
<summary>
Interactive request to acquire token for a login with control of the UI behavior and possibility of passing extra query parameters like additional claims
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.Prompt,System.String)">
<summary>
Interactive request to acquire token for an account with control of the UI behavior and possibility of passing extra query parameters like additional claims
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.Prompt,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Interactive request to acquire token for a given login, with the possibility of controlling the user experience, passing extra query
parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
</summary>
<param name="scopes">scopes requested to access a protected API</param>
<param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="extraScopesToConsent">scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
for which you want to acquire a security token.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.Prompt,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Interactive request to acquire token for a given account, with the possibility of controlling the user experience, passing extra query
parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="extraScopesToConsent">Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
for which you want to acquire a security token.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for the specified scopes. The interactive window will be parented to the specified
window. The user will be required to select an account
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
<remarks>The user will be signed-in interactively if needed,
and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.</remarks>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for the specified scopes. The interactive window will be parented to the specified
window. . The user will need to sign-in but an account will be proposed
based on the <paramref name="loginHint"/>
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and login</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed
based on the provided <paramref name="account"/>
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.Prompt,System.String,Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for a login with control of the UI behavior and possibility of passing extra query parameters like additional claims
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.Prompt,System.String,Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for an account with control of the UI behavior and possibility of passing extra query parameters like additional claims
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.Prompt,System.String,System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for a given login, with the possibility of controlling the user experience, passing extra query
parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="extraScopesToConsent">Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
for which you want to acquire a security token.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.Prompt,System.String,System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for a given account, with the possibility of controlling the user experience, passing extra query
parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="extraScopesToConsent">Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
for which you want to acquire a security token.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByUsernamePasswordAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.Security.SecureString)">
<summary>
Non-interactive request to acquire a security token from the authority, via Username/Password Authentication.
See https://aka.ms/msal-net-up.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="username">Identifier of the user application requests token on behalf.
Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com</param>
<param name="securePassword">User password.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})">
<summary>
Acquires a security token on a device without a web browser, by letting the user authenticate on
another device. This is done in two steps:
<list type="bullet">
<item><description>the method first acquires a device code from the authority and returns it to the caller via
the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user
to direct them to authenticate (to a specific URL, with a code)</description></item>
<item><description>The method then proceeds to poll for the security
token which is granted upon successful login by the user based on the device code information</description></item>
</list>
See https://aka.ms/msal-device-code-flow.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="deviceCodeResultCallback">Callback containing information to show the user about how to authenticate and enter the device code.</param>
<returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})">
<summary>
Acquires a security token on a device without a web browser, by letting the user authenticate on
another device, with possibility of passing extra parameters. This is done in two steps:
<list type="bullet">
<item><description>the method first acquires a device code from the authority and returns it to the caller via
the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user
to direct them to authenticate (to a specific URL, with a code)</description></item>
<item><description>The method then proceeds to poll for the security
token which is granted upon successful login by the user based on the device code information</description></item>
</list>
See https://aka.ms/msal-device-code-flow.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="deviceCodeResultCallback">Callback containing information to show the user about how to authenticate and enter the device code.</param>
<returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task},System.Threading.CancellationToken)">
<summary>
Acquires a security token on a device without a web browser, by letting the user authenticate on
another device, with possibility of cancelling the token acquisition before it times out. This is done in two steps:
<list type="bullet">
<item><description>the method first acquires a device code from the authority and returns it to the caller via
the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user
to direct them to authenticate (to a specific URL, with a code)</description></item>
<item><description>The method then proceeds to poll for the security
token which is granted upon successful login by the user based on the device code information. This step is cancelable</description></item>
</list>
See https://aka.ms/msal-device-code-flow.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="deviceCodeResultCallback">The callback containing information to show the user about how to authenticate and enter the device code.</param>
<param name="cancellationToken">A CancellationToken which can be triggered to cancel the operation in progress.</param>
<returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task},System.Threading.CancellationToken)">
<summary>
Acquires a security token on a device without a web browser, by letting the user authenticate on
another device, with possibility of passing extra query parameters and cancelling the token acquisition before it times out. This is done in two steps:
<list type="bullet">
<item><description>the method first acquires a device code from the authority and returns it to the caller via
the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user
to direct them to authenticate (to a specific URL, with a code)</description></item>
<item><description>The method then proceeds to poll for the security
token which is granted upon successful login by the user based on the device code information. This step is cancelable</description></item>
</list>
See https://aka.ms/msal-device-code-flow.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="deviceCodeResultCallback">The callback containing information to show the user about how to authenticate and enter the device code.</param>
<param name="cancellationToken">A CancellationToken which can be triggered to cancel the operation in progress.</param>
<returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByIntegratedWindowsAuthAsync(System.Collections.Generic.IEnumerable{System.String})">
<summary>
Non-interactive request to acquire a security token for the signed-in user in Windows, via Integrated Windows Authentication.
See https://aka.ms/msal-net-iwa.
The account used in this overrides is pulled from the operating system as the current user principal name
</summary>
<remarks>
On Windows Universal Platform, the following capabilities need to be provided:
Enterprise Authentication, Private Networks (Client and Server), User Account Information
</remarks>
<param name="scopes">Scopes requested to access a protected API</param>
<returns>Authentication result containing a token for the requested scopes and for the currently signed-in user in Windows</returns>
</member>
<member name="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByIntegratedWindowsAuthAsync(System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Non-interactive request to acquire a security token for the signed-in user in Windows, via Integrated Windows Authentication.
See https://aka.ms/msal-net-iwa.
The account used in this overrides is pulled from the operating system as the current user principal name
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="username">Identifier of the user account for which to acquire a token with Integrated Windows authentication.
Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com</param>
<returns>Authentication result containing a token for the requested scopes and for the currently signed-in user in Windows</returns>
</member>
<member name="T:Microsoft.Identity.Client.TokenCacheCallback">
<summary>
Notification for certain token cache interactions during token acquisition. This delegate is
used in particular to provide a custom token cache serialization.
See https://aka.ms/aka.ms/msal-net-token-cache-serialization
</summary>
<param name="args">Arguments related to the cache item impacted</param>
</member>
<member name="T:Microsoft.Identity.Client.ITokenCache">
<summary>
This is the interface that implements the public access to cache operations.
With CacheV2, this should only be necessary if the caller is persisting
the cache in their own store, since this will provide the serialize/deserialize
and before/after notifications used in that scenario.
See https://aka.ms/aka.ms/msal-net-token-cache-serialization
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.SetBeforeAccess(Microsoft.Identity.Client.TokenCacheCallback)">
<summary>
Sets a delegate to be notified before any library method accesses the cache. This gives an option to the
delegate to deserialize a cache entry for the application and accounts specified in the <see cref="T:Microsoft.Identity.Client.TokenCacheNotificationArgs"/>.
See https://aka.ms/msal-net-token-cache-serialization.
If you need async/task-based callbacks, please use SetBeforeAccessAsync instead.
</summary>
<param name="beforeAccess">Delegate set in order to handle the cache deserialization</param>
<remarks>When the delegate is used to deserialize the cache, it might
want to call <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/></remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.SetAfterAccess(Microsoft.Identity.Client.TokenCacheCallback)">
<summary>
Sets a delegate to be notified after any library method accesses the cache. This gives an option to the
delegate to serialize a cache entry for the application and accounts specified in the <see cref="T:Microsoft.Identity.Client.TokenCacheNotificationArgs"/>.
See https://aka.ms/msal-net-token-cache-serialization.
If you need async/task-based callbacks, please use SetAfterAccessAsync instead.
</summary>
<param name="afterAccess">Delegate set in order to handle the cache serialization in the case where the <see cref="P:Microsoft.Identity.Client.TokenCache.HasStateChanged"/>
member of the cache is <c>true</c></param>
<remarks>In the case where the delegate is used to serialize the cache entirely (not just a row), it might
want to call <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/></remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.SetBeforeWrite(Microsoft.Identity.Client.TokenCacheCallback)">
<summary>
Sets a delegate called before any library method writes to the cache. This gives an option to the delegate
to reload the cache state from a row in database and lock that row. That database row can then be unlocked in the delegate
registered with <see cref="M:Microsoft.Identity.Client.ITokenCache.SetAfterAccess(Microsoft.Identity.Client.TokenCacheCallback)"/>
If you need async/task-based callbacks, please use SetBeforeWriteAsync instead.
</summary>
<param name="beforeWrite">Delegate set in order to prepare the cache serialization</param>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.SetBeforeAccessAsync(System.Func{Microsoft.Identity.Client.TokenCacheNotificationArgs,System.Threading.Tasks.Task})">
<summary>
Sets a delegate to be notified before any library method accesses the cache. This gives an option to the
delegate to deserialize a cache entry for the application and accounts specified in the <see cref="T:Microsoft.Identity.Client.TokenCacheNotificationArgs"/>.
See https://aka.ms/msal-net-token-cache-serialization.
This provides the same functionality as SetBeforeAccess but it provides for an async/task-based callback.
</summary>
<param name="beforeAccess">Delegate set in order to handle the cache deserialization</param>
<remarks>In the case where the delegate is used to deserialize the cache, it might
want to call <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/></remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.SetAfterAccessAsync(System.Func{Microsoft.Identity.Client.TokenCacheNotificationArgs,System.Threading.Tasks.Task})">
<summary>
Sets a delegate to be notified after any library method accesses the cache. This gives an option to the
delegate to serialize a cache entry for the application and accounts specified in the <see cref="T:Microsoft.Identity.Client.TokenCacheNotificationArgs"/>.
See https://aka.ms/msal-net-token-cache-serialization.
This provides the same functionality as SetAfterAccess but it provides for an async/task-based callback.
</summary>
<param name="afterAccess">Delegate set in order to handle the cache serialization in the case where the <see cref="P:Microsoft.Identity.Client.TokenCache.HasStateChanged"/>
member of the cache is <c>true</c></param>
<remarks>In the case where the delegate is used to serialize the cache entirely (not just a row), it might
want to call <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/></remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.SetBeforeWriteAsync(System.Func{Microsoft.Identity.Client.TokenCacheNotificationArgs,System.Threading.Tasks.Task})">
<summary>
Sets a delegate called before any library method writes to the cache. This gives an option to the delegate
to reload the cache state from a row in database and lock that row. That database row can then be unlocked in the delegate
registered with <see cref="M:Microsoft.Identity.Client.ITokenCache.SetAfterAccess(Microsoft.Identity.Client.TokenCacheCallback)"/>
This provides the same functionality as SetBeforeWrite but it provides for an async/task-based callback.
</summary>
<param name="beforeWrite">Delegate set in order to prepare the cache serialization</param>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.SerializeMsalV3">
<summary>
Functionality replaced by <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/> and is accessible in TokenCacheNotificationArgs.
</summary>
<returns>Byte stream representation of the cache</returns>
<remarks>
This is the recommended format for maintaining SSO state between applications.
<see cref="M:Microsoft.Identity.Client.ITokenCache.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCache.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.DeserializeMsalV3(System.Byte[],System.Boolean)">
<summary>
Functionality replaced by <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/> and is accessible in TokenCacheNotificationArgs.
</summary>
<param name="msalV3State">Byte stream representation of the cache</param>
<param name="shouldClearExistingCache">
Set to true to clear MSAL cache contents. Defaults to false.
You would want to set this to true if you want the cache contents in memory to be exactly what's on disk.
You would want to set this to false if you want to merge the contents of what's on disk with your current in memory state.
</param>
<remarks>
This is the recommended format for maintaining SSO state between applications.
<see cref="M:Microsoft.Identity.Client.ITokenCache.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCache.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.SerializeMsalV2">
<summary>
Functionality replaced by <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV2"/> and is accessible in TokenCacheNotificationArgs.
</summary>
<returns>Byte stream representation of the cache</returns>
<remarks>
<see cref="M:Microsoft.Identity.Client.ITokenCache.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCache.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.DeserializeMsalV2(System.Byte[])">
<summary>
Functionality replaced by <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV2(System.Byte[])"/> and is accessible in TokenCacheNotificationArgs.
</summary>
<param name="msalV2State">Byte stream representation of the cache</param>
<remarks>
<see cref="M:Microsoft.Identity.Client.ITokenCache.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCache.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.SerializeAdalV3">
<summary>
Functionality replaced by <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeAdalV3"/> and is accessible in TokenCacheNotificationArgs.
</summary>
<returns>Byte stream representation of the cache</returns>
<remarks>
<see cref="M:Microsoft.Identity.Client.ITokenCache.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCache.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.DeserializeAdalV3(System.Byte[])">
<summary>
Functionality replaced by <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeAdalV3(System.Byte[])"/> and is accessible in TokenCacheNotificationArgs.
See https://aka.ms/msal-net-4x-cache-breaking-change
</summary>
<param name="adalV3State">Byte stream representation of the cache</param>
<remarks>
<see cref="M:Microsoft.Identity.Client.ITokenCache.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCache.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.Serialize">
<summary>
Functionality replaced by <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV2"/>. See https://aka.ms/msal-net-4x-cache-breaking-change
/// </summary>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.Deserialize(System.Byte[])">
<summary>
Functionality replaced by <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV2(System.Byte[])"/>. See https://aka.ms/msal-net-4x-cache-breaking-change /// </summary>
<param name="msalV2State"></param>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.SerializeUnifiedAndAdalCache">
<summary>
Functionality replaced by <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV2"/> and <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeAdalV3"/>
See https://aka.ms/msal-net-4x-cache-breaking-change
</summary>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCache.DeserializeUnifiedAndAdalCache(Microsoft.Identity.Client.Cache.CacheData)">
<summary>
Functionality replaced by <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV2(System.Byte[])"/> and <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeAdalV3(System.Byte[])"/>
See https://aka.ms/msal-net-4x-cache-breaking-change
</summary>
<param name="cacheData"></param>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCacheInternal.FindRefreshTokenAsync(Microsoft.Identity.Client.Internal.Requests.AuthenticationRequestParameters,System.String)">
<summary>
Returns a RT for the request. If familyId is specified, it tries to return the FRT.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCacheInternal.IsFociMemberAsync(Microsoft.Identity.Client.Internal.Requests.AuthenticationRequestParameters,System.String)">
<summary>
FOCI - check in the app metadata to see if the app is part of the family
</summary>
<returns>null if unknown, true or false if app metadata has details</returns>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCacheInternal.HasTokensNoLocks">
<summary>
Shows if MSAL's in-memory token cache has any kind of RT or non-expired AT. Does not trigger a cache notification.
Ignores ADAL's cache.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCacheInternal.IsAppSubscribedToSerializationEvents">
<summary>
True when MSAL has been configured to fire the serialization events i.e. external token caching is enabled.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ITokenCacheSerializer">
<summary>
This interface will be available in TokenCacheNotificationArgs callback to enable serialization/deserialization of the cache.
</summary>
<remarks>
The methods in this class are not thread safe. It is expected that they will be called from the token cache callbacks,
registered via SetBeforeAccess, SetAfterAccess. These callbacks thread safe because they are triggered sequentially.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3">
<summary>
Serializes the token cache to the MSAL.NET 3.x cache format, which is compatible with other MSAL desktop libraries, including MSAL.NET 4.x, MSAL for Python and MSAL for Java.
If you need to maintain SSO between an application using ADAL 3.x and this application using MSAL 3.x or later,
you might also want to serialize and deserialize with <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeAdalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeAdalV3(System.Byte[])"/>,
otherwise just use <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/>.
</summary>
<returns>Byte stream representation of the cache</returns>
<remarks>
This is the recommended format for maintaining SSO state between applications.
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)">
<summary>
Deserializes the token cache to the MSAL.NET 3.x cache format, which is compatible with other MSAL desktop libraries, including MSAL.NET 4.x, MSAL for Python and MSAL for Java.
If you need to maintain SSO between an application using ADAL 3.x and this application using MSAL 3.x or later,
you might also want to serialize and deserialize with <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeAdalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeAdalV3(System.Byte[])"/>,
otherwise just use <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/>.
</summary>
<param name="msalV3State">Byte stream representation of the cache</param>
<param name="shouldClearExistingCache">
Set to true to clear MSAL cache contents. Defaults to false.
You would want to set this to true if you want the cache contents in memory to be exactly what's on disk.
You would want to set this to false if you want to merge the contents of what's on disk with your current in memory state.
</param>
<remarks>
This is the recommended format for maintaining SSO state between applications.
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeAdalV3">
<summary>
Serializes a part of the token cache - the refresh tokens - to the ADAL.NET 3.x cache format.
If you need to maintain SSO between an application using ADAL 3.x and this application using MSAL 3.x or later,
use <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeAdalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeAdalV3(System.Byte[])"/> in addition to <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/>.
See https://aka.ms/adal-to-msal-net/cache for details on how to use this advanced API correctly.
</summary>
<returns>Byte stream representation of the cache</returns>
<remarks>
Do not use <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeAdalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeAdalV3(System.Byte[])"/> without also using <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/>,
because only refresh tokens are exported in this format. Your applications will not cache access token and id tokens,
and will instead need to get them from the identity provider (AAD), which will eventually throttle you.
Later versions of ADAL (4.x and 5.x) use the same cache format as MSAL.
Only <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
ADAL to MSAL cache interop is only available for public client scenarios and for web site scenario.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeAdalV3(System.Byte[])">
<summary>
Deserializes a part of the token cache - the refresh tokens - to the ADAL.NET 3.x cache format.
This API should only be used to maintain SSO between an application using ADAL 3.x and this application using MSAL 3.x or later.
Use <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeAdalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeAdalV3(System.Byte[])"/> in addition to <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/>.
See https://aka.ms/adal-to-msal-net/cache for details on how to use this advanced API correctly.
</summary>
<param name="adalV3State">Byte stream representation of the cache</param>
<remarks>
Do not use <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeAdalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeAdalV3(System.Byte[])"/> without also using <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/>,
because only refresh tokens are exported in this format. Your applications will not cache access token and id tokens,
and will instead need to get them from the identity provider (AAD), which will eventually throttle you.
Later versions of ADAL (4.x and 5.x) use the same cache format as MSAL.
Only <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
ADAL to MSAL cache interop is only available for public client scenarios and for web site scenario.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV2">
<summary>
Serializes the token cache to the MSAL.NET 2.x unified cache format, which is compatible with ADAL.NET v4 and other MSAL.NET v2 applications.
If you need to maintain SSO between an application using ADAL 3.x or MSAL 2.x and this application using MSAL 3.x,
you might also want to serialize and deserialize with <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeAdalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeAdalV3(System.Byte[])"/> or <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV2"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV2(System.Byte[])"/>,
otherwise just use <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/>.
</summary>
<returns>Byte stream representation of the cache</returns>
<remarks>
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV2(System.Byte[])">
<summary>
Deserializes the token cache to the MSAL.NET 2.x cache format, which is compatible with ADAL.NET v4 and other MSAL.NET v2 applications.
If you need to maintain SSO between an application using ADAL 3.x or MSAL 2.x and this application using MSAL 3.x,
you might also want to serialize and deserialize with <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeAdalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeAdalV3(System.Byte[])"/> or <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV2"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV2(System.Byte[])"/>,
otherwise just use <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/>.
</summary>
<param name="msalV2State">Byte stream representation of the cache</param>
<remarks>
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.Kerberos.KerberosKeyTypes">
<summary>
The Kerberos key types used in this assembly.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Kerberos.KerberosKeyTypes.None">
<summary>
None.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Kerberos.KerberosKeyTypes.DecCbcCrc">
<summary>
dec-cbc-crc ([RFC3961] section 6.2.3)
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Kerberos.KerberosKeyTypes.DesCbcMd5">
<summary>
des-cbc-md5 ([RFC3961] section 6.2.1)
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Kerberos.KerberosKeyTypes.Aes128CtsHmacSha196">
<summary>
aes128-cts-hmac-sha1-96 ([RFC3962] section 6)
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Kerberos.KerberosKeyTypes.Aes256CtsHmacSha196">
<summary>
aes256-cts-hmac-sha1-96 ([RFC3962] section 6)
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket">
<summary>
Class for Kerberos tickets that are included as claims and used as a supplemental token in an OAuth/OIDC
protocol response.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket.ClientKey">
<summary>
Get or Sets the client key used to encrypt the client portion of the ticket.
This is optional. This will be null if KeyType is null.
This MUST be protected in the protocol response.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket.KeyType">
<summary>
Get or Sets the client key type.This is optional.This will be null if ClientKey is null.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket.KerberosMessageBuffer">
<summary>
Get or Sets the Base64 encoded KERB_MESSAGE_BUFFER
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket.ErrorMessage">
<summary>
Get or Sets the error message that server encountered when creating a ticket granting ticket.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket.Realm">
<summary>
Get or Sets the Kerberos realm/domain name.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket.ServicePrincipalName">
<summary>
Get or Sets the target service principal name (SPN).
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket.ClientName">
<summary>
Get or Sets the client name. Depending on the ticket, this can be either a UserPrincipalName or SamAccountName.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket.#ctor">
<summary>
Creates a new instance of <see cref="T:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket"/> class.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket.#ctor(System.String)">
<summary>
Creates a new instance of <see cref="T:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket"/> class with error message.
</summary>
<param name="errorMessage">Error message to be set.</param>
</member>
<member name="M:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket.ToString">
<summary>
Creates a string representation of the data captured in the Kerberos supplemental ticket.
</summary>
<returns>A string containing the realm, service principal name, client name, and key type.</returns>
</member>
<member name="T:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicketManager">
<summary>
Helper class to manage Kerberos Ticket Claims.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicketManager.FromIdToken(System.String)">
<summary>
Creates a <see cref="T:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket"/> object from given ID token string..
</summary>
<param name="idToken">ID token string.</param>
<returns>A <see cref="T:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket"/> object if a Kerberos Ticket Claim exists in the given
idToken parameter and is parsed correctly. Null, otherwise.</returns>
</member>
<member name="M:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicketManager.SaveToWindowsTicketCache(Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket)">
<summary>
Save current Kerberos Ticket to current user's Ticket Cache.
</summary>
<param name="ticket">Kerberos ticket object to save.</param>
<remarks>Throws <see cref="T:System.ArgumentException"/> when given ticket parameter is not a valid Kerberos supplemental ticket.
Throws <see cref="T:System.ComponentModel.Win32Exception"/> if error occurs while saving ticket information into Ticket Cache.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicketManager.SaveToWindowsTicketCache(Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket,System.Int64)">
<summary>
Save current Kerberos Ticket to current user's Ticket Cache. Windows only.
</summary>
<param name="ticket">Kerberos ticket object to save.</param>
<param name="logonId">The Logon Id of the user owning the ticket cache.
The default of 0 represents the currently logged on user.</param>
<remarks>Throws <see cref="T:System.ArgumentException"/> when given ticket parameter is not a valid Kerberos supplemental ticket.
Throws <see cref="T:System.ComponentModel.Win32Exception"/> if error occurs while saving ticket information into Ticket Cache.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicketManager.GetKerberosTicketFromWindowsTicketCache(System.String)">
<summary>
Reads a Kerberos Service Ticket associated with given service principal name from
current user's Ticket Cache. Windows only.
</summary>
<param name="servicePrincipalName">Service principal name to find associated Kerberos Ticket.</param>
<returns>Byte stream of searched Kerberos Ticket information if exists. Null, otherwise.</returns>
<remarks>
Throws <see cref="T:System.ComponentModel.Win32Exception"/> if error occurs while searching ticket information from Ticket Cache.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicketManager.GetKerberosTicketFromWindowsTicketCache(System.String,System.Int64)">
<summary>
Reads a Kerberos Service Ticket associated with given service principal name from
current user's Ticket Cache.
</summary>
<param name="servicePrincipalName">Service principal name to find associated Kerberos Ticket.</param>
<param name="logonId">The Logon Id of the user owning the ticket cache.
The default of 0 represents the currently logged on user.</param>
<returns>Byte stream of searched Kerberos Ticket information if exists. Null, otherwise.</returns>
<remarks>
Throws <see cref="T:System.ComponentModel.Win32Exception"/> if error occurs while searching ticket information from Ticket Cache.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicketManager.GetKrbCred(Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicket)">
<summary>
Gets the KRB-CRED Kerberos Ticket information as byte stream.
</summary>
<param name="ticket">Kerberos ticket object to save.</param>
<returns>Byte stream representation of KRB-CRED Kerberos Ticket if it contains valid ticket information.
Null, otherwise.</returns>
</member>
<member name="M:Microsoft.Identity.Client.Kerberos.KerberosSupplementalTicketManager.GetKerberosTicketClaim(System.String,Microsoft.Identity.Client.Kerberos.KerberosTicketContainer)">
<summary>
Generate a Kerberos Ticket Claim string.
</summary>
<param name="servicePrincipalName">Service principal name to use.</param>
<param name="ticketContainer">Ticket container to use.</param>
<returns>A Kerberos Ticket Claim string if valid service principal name was given. Empty string, otherwise.</returns>
</member>
<member name="T:Microsoft.Identity.Client.Kerberos.KerberosTicketContainer">
<summary>
Declares the type of container to use for Kerberos Ticket Claim.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Kerberos.KerberosTicketContainer.IdToken">
<summary>
Use the Id token as the Kerberos Ticket container.
(NOTE) MSAL will read out Kerberos Service Ticket from received id token, cache into current user's
ticket cache, and return it as KerberosSupplementalTicket object in AuthenticationResult.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Kerberos.KerberosTicketContainer.AccessToken">
<summary>
Use the Access Token as the Kerberos Ticket container.
(NOTE) MSAL will not read out Kerberos Service Ticket from received access token. Caller should handle
received access token directly to use for next service request.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.LogCallback">
<summary>
Callback delegate that allows application developers to consume logs, and handle them in a custom manner. This
callback is set using <see cref="M:Microsoft.Identity.Client.BaseAbstractApplicationBuilder`1.WithLogging(Microsoft.Identity.Client.LogCallback,System.Nullable{Microsoft.Identity.Client.LogLevel},System.Nullable{System.Boolean},System.Nullable{System.Boolean})"/>.
If <c>PiiLoggingEnabled</c> is set to <c>true</c>, when registering the callback this method will receive the messages twice:
once with the <c>containsPii</c> parameter equals <c>false</c> and the message without PII,
and a second time with the <c>containsPii</c> parameter equals to <c>true</c> and the message might contain PII.
In some cases (when the message does not contain PII), the message will be the same.
For details see https://aka.ms/msal-net-logging
</summary>
<param name="level">Log level of the log message to process</param>
<param name="message">Pre-formatted log message</param>
<param name="containsPii">Indicates if the log message contains Organizational Identifiable Information (OII)
or Personally Identifiable Information (PII) nor not.
If <see cref="P:Microsoft.Identity.Client.Logger.PiiLoggingEnabled"/> is set to <c>false</c> then this value is always false.
Otherwise it will be <c>true</c> when the message contains PII.</param>
<seealso cref="T:Microsoft.Identity.Client.Logger"/>
</member>
<member name="T:Microsoft.Identity.Client.LogLevel">
<summary>
Represents log level in MSAL.
For details, see <see href="https://aka.ms/msal-net-logging">MSAL logging</see>.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.LogLevel.Always">
<summary>
Includes logs of important health metrics to help with diagnostics of MSAL operations.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.LogLevel.Error">
<summary>
Includes logs when something has gone wrong and an error was generated. Used for debugging and identifying problems.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.LogLevel.Warning">
<summary>
Includes logs in scenarios when there hasn't necessarily been an error or failure, but are intended for diagnostics and pinpointing problems.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.LogLevel.Info">
<summary>
Default. Includes logs of general events intended for informational purposes, not necessarily intended for debugging.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.LogLevel.Verbose">
<summary>
Includes logs of the full details of library behavior.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ManagedIdentityApplication">
<summary>
Class to be used for managed identity applications (on Azure resources like App Services, Virtual Machines, Azure Arc, Service Fabric and Cloud Shell).
</summary>
<remarks>
Managed identity can be enabled on Azure resources as a system assigned managed identity or a user assigned managed identity.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ManagedIdentityApplication.AcquireTokenForManagedIdentity(System.String)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.ManagedIdentityApplication.GetManagedIdentitySource">
<summary>
Detects and returns the managed identity source available on the environment.
</summary>
<returns>Managed identity source detected on the environment if any.</returns>
</member>
<member name="T:Microsoft.Identity.Client.ManagedIdentity.AbstractManagedIdentity">
<summary>
Original source of code: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/ManagedIdentitySource.cs
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ManagedIdentity.AppServiceManagedIdentitySource">
<summary>
Original source of code: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/AppServiceManagedIdentitySource.cs
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ManagedIdentity.AzureArcManagedIdentitySource">
<summary>
Original source of code: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/AzureArcManagedIdentitySource.cs
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ManagedIdentity.CloudShellManagedIdentitySource">
<summary>
Original source of code: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/CloudShellManagedIdentitySource.cs
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ManagedIdentity.ImdsManagedIdentitySource">
<summary>
Original source of code: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/ImdsManagedIdentitySource.cs
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentityClient">
<summary>
Class to initialize a managed identity and identify the service.
Original source of code: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/ManagedIdentityClient.cs
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentityResponse.AccessToken">
<summary>
The requested access token.
</summary>
<remarks>When you call a secured REST API, the token is embedded in the Authorization
request header field as a "bearer" token,
allowing the API to authenticate the caller.</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentityResponse.ExpiresOn">
<summary>
The timespan when the access token expires.
</summary>
<remarks>The date is represented as the number of seconds from "1970-01-01T0:0:0Z UTC"
(corresponds to the token's exp claim).</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentityResponse.Resource">
<summary>
The resource the access token was requested for.
</summary>
<remarks>Which matches the resource query string parameter of the request.</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentityResponse.TokenType">
<summary>
The type of token returned by the Managed Identity endpoint.
</summary>
<remarks>which is a "Bearer" access token, which means the resource
can give access to the bearer of this token.</remarks>
</member>
<member name="P:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentityResponse.ClientId">
<summary>
A unique identifier generated by Azure AD for the Azure Resource.
</summary>
<remarks>The Client ID is a GUID value that uniquely identifies the application
and its configuration within the identity platform</remarks>
</member>
<member name="T:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource">
<summary>
Managed identity sources supported. The library will handle these internally.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.None">
<summary>
Default.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.Imds">
<summary>
The source to acquire token for managed identity is IMDS.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.AppService">
<summary>
The source to acquire token for managed identity is App Service.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.AzureArc">
<summary>
The source to acquire token for managed identity is Azure Arc.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.CloudShell">
<summary>
The source to acquire token for managed identity is Cloud Shell.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.ServiceFabric">
<summary>
The source to acquire token for managed identity is Service Fabric.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource.DefaultToImds">
<summary>
Indicates that the source is defaulted to IMDS since no environment variables are set.
This is used to detect the managed identity source.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ManagedIdentity.ServiceFabricManagedIdentitySource">
<summary>
Original source of code: https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/src/ServiceFabricManagedIdentitySource.cs
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Metrics">
<summary>
MSAL-wide metrics.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Metrics.TotalAccessTokensFromIdP">
<summary>
Total tokens obtained by MSAL from the identity provider.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Metrics.TotalAccessTokensFromCache">
<summary>
Total tokens obtained by MSAL from cache.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Metrics.TotalAccessTokensFromBroker">
<summary>
Total tokens obtained by MSAL from broker.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Metrics.TotalDurationInMs">
<summary>
Total time, in milliseconds, spent in MSAL for all requests. Aggregate of <see cref="P:Microsoft.Identity.Client.AuthenticationResultMetadata.DurationTotalInMs"/>.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.IUser">
<summary>
In MSAL.NET 1.x, was representing a User. From MSAL 2.x use <see cref="T:Microsoft.Identity.Client.IAccount"/> which represents an account
(a user has several accounts). See https://aka.ms/msal-net-2-released for more details.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IUser.DisplayableId">
<summary>
In MSAL.NET 1.x was the displayable ID of a user. From MSAL 2.x use the <see cref="P:Microsoft.Identity.Client.IAccount.Username"/> of an account.
See https://aka.ms/msal-net-2-released for more details
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IUser.Name">
<summary>
In MSAL.NET 1.x was the name of the user (which was not very useful as the concatenation of
some claims). From MSAL 2.x rather use <see cref="P:Microsoft.Identity.Client.IAccount.Username"/>. See https://aka.ms/msal-net-2-released for more details.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IUser.IdentityProvider">
<summary>
In MSAL.NET 1.x was the URL of the identity provider (e.g. `https://login.microsoftonline.com/tenantId`).
From MSAL.NET 2.x use <see cref="P:Microsoft.Identity.Client.IAccount.Environment"/> which retrieves the host only (e.g. login.microsoftonline.com).
See https://aka.ms/msal-net-2-released for more details.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.IUser.Identifier">
<summary>
In MSAL.NET 1.x was an identifier for the user in the guest tenant.
From MSAL.NET 2.x, use <see cref="P:Microsoft.Identity.Client.IAccount.HomeAccountId"/><see cref="P:Microsoft.Identity.Client.AccountId.Identifier"/> to get
the user identifier (globally unique across tenants). See https://aka.ms/msal-net-2-released for more details.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.TokenCacheNotificationArgs">
<summary>
Contains parameters used by the MSAL call accessing the cache.
See also <see cref="T:Microsoft.Identity.Client.ITokenCacheSerializer"/> which contains methods
to customize the cache serialization.
For more details about the token cache see https://aka.ms/msal-net-web-token-cache
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.User">
<summary>
In MSAL.NET 1.x, returned the user who signed in to get the authentication result. From MSAL 2.x
rather use <see cref="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.Account"/> instead. See https://aka.ms/msal-net-2-released for more details.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCacheNotificationArgs.#ctor(Microsoft.Identity.Client.ITokenCacheSerializer,System.String,Microsoft.Identity.Client.IAccount,System.Boolean,System.Boolean,System.String,System.Boolean,System.Nullable{System.DateTimeOffset},System.Threading.CancellationToken)">
<summary>
This constructor is for test purposes only. It allows apps to unit test their MSAL token cache implementation code.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCacheNotificationArgs.#ctor(Microsoft.Identity.Client.ITokenCacheSerializer,System.String,Microsoft.Identity.Client.IAccount,System.Boolean,System.Boolean,System.String,System.Boolean,System.Nullable{System.DateTimeOffset},System.Threading.CancellationToken,System.Guid)">
<summary>
This constructor is for test purposes only. It allows apps to unit test their MSAL token cache implementation code.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCacheNotificationArgs.#ctor(Microsoft.Identity.Client.ITokenCacheSerializer,System.String,Microsoft.Identity.Client.IAccount,System.Boolean,System.Boolean,System.String,System.Boolean,System.Nullable{System.DateTimeOffset},System.Threading.CancellationToken,System.Guid,System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
This constructor is for test purposes only. It allows apps to unit test their MSAL token cache implementation code.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCacheNotificationArgs.#ctor(Microsoft.Identity.Client.ITokenCacheSerializer,System.String,Microsoft.Identity.Client.IAccount,System.Boolean,System.Boolean,System.String,System.Boolean,System.Nullable{System.DateTimeOffset},System.Threading.CancellationToken,System.Guid,System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.IdentityModel.Abstractions.IIdentityLogger,System.Boolean,Microsoft.Identity.Client.TelemetryCore.TelemetryClient.TelemetryData)">
<summary>
This constructor is for test purposes only. It allows apps to unit test their MSAL token cache implementation code.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.TokenCache">
<summary>
Gets the <see cref="T:Microsoft.Identity.Client.ITokenCacheSerializer"/> involved in the transaction
</summary>
<remarks><see cref="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.TokenCache" > objects</see> implement this interface.</remarks>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.ClientId">
<summary>
Gets the ClientId (application ID) of the application involved in the cache transaction
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.Account">
<summary>
Gets the account involved in the cache transaction.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.HasStateChanged">
<summary>
Indicates whether the state of the cache has changed, for example when tokens are being added or removed.
Not all cache operations modify the state of the cache.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.IsApplicationCache">
<summary>
Indicates whether the cache change occurred in the UserTokenCache or in the AppTokenCache.
</summary>
<remarks>
The Application Cache is used in Client Credential grant, which is not available on all platforms.
See https://aka.ms/msal-net-app-cache-serialization for details.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.SuggestedCacheKey">
<summary>
A suggested token cache key, which can be used with general purpose storage mechanisms that allow
storing key-value pairs and key based retrieval. Useful in applications that store one token cache per user,
the recommended pattern for web apps.
The value is:
<list type="bullet">
<item><description><c>homeAccountId</c> for <c>AcquireTokenSilent</c>, <c>GetAccount(homeAccountId)</c>, <c>RemoveAccount</c> and when writing tokens on confidential client calls</description></item>
<item><description><c>"{clientId}__AppTokenCache"</c> for <c>AcquireTokenForClient</c></description></item>
<item><description><c>"{clientId}_{tenantId}_AppTokenCache"</c> for <c>AcquireTokenForClient</c> when using a tenant specific authority</description></item>
<item><description>the hash of the original token for <c>AcquireTokenOnBehalfOf</c></description></item>
</list>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.HasTokens">
<summary>
Is true when at least one non-expired access token exists in the cache.
</summary>
<remarks>
If this flag is false in the OnAfterAccessAsync notification - the node can be deleted from the underlying storage (e.g. IDistributedCache).
MSAL takes into consideration access tokens expiration when computing this flag. Use in conjunction with SuggestedCacheExpiry.
If a refresh token exists in the cache, this property will always be true.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.CancellationToken">
<summary>
The cancellation token that was passed to AcquireToken* flow via ExecuteAsync(CancellationToken). Can be passed
along to the custom token cache implementation.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.CorrelationId">
<summary>
The correlation id associated with the request. See <see cref="M:Microsoft.Identity.Client.BaseAbstractAcquireTokenParameterBuilder`1.WithCorrelationId(System.Guid)"/>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.RequestScopes">
<summary>
Scopes specified in the AcquireToken* method.
</summary>
<remarks>
Note that Azure Active Directory may return more scopes than requested, however this property will only contain the scopes requested.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.RequestTenantId">
<summary>
Tenant Id specified in the AcquireToken* method, if any.
</summary>
<remarks>
Note that if "common" or "organizations" is specified, Azure Active Directory discovers the host tenant for the user, and the tokens
are associated with it. This property is not impacted.</remarks>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.SuggestedCacheExpiry">
<summary>
Suggested value of the expiry, to help determining the cache eviction time.
This value is <b>only</b> set on the <code>OnAfterAccess</code> delegate, on a cache write
operation (that is when <code>args.HasStateChanged</code> is <code>true</code>) and when the cache node contains only access tokens.
In all other cases it's <code>null</code>.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.IdentityLogger">
<summary>
Identity Logger provided at the time of application creation Via WithLogging(IIdentityLogger, bool)/>
Calling the log function will automatically add MSAL formatting to the message. For details see https://aka.ms/msal-net-logging
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.PiiLoggingEnabled">
<summary>
Boolean used to determine if Personally Identifiable Information (PII) logging is enabled.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCacheNotificationArgs.TelemetryData">
<summary>
Cache Details contains the details of L1/ L2 cache for telemetry logging.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.PublicClientApplication">
<inheritdoc cref="T:Microsoft.Identity.Client.IPublicClientApplication"/>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.#ctor(System.String)">
<summary>
Constructor of the application. It will use `https://login.microsoftonline.com/common` as the default authority.
</summary>
<param name="clientId">Client ID (also known as App ID) of the application as registered in the
application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED</param>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.#ctor(System.String,System.String)">
<summary>
Constructor of the application.
</summary>
<param name="clientId">Client ID (also named Application ID) of the application as registered in the
application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED</param>
<param name="authority">Authority of the security token service (STS) from which MSAL.NET will acquire the tokens.
Usual authorities are:
<list type="bullet">
<item><description><c>https://login.microsoftonline.com/tenant/</c>, where <c>tenant</c> is the tenant ID of the Azure AD tenant
or a domain associated with this Azure AD tenant, in order to sign-in user of a specific organization only</description></item>
<item><description><c>https://login.microsoftonline.com/common/</c> to signing users with any work and school accounts or Microsoft personal account</description></item>
<item><description><c>https://login.microsoftonline.com/organizations/</c> to signing users with any work and school accounts</description></item>
<item><description><c>https://login.microsoftonline.com/consumers/</c> to signing users with only personal Microsoft account (live)</description></item>
</list>
Note that this setting needs to be consistent with what is declared in the application registration portal
</param>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String})">
<summary>
Interactive request to acquire token for the specified scopes. The user is required to select an account
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
<remarks>The user will be signed-in interactively if needed,
and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.</remarks>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed
based on the <paramref name="loginHint"/>
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)">
<summary>
Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed
based on the provided <paramref name="account"/>
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.Prompt,System.String)">
<summary>
Interactive request to acquire token for a login with control of the UI prompt and possibility of passing extra query parameters like additional claims
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.Prompt,System.String)">
<summary>
Interactive request to acquire token for an account with control of the UI prompt and possibility of passing extra query parameters like additional claims
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.Prompt,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Interactive request to acquire token for a given login, with the possibility of controlling the user experience, passing extra query
parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="extraScopesToConsent">Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
for which you want to acquire a security token.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.Prompt,System.String,System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Interactive request to acquire token for a given account, with the possibility of controlling the user experience, passing extra query
parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="extraScopesToConsent">Scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
for which you want to acquire a security token.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for the specified scopes. The interactive window will be parented to the specified
window. The user will be required to select an account
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
<remarks>The user will be signed-in interactively if needed,
and will consent to scopes and do multi-factor authentication if such a policy was enabled in the Azure AD tenant.</remarks>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for the specified scopes. The interactive window will be parented to the specified
window. The user will need to sign-in but an account will be proposed
based on the <paramref name="loginHint"/>
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and login</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for the specified scopes. The user will need to sign-in but an account will be proposed
based on the provided <paramref name="account"/>
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.Prompt,System.String,Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for a login with control of the UI prompt and possibility of passing extra query parameters like additional claims
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.Prompt,System.String,Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for an account with control of the UI prompt and possibility of passing extra query parameters like additional claims
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.Prompt,System.String,System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for a given login, with the possibility of controlling the user experience, passing extra query
parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="loginHint">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c></param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="extraScopesToConsent">scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
for which you want to acquire a security token.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount,Microsoft.Identity.Client.Prompt,System.String,System.Collections.Generic.IEnumerable{System.String},System.String,Microsoft.Identity.Client.UIParent)">
<summary>
Interactive request to acquire token for a given account, with the possibility of controlling the user experience, passing extra query
parameters, providing extra scopes that the user can pre-consent to, and overriding the authority pre-configured in the application
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="account">Account to use for the interactive token acquisition. See <see cref="T:Microsoft.Identity.Client.IAccount"/> for ways to get an account</param>
<param name="prompt">Designed interactive experience for the user.</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="extraScopesToConsent">scopes that you can request the end user to consent upfront, in addition to the scopes for the protected web API
for which you want to acquire a security token.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<param name="parent">Object containing a reference to the parent window/activity. REQUIRED for Xamarin.Android only.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenByUsernamePasswordAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.Security.SecureString)">
<summary>
Non-interactive request to acquire a security token from the authority, via Username/Password Authentication.
Available only on .net desktop and .net core. See https://aka.ms/msal-net-up for details.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="username">Identifier of the user application requests token on behalf.
Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com</param>
<param name="securePassword">User password.</param>
<returns>Authentication result containing a token for the requested scopes and account</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})">
<summary>
Acquires a security token on a device without a web browser, by letting the user authenticate on
another device. This is done in two steps:
<list type="bullet">
<item><description>the method first acquires a device code from the authority and returns it to the caller via
the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user
to direct them to authenticate (to a specific URL, with a code)</description></item>
<item><description>The method then proceeds to poll for the security
token which is granted upon successful login by the user based on the device code information</description></item>
</list>
See https://aka.ms/msal-device-code-flow.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="deviceCodeResultCallback">Callback containing information to show the user about how to authenticate and enter the device code.</param>
<returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})">
<summary>
Acquires a security token on a device without a web browser, by letting the user authenticate on
another device, with possibility of passing extra parameters. This is done in two steps:
<list type="bullet">
<item><description>the method first acquires a device code from the authority and returns it to the caller via
the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user
to direct them to authenticate (to a specific URL, with a code)</description></item>
<item><description>The method then proceeds to poll for the security
token which is granted upon successful login by the user based on the device code information</description></item>
</list>
See https://aka.ms/msal-device-code-flow.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="deviceCodeResultCallback">Callback containing information to show the user about how to authenticate and enter the device code.</param>
<returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task},System.Threading.CancellationToken)">
<summary>
Acquires a security token on a device without a web browser, by letting the user authenticate on
another device, with possibility of cancelling the token acquisition before it times out. This is done in two steps:
<list type="bullet">
<item><description>the method first acquires a device code from the authority and returns it to the caller via
the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user
to direct them to authenticate (to a specific URL, with a code)</description></item>
<item><description>The method then proceeds to poll for the security
token which is granted upon successful login by the user based on the device code information. This step is cancelable</description></item>
</list>
See https://aka.ms/msal-device-code-flow.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="deviceCodeResultCallback">The callback containing information to show the user about how to authenticate and enter the device code.</param>
<param name="cancellationToken">A CancellationToken which can be triggered to cancel the operation in progress.</param>
<returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenWithDeviceCodeAsync(System.Collections.Generic.IEnumerable{System.String},System.String,System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task},System.Threading.CancellationToken)">
<summary>
Acquires a security token on a device without a web browser, by letting the user authenticate on
another device, with possibility of passing extra query parameters and cancelling the token acquisition before it times out. This is done in two steps:
<list type="bullet">
<item><description>the method first acquires a device code from the authority and returns it to the caller via
the <paramref name="deviceCodeResultCallback"/>. This callback takes care of interacting with the user
to direct them to authenticate (to a specific URL, with a code)</description></item>
<item><description>The method then proceeds to poll for the security
token which is granted upon successful login by the user based on the device code information. This step is cancelable</description></item>
</list>
See https://aka.ms/msal-device-code-flow.
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
The parameter can be null.</param>
<param name="deviceCodeResultCallback">The callback containing information to show the user about how to authenticate and enter the device code.</param>
<param name="cancellationToken">A CancellationToken which can be triggered to cancel the operation in progress.</param>
<returns>Authentication result containing a token for the requested scopes and for the user who has authenticated on another device with the code</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.Microsoft#Identity#Client#IByRefreshToken#AcquireTokenByRefreshTokenAsync(System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Acquires an access token from an existing refresh token and stores it and the refresh token into
the application user token cache, where it will be available for further AcquireTokenSilentAsync calls.
This method can be used in migration to MSAL from ADAL v2 and in various integration
scenarios where you have a RefreshToken available.
(see https://aka.ms/msal-net-migration-adal2-msal2)
</summary>
<param name="scopes">Scope to request from the token endpoint.
Setting this to null or empty will request an access token, refresh token and ID token with default scopes</param>
<param name="refreshToken">The refresh token (for example previously obtained from ADAL 2.x)</param>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenByIntegratedWindowsAuthAsync(System.Collections.Generic.IEnumerable{System.String})">
<summary>
Non-interactive request to acquire a security token for the signed-in user in Windows, via Integrated Windows Authentication.
See https://aka.ms/msal-net-iwa.
The account used in this overrides is pulled from the operating system as the current user principal name
</summary>
<remarks>
On Windows Universal Platform, the following capabilities need to be provided:
Enterprise Authentication, Private Networks (Client and Server), User Account Information
Supported on .net desktop
</remarks>
<param name="scopes">Scopes requested to access a protected API</param>
<returns>Authentication result containing a token for the requested scopes and for the currently signed-in user in Windows</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenByIntegratedWindowsAuthAsync(System.Collections.Generic.IEnumerable{System.String},System.String)">
<summary>
Non-interactive request to acquire a security token for the signed-in user in Windows, via Integrated Windows Authentication.
See https://aka.ms/msal-net-iwa.
The account used in this overrides is pulled from the operating system as the current user principal name
</summary>
<param name="scopes">Scopes requested to access a protected API</param>
<param name="username">Identifier of the user account for which to acquire a token with Integrated Windows authentication.
Generally in UserPrincipalName (UPN) format, e.g. john.doe@contoso.com</param>
<returns>Authentication result containing a token for the requested scopes and for the currently signed-in user in Windows</returns>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.#ctor(System.String,System.String,Microsoft.Identity.Client.TokenCache)">
<summary>
Constructor to create application instance. This constructor is only available for Desktop and NetCore apps
</summary>
<param name="clientId">Client id of the application</param>
<param name="authority">Default authority to be used for the application</param>
<param name="userTokenCache">Instance of TokenCache.</param>
</member>
<member name="P:Microsoft.Identity.Client.PublicClientApplication.OperatingSystemAccount">
<summary>
A special account value that indicates that the current operating system account should be used
to log the user in. Not all operating systems and authentication flows support this concept, in which
case calling <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> will throw an <see cref="T:Microsoft.Identity.Client.MsalUiRequiredException"/>.
</summary>
<remarks>
Currently only the Windows broker is able to login with the current operating system user. For additional details, see <see href="https://aka.ms/msal-net-wam">the documentation on the Windows broker</see>.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.PublicClientApplication.IsSystemWebViewAvailable">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.IsEmbeddedWebViewAvailable">
<summary>
Returns <c>true</c> if MSAL can use an embedded web view (web browser).
</summary>
<remarks>
All .NET Framework applications will use the legacy web view. .NET 6 and .NET Core applications must use the <see href="https://www.nuget.org/packages/Microsoft.Identity.Client.Desktop">Microsoft.Identity.Client.Desktop</see> package with WebView2. .NET 6 for Windows comes with WebView2 by default.
WebView2 UI is only shown for non-AAD authorities.
Refer to <see href="https://aka.ms/msal-net-webview2">our documentation</see> for additional details.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.IsUserInteractive">
<summary>
Returns <c>false</c> when the application runs in headless mode (e.g., when SSH-d into a Linux machine).
Browsers (web views) and brokers cannot be used if there is no UI support. For those scenarios, use <see cref="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenWithDeviceCode(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})"/>.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.IsBrokerAvailable">
<summary>
Returns <c>true</c> if an authentication broker can be used.
This method is only needed for mobile scenarios which support Mobile Application Management (MAM). In other cases, use <c>WithBroker</c>, which will fall back to use a browser if an authentication broker is unavailable.
</summary>
<remarks>
<list type="bullet">
<item><description>On Windows, the broker (WAM) can be used on Windows 10 and is always installed. See https://aka.ms/msal-net-wam </description></item>
<item><description>On Mac, Linux, and older versions of Windows a broker is not available.</description></item>
<item><description>In .NET 6 apps, target <c>net6.0-windows10.0.17763.0</c> for all Windows versions and target <c>net6.0</c> for Linux and Mac.</description></item>
<item><description>In .NET classic or .NET Core 3.1 apps, install Microsoft.Identity.Client.Desktop first and call <c>WithDesktopFeatures()</c>.</description></item>
<item><description>In mobile apps, the device must be Intune joined and Authenticator or Company Portal must be installed. See https://aka.ms/msal-brokers </description></item>
</list>
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenInteractive(System.Collections.Generic.IEnumerable{System.String})">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenWithDeviceCode(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.Microsoft#Identity#Client#IByRefreshToken#AcquireTokenByRefreshToken(System.Collections.Generic.IEnumerable{System.String},System.String)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenByIntegratedWindowsAuth(System.Collections.Generic.IEnumerable{System.String})">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenByUsernamePassword(System.Collections.Generic.IEnumerable{System.String},System.String,System.Security.SecureString)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenByUsernamePassword(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PublicClientApplication.IsProofOfPossessionSupportedByClient">
<summary>
Used to determine if the currently available broker is able to perform Proof-of-Possession.
</summary>
<returns>Boolean indicating if Proof-of-Possession is supported</returns>
</member>
<member name="T:Microsoft.Identity.Client.IConfidentialClientApplicationWithCertificate">
<summary>
Component to be used with confidential client applications like web apps/APIs.
This component supports Subject Name + Issuer authentication in order to help, in the future,
Azure AD certificates rollover.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplicationWithCertificate.AcquireTokenForClientWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String})">
<summary>
[V2 API] Acquires token from the service for the confidential client using the client credentials flow. (See https://aka.ms/msal-net-client-credentials)
This method enables application developers to achieve easy certificates roll-over
in Azure AD: this method will send the public certificate to Azure AD
along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
This saves the application admin from the need to explicitly manage the certificate rollover
(either via portal or PowerShell/CLI operation).
</summary>
<param name="scopes">Array of scopes requested for resource</param>
<returns>Authentication result containing application token for the requested scopes</returns>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplicationWithCertificate.AcquireTokenForClientWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String},System.Boolean)">
<summary>
[V2 API] Acquires token from the service for the confidential client using the client credentials flow. (See https://aka.ms/msal-net-client-credentials)
This method attempts to look up valid access token in the cache unless<paramref name="forceRefresh"/> is true
This method enables application developers to achieve easy certificates roll-over
in Azure AD: this method will send the public certificate to Azure AD
along with the token request, so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
This saves the application admin from the need to explicitly manage the certificate rollover
(either via portal or PowerShell/CLI operation)
</summary>
<param name="scopes">Array of scopes requested for resource</param>
<param name="forceRefresh">If TRUE, API will ignore the access token in the cache and attempt to acquire new access token using client credentials</param>
<returns>Authentication result containing application token for the requested scopes</returns>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplicationWithCertificate.AcquireTokenOnBehalfOfWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)">
<summary>
[V2 API] Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of)
</summary>
<param name="scopes">Array of scopes requested for resource</param>
<param name="userAssertion">Instance of UserAssertion containing user's token.</param>
<returns>Authentication result containing token of the user for the requested scopes</returns>
</member>
<member name="M:Microsoft.Identity.Client.IConfidentialClientApplicationWithCertificate.AcquireTokenOnBehalfOfWithCertificateAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion,System.String)">
<summary>
[V2 API] Acquires token using On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of)
</summary>
<param name="scopes">Array of scopes requested for resource</param>
<param name="userAssertion">Instance of UserAssertion containing user's token.</param>
<param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
<returns>Authentication result containing token of the user for the requested scopes</returns>
</member>
<member name="T:Microsoft.Identity.Client.UIBehavior">
<summary>
Structure containing static members that you can use to specify how the interactive overrides
of AcquireTokenAsync in <see cref="T:Microsoft.Identity.Client.PublicClientApplication"/> should prompt the user.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Logger">
<summary>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Logger.LogCallback">
<summary>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Logger.Level">
<summary>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Logger.PiiLoggingEnabled">
<summary>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Logger.DefaultLoggingEnabled">
<summary>
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Telemetry">
<summary>
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Telemetry.Receiver">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Telemetry.GetInstance">
<summary>
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Telemetry.TelemetryOnFailureOnly">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Telemetry.RegisterReceiver(Microsoft.Identity.Client.Telemetry.Receiver)">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Telemetry.HasRegisteredReceiver">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Telemetry.Microsoft#Identity#Client#TelemetryCore#ITelemetryReceiver#HandleTelemetryEvents(System.Collections.Generic.List{System.Collections.Generic.Dictionary{System.String,System.String}})">
<summary>
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ClientAssertionCertificate">
<summary>
Certificate for a client assertion. This class is used in one of the constructors of <see cref="T:Microsoft.Identity.Client.ClientCredential"/>. ClientCredential
is itself used in the constructor of <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> to pass to Azure AD a shared secret (registered in the
Azure AD application)
</summary>
<seealso cref="T:Microsoft.Identity.Client.ClientCredential"/> for the constructor of <seealso cref="T:Microsoft.Identity.Client.ClientCredential"/>
with a certificate, and <seealso cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>
<remarks>To understand the difference between public client applications and confidential client applications, see https://aka.ms/msal-net-client-applications</remarks>
</member>
<member name="M:Microsoft.Identity.Client.ClientAssertionCertificate.#ctor(System.Security.Cryptography.X509Certificates.X509Certificate2)">
<summary>
Constructor to create certificate information used in <see cref="T:Microsoft.Identity.Client.ClientCredential"/>
to instantiate a <see cref="T:Microsoft.Identity.Client.ClientCredential"/> used in the constructors of <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>
</summary>
<param name="certificate">The X509 certificate used as credentials to prove the identity of the application to Azure AD.</param>
</member>
<member name="P:Microsoft.Identity.Client.ClientAssertionCertificate.MinKeySizeInBits">
<summary>
Gets minimum X509 certificate key size in bits
</summary>
</member>
<member name="P:Microsoft.Identity.Client.ClientAssertionCertificate.Certificate">
<summary>
Gets the X509 certificate used as credentials to prove the identity of the application to Azure AD.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.ClientCredential">
<summary>
Meant to be used in confidential client applications, an instance of <c>ClientCredential</c> is passed
to the constructors of (<see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>)
as credentials proving that the application (the client) is what it claims it is. These credentials can be
either a client secret (an application password) or a certificate.
This class has one constructor for each case.
These credentials are added in the application registration portal (in the secret section).
</summary>
</member>
<member name="M:Microsoft.Identity.Client.ClientCredential.#ctor(Microsoft.Identity.Client.ClientAssertionCertificate)">
<summary>
Constructor of client (application) credentials from a <see cref="T:Microsoft.Identity.Client.ClientAssertionCertificate"/>
</summary>
<param name="certificate">contains information about the certificate previously shared with AAD at application
registration to prove the identity of the application (the client) requesting the tokens.</param>
</member>
<member name="M:Microsoft.Identity.Client.ClientCredential.#ctor(System.String)">
<summary>
Constructor of client (application) credentials from a client secret, also known as the application password.
</summary>
<param name="secret">Secret string previously shared with AAD at application registration to prove the identity
of the application (the client) requesting the tokens.</param>
</member>
<member name="T:Microsoft.Identity.Client.UIParent">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.UIParent.#ctor">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.UIParent.#ctor(System.Object,System.Boolean)">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.UIParent.IsSystemWebviewAvailable">
<summary>
Checks Android device for chrome packages.
Returns true if chrome package for launching system webview is enabled on device.
Returns false if chrome package is not found.
</summary>
<example>
The following code decides, in a Xamarin.Forms app, which browser to use based on the presence of the
required packages.
<code>
bool useSystemBrowser = UIParent.IsSystemWebviewAvailable();
App.UIParent = new UIParent(Xamarin.Forms.Forms.Context as Activity, !useSystemBrowser);
</code>
</example>
</member>
<member name="T:Microsoft.Identity.Client.TokenCache">
<summary>
Token cache storing access and refresh tokens for accounts
This class is used in the constructors of <see cref="T:Microsoft.Identity.Client.PublicClientApplication"/> and <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>.
In the case of ConfidentialClientApplication, two instances are used, one for the user token cache, and one for the application
token cache (in the case of applications using the client credential flows).
</summary>
<summary>
IMPORTANT: this class is performance critical; any changes must be benchmarked using Microsoft.Identity.Test.Performance.
More information about how to test and what data to look for is in https://aka.ms/msal-net-performance-testing.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCache.HasStateChanged">
<summary>
Gets or sets the flag indicating whether the state of the cache has changed.
MSAL methods set this flag after any change.
Caller applications should reset the flag after serializing and persisting the state of the cache.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.SerializeUnifiedAndAdalCache">
<summary>
Serializes the entire token cache in both the ADAL V3 and unified cache formats.
</summary>
<returns>Serialized token cache <see cref="T:Microsoft.Identity.Client.Cache.CacheData"/></returns>
<remarks>
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.DeserializeUnifiedAndAdalCache(Microsoft.Identity.Client.Cache.CacheData)">
<summary>
Deserializes the token cache from a serialization blob in both format (ADAL V3 format, and unified cache format)
</summary>
<param name="cacheData">Array of bytes containing serialize cache data</param>
<remarks>
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.Serialize">
<summary>
Serializes using the <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV2"/> serializer.
Obsolete: Please use specialized Serialization methods.
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV2"/> replaces <see cref="M:Microsoft.Identity.Client.TokenCache.Serialize"/>.
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/> Is our recommended way of serializing/deserializing.
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeAdalV3"/> For interoperability with ADAL.NET v3.
</summary>
<returns>array of bytes, <see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV2"/></returns>
<remarks>
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.Deserialize(System.Byte[])">
<summary>
Deserializes the token cache from a serialization blob in the unified cache format
Obsolete: Please use specialized Deserialization methods.
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV2(System.Byte[])"/> replaces <see cref="M:Microsoft.Identity.Client.TokenCache.Deserialize(System.Byte[])"/>
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/> Is our recommended way of serializing/deserializing.
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeAdalV3(System.Byte[])"/> For interoperability with ADAL.NET v3
</summary>
<param name="msalV2State">Array of bytes containing serialized MSAL.NET V2 cache data</param>
<remarks>
<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.SerializeMsalV3"/>/<see cref="M:Microsoft.Identity.Client.ITokenCacheSerializer.DeserializeMsalV3(System.Byte[],System.Boolean)"/> is compatible with other MSAL libraries such as MSAL for Python and MSAL for Java.
<paramref name="msalV2State"/>Is a Json blob containing access tokens, refresh tokens, id tokens and accounts information.
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.TokenCache.TokenCacheNotification">
<summary>
Notification for certain token cache interactions during token acquisition. This delegate is
used in particular to provide a custom token cache serialization
</summary>
<param name="args">Arguments related to the cache item impacted</param>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.SerializeAdalV3">
<summary>
This is removed in MSAL.NET v4. Read more: https://aka.ms/msal-net-4x-cache-breaking-change
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.DeserializeAdalV3(System.Byte[])">
<summary>
This is removed in MSAL.NET v4. Read more: https://aka.ms/msal-net-4x-cache-breaking-change
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.SerializeMsalV2">
<summary>
This is removed in MSAL.NET v4. Read more: https://aka.ms/msal-net-4x-cache-breaking-change
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.DeserializeMsalV2(System.Byte[])">
<summary>
This is removed in MSAL.NET v4. Read more: https://aka.ms/msal-net-4x-cache-breaking-change
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.SerializeMsalV3">
<summary>
This is removed in MSAL.NET v4. Read more: https://aka.ms/msal-net-4x-cache-breaking-change
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.DeserializeMsalV3(System.Byte[],System.Boolean)">
<summary>
This is removed in MSAL.NET v4. Read more: https://aka.ms/msal-net-4x-cache-breaking-change
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.#ctor">
<summary>
Constructor of a token cache. This constructor is left for compatibility with MSAL 2.x.
The recommended way to get a cache is by using <see cref="P:Microsoft.Identity.Client.IClientApplicationBase.UserTokenCache"/>
and <c>IConfidentialClientApplication.AppTokenCache</c> once the app is created.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.SetIosKeychainSecurityGroup(System.String)">
<summary>
Sets the security group to be used with the iOS Keychain. This function should not be used by external customers. It <see href="https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2121">will be removed</see> in a future version of MSAL.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.DeleteAccessTokensWithIntersectingScopes(Microsoft.Identity.Client.Internal.Requests.AuthenticationRequestParameters,System.Collections.Generic.IEnumerable{System.String},System.String,System.Collections.Generic.HashSet{System.String},System.String,System.String)">
<summary>
delete all cache entries with intersecting scopes.
this should not happen but we have this as a safe guard
against multiple matches.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.CalculateSuggestedCacheExpiry(Microsoft.Identity.Client.Cache.ITokenCacheAccessor,Microsoft.Identity.Client.Core.ILoggerAdapter)">
<summary>
Important note: we should not be suggesting expiration dates that are in the past, as it breaks some cache implementations.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.Microsoft#Identity#Client#ITokenCacheInternal#FindAccessTokenAsync(Microsoft.Identity.Client.Internal.Requests.AuthenticationRequestParameters)">
<summary>
IMPORTANT: this class is performance critical; any changes must be benchmarked using Microsoft.Identity.Test.Performance.
More information about how to test and what data to look for is in https://aka.ms/msal-net-performance-testing.
Scenario: client_creds with default in-memory cache can get to ~500k tokens
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.ExpireAllAccessTokensForTestAsync">
<summary>
For testing purposes only. Expires ALL access tokens in memory and fires OnAfterAccessAsync event with no cache key
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.Microsoft#Identity#Client#ITokenCacheInternal#GetAccountsAsync(Microsoft.Identity.Client.Internal.Requests.AuthenticationRequestParameters)">
<remarks>
Get accounts should not make a network call, if possible. This can be achieved if
all the environments in the token cache are known to MSAL, as MSAL keeps a list of
known environments in <see cref="T:Microsoft.Identity.Client.Instance.Discovery.KnownMetadataProvider"/>
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.RemoveOboTokensInternal(System.String,Microsoft.Identity.Client.Internal.RequestContext)">
<summary>
Removes OBO tokens stored in the cache. Note that the cache is internally and externally partitioned by the oboKey.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCache.BeforeAccess">
<summary>
Notification method called before any library method accesses the cache.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCache.BeforeWrite">
<summary>
Notification method called before any library method writes to the cache. This notification can be used to reload
the cache state from a row in database and lock that row. That database row can then be unlocked in the
<see cref="P:Microsoft.Identity.Client.TokenCache.AfterAccess"/>notification.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TokenCache.AfterAccess">
<summary>
Notification method called after any library method accesses the cache.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.SetBeforeAccess(Microsoft.Identity.Client.TokenCacheCallback)">
<summary>
Sets a delegate to be notified before any library method accesses the cache. This gives an option to the
delegate to deserialize a cache entry for the application and accounts specified in the <see cref="T:Microsoft.Identity.Client.TokenCacheNotificationArgs"/>.
See https://aka.ms/msal-net-token-cache-serialization
</summary>
<param name="beforeAccess">Delegate set in order to handle the cache deserialization</param>
<remarks>In the case where the delegate is used to deserialize the cache, it might
want to call <see cref="M:Microsoft.Identity.Client.TokenCache.Deserialize(System.Byte[])"/></remarks>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.SetAfterAccess(Microsoft.Identity.Client.TokenCacheCallback)">
<summary>
Sets a delegate to be notified after any library method accesses the cache. This gives an option to the
delegate to serialize a cache entry for the application and accounts specified in the <see cref="T:Microsoft.Identity.Client.TokenCacheNotificationArgs"/>.
See https://aka.ms/msal-net-token-cache-serialization
</summary>
<param name="afterAccess">Delegate set in order to handle the cache serialization in the case where the <see cref="P:Microsoft.Identity.Client.TokenCache.HasStateChanged"/>
member of the cache is <c>true</c></param>
<remarks>In the case where the delegate is used to serialize the cache entirely (not just a row), it might
want to call <see cref="M:Microsoft.Identity.Client.TokenCache.Serialize"/></remarks>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.SetBeforeWrite(Microsoft.Identity.Client.TokenCacheCallback)">
<summary>
Sets a delegate called before any library method writes to the cache. This gives an option to the delegate
to reload the cache state from a row in database and lock that row. That database row can then be unlocked in the delegate
registered with <see cref="M:Microsoft.Identity.Client.TokenCache.SetAfterAccess(Microsoft.Identity.Client.TokenCacheCallback)"/>
</summary>
<param name="beforeWrite">Delegate set in order to prepare the cache serialization</param>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.SetBeforeAccessAsync(System.Func{Microsoft.Identity.Client.TokenCacheNotificationArgs,System.Threading.Tasks.Task})">
<summary>
</summary>
<param name="beforeAccess"></param>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.SetAfterAccessAsync(System.Func{Microsoft.Identity.Client.TokenCacheNotificationArgs,System.Threading.Tasks.Task})">
<summary>
</summary>
<param name="afterAccess"></param>
</member>
<member name="M:Microsoft.Identity.Client.TokenCache.SetBeforeWriteAsync(System.Func{Microsoft.Identity.Client.TokenCacheNotificationArgs,System.Threading.Tasks.Task})">
<summary>
</summary>
<param name="beforeWrite"></param>
</member>
<member name="T:Microsoft.Identity.Client.MsalClaimsChallengeException">
<summary>
This exception indicates that claims have been returned from the endpoint that need to be resolved. This can be achieved by using them in the next authentication request.
See <see href="https://aka.ms/msal-conditional-access-claims">Conditional Access and claims challenges</see>.
See <see href="https://aka.ms/msal-conditional-access-claims-obo">Handling multifactor auth (MFA), Conditional Access, and incremental consent</see>.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.MsalClaimsChallengeException.#ctor(System.String,System.String)">
<summary>
Initializes a new instance of the exception class with a specified
error code and error message.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalClaimsChallengeException.#ctor(System.String,System.String,System.Exception)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and inner exception indicating the root cause.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="innerException">Represents the root cause of the exception.</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalClaimsChallengeException.#ctor(System.String,System.String,System.Exception,Microsoft.Identity.Client.UiRequiredExceptionClassification)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and inner exception indicating the root cause.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="innerException">Represents the root cause of the exception.</param>
<param name="classification">A higher level description for this exception, that allows handling code to
understand what type of action it needs to take to resolve the issue. </param>
</member>
<member name="T:Microsoft.Identity.Client.MsalClientException">
<summary>
This exception class represents errors that are local to the library or the device. Contrary to
<see cref="T:Microsoft.Identity.Client.MsalServiceException"/> which represent errors happening from the Azure AD service or
the network. For more details, see https://aka.ms/msal-net-exceptions
</summary>
</member>
<member name="M:Microsoft.Identity.Client.MsalClientException.#ctor(System.String)">
<summary>
Initializes a new instance of the exception class with a specified
error code.
</summary>
<param name="errorCode">
The error code returned by the service or generated by client. This is the code you can rely on
for exception handling.</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalClientException.#ctor(System.String,System.String)">
<summary>
Initializes a new instance of the exception class with a specified
error code and error message.
</summary>
<param name="errorCode">
The error code returned by the service or generated by client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalClientException.#ctor(System.String,System.String,System.Exception)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and inner exception.
</summary>
<param name="errorCode">
The error code returned by the service or generated by client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="innerException"></param>
</member>
<member name="T:Microsoft.Identity.Client.MsalError">
<summary>
Error code returned as a property in MsalException
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidGrantError">
<summary>
Standard OAuth2 protocol error code. It indicates that the application needs to expose the UI to the user
so that the user does an interactive action in order to get a new token.
<para>Mitigation:</para> If your application is a <see cref="T:Microsoft.Identity.Client.IPublicClientApplication"/> call <c>AcquireTokenInteractive</c>
perform an interactive authentication. If your application is a <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> chances are that the Claims member
of the exception is not empty. See <see cref="P:MsalServiceException.Claims"/> for the right mitigation
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InteractionRequired">
<summary>
Standard OAuth2 protocol error code. It indicates that the application needs to expose the UI to the user
so the user can do an interactive log-in to get a token with updated claims.
<para>Mitigation:</para> If your application is a <see cref="T:Microsoft.Identity.Client.IPublicClientApplication"/> call <c>AcquireTokenInteractive</c>
perform an interactive authentication. If your application is a <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/> chances are that the Claims member
of the exception is not empty. See <see cref="P:Microsoft.Identity.Client.MsalServiceException.Claims"/> for the right mitigation
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.NoTokensFoundError">
<summary>
No token was found in the token cache.
<para>Mitigation:</para> If your application is a <see cref="T:Microsoft.Identity.Client.IPublicClientApplication"/> call <c>AcquireTokenInteractive</c> so
that the user of your application signs-in and accepts consent.
<list type="bullet">
<item><description>
If it's a web app you should have previously called IConfidentialClientApplication.AcquireTokenByAuthorizationCode
as described in https://aka.ms/msal-net-authorization-code. You need to make sure that you have requested the right scopes. For details
See https://github.com/Azure-Samples/ms-identity-aspnetcore-webapp-tutorial
</description></item>
<item><description>This error should not happen in web APIs</description></item>
</list>
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UserNullError">
<summary>
This error code comes back from <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> calls when a null user is
passed as the <c>account</c> parameter. This can be because you have called AcquireTokenSilent with an <c>account</c> parameter
set to <c>accounts.FirstOrDefault()</c> but <c>accounts</c> is empty.
<para>Mitigation</para>
Pass a different account, or otherwise call <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenInteractive(System.Collections.Generic.IEnumerable{System.String})"/>
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UserAssertionNullError">
<summary>
This error code comes back from <see cref="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenOnBehalfOf(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)"/>
calls when a null user assertion is passed as the <c>UserAssertion</c> parameter.
<para>Mitigation</para>
Pass a valid value for user assertion
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.CurrentBrokerAccount">
<summary>
This error code comes back from <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> calls when the
<see cref="P:Microsoft.Identity.Client.PublicClientApplication.OperatingSystemAccount"/> user is passed as the <c>account</c> parameter. Only some brokers (WAM) can login the current user.
<para>Mitigation</para>
On Windows, use the broker via .WithBroker(true), use a different account, or otherwise call <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenInteractive(System.Collections.Generic.IEnumerable{System.String})"/>
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.NoAccountForLoginHint">
<summary>
This error code denotes that no account was found having the given login hint.
<para>What happens?</para>
<see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},System.String)"/>
or <see cref="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithLoginHint(System.String)"/>
was called with a <c>loginHint</c> parameter which does not match any account in <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.GetAccountsAsync"/>
<para>Mitigation</para>
If you are certain about the loginHint, call <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenInteractive(System.Collections.Generic.IEnumerable{System.String})"/>
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.MultipleAccountsForLoginHint">
<summary>
This error code denotes that multiple accounts were found having the same login hint and MSAL
cannot choose one. Please use <see cref="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithAccount(Microsoft.Identity.Client.IAccount)"/> to specify the account
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.TokenCacheNullError">
<summary>
This error code comes back from <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> calls when
the user cache had not been set in the application constructor. This should never happen in MSAL.NET 3.x as the cache is created by the application
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.NoPromptFailedError">
<summary>
One of two conditions was encountered:
<list type="bullet">
<item><description>The <c>Prompt.NoPrompt</c> was passed in an interactive token call, but the constraint could not be honored because user interaction is required,
for instance because the user needs to re-sign-in, give consent for more scopes, or perform multiple factor authentication.
</description></item>
<item><description>
An error occurred during a silent web authentication that prevented the authentication flow from completing in a short enough time frame.
</description></item>
</list>
<para>Remediation:</para>call <c>AcquireTokenInteractive</c> so that the user of your application signs-in and accepts consent.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ServiceNotAvailable">
<summary>
Service is unavailable and returned HTTP error code within the range of 500-599
<para>Mitigation</para> you can retry after a delay.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.RequestTimeout">
<summary>
The HTTP Request to the STS timed out.
<para>Mitigation</para> you can retry after a delay.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.RequestThrottled">
<summary>
Service returned HTTP error code 429 which indicates the request has been throttled.
For more details see https://aka.ms/msal-net-throttling
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UpnRequired">
<summary>
loginHint should be a UPN
<para>What happens?</para> An override of a token acquisition operation was called in <see cref="T:Microsoft.Identity.Client.IPublicClientApplication"/> which
takes a <c>loginHint</c> as a parameters, but this login hint was not using the UserPrincipalName (UPN) format, e.g. <c>john.doe@contoso.com</c>
expected by the service
<para>Remediation</para> Make sure in your code that you enforce <c>loginHint</c> to be a UPN
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.MissingPassiveAuthEndpoint">
<summary>
No passive auth endpoint was found in the OIDC configuration of the authority
<para>What happens?</para> When the libraries go to the authority and get its open id connect configuration
it expects to find a Passive Auth Endpoint entry, and could not find it.
<para>remediation</para> Check that the authority configured for the application, or passed on some overrides of token acquisition tokens
supporting authority override is correct
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidAuthority">
<summary>
Invalid authority
<para>What happens</para> When the library attempts to discover the authority and get the endpoints it needs to
acquire a token, it got an un-authorize HTTP code or an unexpected response
<para>remediation</para> Check that the authority configured for the application, or passed on some overrides of token acquisition tokens
supporting authority override is correct
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidAuthorityType">
<summary>
Invalid authority type.
MSAL.NET does not know how to interact with the authority specified when the application was built.
<para>Mitigation</para>
Use a different authority
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UnauthorizedClient">
<summary>
The client is unauthorized to access resource.
This commonly happens when Mobile App Management (MAM) policies are enabled. MSAL will throw an exception in that case with <c>protection_policy_required</c> sub-error.
<para>Mitigation</para>
Catch the exception and use the properties in it to obtain the right parameters from Intune SDK.
<see href="https://aka.ms/msal-net-trueMAM">IntuneAppProtectionPolicyRequiredException</see>
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UnknownError">
<summary>
Unknown Error occurred.
<para>Mitigation</para> None. You might want to inform the end user.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UnknownBrokerError">
<summary>
Unknown broker error occurred.
<para>Mitigation</para> None. You might want to inform the end user.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.WamFailedToSignout">
<summary>
WAM Signout failed.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AuthenticationFailed">
<summary>
Authentication failed.
<para>What happens?</para>
The authentication failed. For instance the user did not enter the right password
<para>Mitigation</para>
Inform the user to retry.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AuthorityValidationFailed">
<summary>
Authority validation failed.
<para>What happens?</para>
The validation of the authority failed. This might be because the authority is not
compliant with the OIDC standard, or there might be a security issue
<para>Mitigation</para>
Use a different authority. If you are absolutely sure that you can trust the authority
you can use the <see cref="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithAuthority(Microsoft.Identity.Client.AadAuthorityAudience,System.Boolean)"/> passing
the <c>validateAuthority</c> parameter to <c>false</c> (not recommended)
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidOwnerWindowType">
<summary>
Invalid owner window type.
<para>What happens?</para>
You used <c>"AcquireTokenInteractiveParameterBuilder.WithParentActivityOrWindow(object)</c>
but the parameter you passed is invalid.
<para>Remediation</para>
On .NET Standard, the expected object is an <c>Activity</c> on Android, a <c>UIViewController</c> on iOS,
a <c>NSWindow</c> on MAC, and a <c>IWin32Window</c> or <c>IntPr</c> on Windows.
If you are in a WPF application, you can use <c>WindowInteropHelper(wpfControl).Handle</c> to get the window
handle associated with a WPF control
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.EncodedTokenTooLong">
<summary>
Encoded token too long.
<para>What happens</para>
In a confidential client application call, the client assertion built by MSAL is longer than
the max possible length for a JWT token.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UserMismatch">
<summary>
User Mismatch.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.FailedToRefreshToken">
<summary>
Failed to refresh token.
<para>What happens?</para>
The token could not be refreshed. This can be because the user has not used the application for a long time.
and therefore the refresh token maintained in the token cache has expired
<para>Mitigation</para>
If you are in a public client application, that supports interactivity, send an interactive request
<see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenInteractive(System.Collections.Generic.IEnumerable{System.String})"/>. Otherwise,
use a different method to acquire tokens.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.FailedToAcquireTokenSilentlyFromBroker">
<summary>
Failed to acquire token silently. Used in broker scenarios.
<para>What happens</para>
you called <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/>
or <see cref="M:Microsoft.Identity.Client.IClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},System.String)"/> and your
mobile (Xamarin) application leverages the broker (Microsoft Authenticator or Microsoft Company Portal), but the broker
was not able to acquire the token silently.
<para>Mitigation</para>
Call <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenInteractive(System.Collections.Generic.IEnumerable{System.String})"/>
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.RedirectUriValidationFailed">
<summary>
RedirectUri validation failed.
<para>What happens?</para>
The redirect URI / reply URI is invalid
<para>How to fix</para>
Pass a valid redirect URI.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AuthenticationUiFailed">
<summary>
The request could not be preformed because of an unknown failure in the UI flow.*
<para>Mitigation</para>
Inform the user.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InternalError">
<summary>
Internal error
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AccessingWsMetadataExchangeFailed">
<summary>
Accessing WS Metadata Exchange Failed.
<para>What happens?</para>
You tried to use <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByUsernamePassword(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)"/>
and the account is a federated account.
<para>Mitigation</para>
None. The WS metadata was not found or does not correspond to what was expected.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.FederatedServiceReturnedError">
<summary>
Federated service returned error.
<para>Mitigation</para>
None. The federated service returned an error. You can try to look at the
Body of the exception for a better understanding of the error and choose
the mitigation
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UserRealmDiscoveryFailed">
<summary>
User Realm Discovery Failed.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.RopcDoesNotSupportMsaAccounts">
<summary>
Resource Owner Password Credential (ROPC) grant attempted with an MSA (Microsoft personal) account.
ROPC does not support MSA accounts.
See https://aka.ms/msal-net-ropc for details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.MissingFederationMetadataUrl">
<summary>
Federation Metadata URL is missing for federated user.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ParsingWsMetadataExchangeFailed">
<summary>
Parsing WS Metadata Exchange Failed.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.WsTrustEndpointNotFoundInMetadataDocument">
<summary>
WS-Trust Endpoint Not Found in Metadata Document.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ParsingWsTrustResponseFailed">
<summary>
You can get this error when using <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByUsernamePassword(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)"/>
In the case of a Federated user (that is owned by a federated IdP, as opposed to a managed user owned in an Azure AD tenant)
ID3242: The security token could not be authenticated or authorized.
The user does not exist or has entered the wrong password
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.IntegratedWindowsAuthenticationFailed">
<summary>
This can occur if there is an configuration issue in the ADFS environment where this is authenticating. See https://aka.ms/msal-net-iwa-troubleshooting for more details
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UnknownUserType">
<summary>
<para>What happens</para>
You can get this error when using <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByUsernamePassword(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)"/>
The user is not recognized as a managed user, or a federated user. Azure AD was not
able to identify the IdP that needs to process the user
<para>Mitigation</para>
Inform the user. the login that the user provided might be incorrect.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UnknownUser">
<summary>
<para>What happens</para>
You can get this error when using <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByUsernamePassword(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)"/>
The user is not known by the IdP
<para>Mitigation</para>
Inform the user. The login that the user provided might be incorrect (for instance empty)
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.GetUserNameFailed">
<summary>
Failed to get user name.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.PasswordRequiredForManagedUserError">
<summary>
Password is required for managed user.
<para>What happens?</para>
If can got this error when using <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByUsernamePassword(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)"/>
and you (or the user) did not provide a password.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidRequest">
<summary>
Request is invalid.
<para>What happens?</para>
This can happen because you are using a token acquisition method which is not compatible with the authority. For instance:
you called <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByUsernamePassword(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)"/>
but you used an authority ending with '/common' or '/consumers' as this requires a tenanted authority or '/organizations'.
<para>Mitigation</para>
Adjust the authority to the AcquireTokenXX method you use (don't use 'common' or 'consumers' with <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByUsernamePassword(System.Collections.Generic.IEnumerable{System.String},System.String,System.String)"/>
<see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByIntegratedWindowsAuth(System.Collections.Generic.IEnumerable{System.String})"/>
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UapCannotFindDomainUser">
<summary>
Cannot access the user from the OS (UWP)
<para>What happens</para>
You called <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByIntegratedWindowsAuth(System.Collections.Generic.IEnumerable{System.String})"/>, but the domain user
name could not be found.
<para>Mitigation</para>
This might be because you need to add more capabilities to your UWP application in the Package.appxmanifest.
See https://aka.ms/msal-net-uwp
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UapCannotFindUpn">
<summary>
Cannot get the user from the OS (UWP)
<para>What happens</para>
You called <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByIntegratedWindowsAuth(System.Collections.Generic.IEnumerable{System.String})"/>, but the domain user
name could not be found.
<para>Mitigation</para>
This might be because you need to add more capabilities to your UWP application in the Package.appxmanifest.
See https://aka.ms/msal-net-uwp
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.NonParsableOAuthError">
<summary>
An error response was returned by the OAuth2 server and it could not be parsed
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.CodeExpired">
<summary>
<para>What happens?</para>
In the context of Device code flow (See https://aka.ms/msal-net-device-code-flow),
this error happens when the device code expired before the user signed-in on another device (this is usually after 15 mins).
<para>Mitigation</para>
None. Inform the user that they took too long to sign-in at the provided URL and enter the provided code.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.IntegratedWindowsAuthNotSupportedForManagedUser">
<summary>
Integrated Windows Auth is only supported for "federated" users
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ActivityRequired">
<summary>
On Android, you need to call <c>AcquireTokenInteractiveParameterBuilder.WithParentActivityOrWindow(object)</c> passing
the activity. See https://aka.ms/msal-interactive-android
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.BrokerResponseHashMismatch">
<summary>
Broker response hash did not match
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.BrokerResponseReturnedError">
<summary>
Broker response returned an error
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.BrokerNonceMismatch">
<summary>
Broker response nonce does not match the request nonce sent by MSAL.NET for iOS broker >= v6.3.19
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.CannotInvokeBroker">
<summary>
MSAL is not able to invoke the broker. Possible reasons are the broker is not installed on the user's device,
or there were issues with the UiParent or CallerViewController being null. See https://aka.ms/msal-brokers
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.NoAndroidBrokerAccountFound">
<summary>
MSAL is not able to find a suitable account to use with broker
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.NoAndroidBrokerInstalledOnDevice">
<summary>
MSAL cannot find the broker application to authenticate accounts.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.NullIntentReturnedFromAndroidBroker">
<summary>
Null intent was returned so broker activity cannot be launched
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AndroidBrokerSignatureVerificationFailed">
<summary>
Failed to validate android broker signature
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AndroidBrokerOperationFailed">
<summary>
Failed To Complete Android Broker Operation
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.NoUsernameOrAccountIDProvidedForSilentAndroidBrokerAuthentication">
<summary>
Unable to query the Android account manager because no username or home account ID is provided in the silent authentication request.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.HttpStatusNotFound">
<summary>
Error code used when the HTTP response returns HttpStatusCode.NotFound
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.HttpStatusCodeNotOk">
<summary>
ErrorCode used when the HTTP response returns something different from 200 (OK)
</summary>
<remarks>
HttpStatusCode.NotFound have a specific error code. <see cref="F:Microsoft.Identity.Client.MsalError.HttpStatusNotFound"/>
</remarks>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.CustomWebUiReturnedInvalidUri">
<summary>
Error code used when the <see cref="T:Microsoft.Identity.Client.Extensibility.ICustomWebUi"/> has returned a URI, but it is invalid - it is either null or has no code.
Consider throwing an exception if you are unable to intercept the URI containing the code.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.CustomWebUiRedirectUriMismatch">
<summary>
Error code used when the CustomWebUI has returned a URI, but it does not match the Authority and AbsolutePath of
the configured redirect URI.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AccessDenied">
<summary>
Access denied.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.CannotAccessUserInformationOrUserNotDomainJoined">
<summary>
Cannot Access User Information or the user is not a user domain.
<para>What happens?</para>
You tried to use <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenByIntegratedWindowsAuth(System.Collections.Generic.IEnumerable{System.String})"/>
but the user is not a domain user (the machine is not domain or AAD joined)
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.DefaultRedirectUriIsInvalid">
<summary>
RedirectUri validation failed.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.NoRedirectUri">
<summary>
No Redirect URI.
<para>What happens?</para>
You need to provide a Reply URI / Redirect URI, but have not called <see cref="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithRedirectUri(System.String)"/>
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.MultipleTokensMatchedError">
<summary>
Multiple Tokens were matched.
<para>What happens?</para>This exception happens in the case of applications managing several identities,
when calling <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/>
or one of its overrides and the user token cache contains multiple tokens for this client application and the specified Account, but from different authorities.
<para>Mitigation [App Development]</para>specify the authority to use in the acquire token operation
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.NonHttpsRedirectNotSupported">
<summary>
Non HTTPS redirects are not supported
<para>What happens?</para>This error happens when the authorization flow, which collects user credentials, gets redirected
to an page that is not supported, for example if the redirect occurs over http.
This error does not trigger for the final redirect, which can be http://localhost, but for intermediary redirects.
<para>Mitigation</para>This usually happens when using a federated directory which is not setup correctly.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.NetworkNotAvailableError">
<summary>
The request could not be preformed because the network is down.
<para>Mitigation [App development]</para> In the application you could either inform the user that there are network issues
or retry later
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.B2CAuthorityHostMismatch">
<summary>
The B2C authority host is not the same as the one used when creating the client application.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AuthorityHostMismatch">
<summary>
The cloud (authority URL host) defined at the application level cannot be different than the cloud at the request level.
<para>What happens?</para>You did not define an authority at the application level, so it defaults to the public cloud (login.microsoft.com), but the authority at the request level is for a different cloud. Only the tenant can be changed at the request level.
<para>Mitigation</para>Add .WithAuthority("https://login.windows-ppe.net/common) at the application level and specify the tenant at the request level: .WithAuthority("https://login.windows-ppe.net/1234-567-890-12345678).
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.DuplicateQueryParameterError">
<summary>
Duplicate query parameter was found in extraQueryParameters.
<para>What happens?</para> You have used <c>extraQueryParameter</c> of overrides
of token acquisition operations in public client and confidential client application and are passing a parameter which is already present in the
URL (either because you had it in another way, or the library added it).
<para>Mitigation [App Development]</para> RemoveAccount the duplicate parameter from the token acquisition override.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AuthenticationUiFailedError">
<summary>
The request could not be performed because of a failure in the UI flow.
<para>What happens?</para>The library failed to invoke the Web View required to perform interactive authentication.
The exception might include the reason
<para>Mitigation</para>If the exception includes the reason, you could inform the user. This might be, for instance, a browser
implementing chrome tabs is missing on the Android phone (that's only an example: this exception can apply to other
platforms as well)
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AuthenticationCanceledError">
<summary>
Authentication canceled.
<para>What happens?</para>The user had canceled the authentication, for instance by closing the authentication dialog
<para>Mitigation</para>None, you cannot get a token to call the protected API. You might want to inform the user
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.JsonParseError">
<summary>
JSON parsing failed.
<para>What happens?</para>A JSON blob read from the token cache or received from the STS was not parseable.
This can happen when reading the token cache, or receiving an IDToken from the STS.
<para>Mitigation</para>Make sure that the token cache was not tampered
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidJwtError">
<summary>
JWT was invalid.
<para>What happens?</para>The library expected a JWT (for instance a token from the cache, or received from the STS), but
the format is invalid
<para>Mitigation</para>Make sure that the token cache was not tampered
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.StateMismatchError">
<summary>
State returned from the STS was different from the one sent by the library
<para>What happens?</para>The library sends to the STS a state associated to a request, and expects the reply to be consistent.
This errors indicates that the reply is not associated with the request. This could indicate an attempt to replay a response
<para>Mitigation</para> None
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.TenantDiscoveryFailedError">
<summary>
Tenant discovery failed.
<para>What happens?</para>While reading the OpenId configuration associated with the authority, the Authorize endpoint,
or Token endpoint, or the Issuer was not found
<para>Mitigation</para>This indicates and authority which is not Open ID Connect compliant. Specify a different authority
in the constructor of the application, or the token acquisition override
/// </summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.PlatformNotSupported">
<summary>
The library is loaded on a platform which is not supported.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidAuthorizationUri">
<summary>
An authorization Uri has been intercepted, but it cannot be parsed. See the log for more details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.LoopbackRedirectUri">
<summary>
<para>What happens?</para>The current redirect URL is not a loopback URL.
<para>Mitigation</para> To use the OS browser, a loopback URL, with or without a port, must be configured both during app registration and when initializing the IPublicClientApplication object. See https://aka.ms/msal-net-os-browser for details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.LoopbackResponseUriMismatch">
<summary>
<para>What happens?</para>MSAL has intercepted a Uri possibly containing an authorization code, but it does not match
the configured redirect URL.
<para>Mitigation</para>If you are using an ICustomWebUi implementation, make sure the
redirect URL matches the URL containing the auth code. If you are not using an ICustomWebUI,
this could be a man-in-the middle attack.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.LinuxXdgOpen">
<summary>
<para>What happens?</para>MSAL tried to open the browser on Linux using the xdg-open, gnome-open, or kfmclient tools, but failed.
<para>Mitigation</para>Make sure you can open a page using xdg-open tool. See https://aka.ms/msal-net-os-browser for details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.WebviewUnavailable">
<summary>
The selected WebView is not available on this platform. You can switch to a different WebView using <see cref="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithUseEmbeddedWebView(System.Boolean)"/>. See https://aka.ms/msal-net-os-browser for details
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.SystemWebviewOptionsNotApplicable">
<summary>
<para>What happens?</para>You configured MSAL interactive authentication to use an embedded WebView and you also configured <see cref="T:Microsoft.Identity.Client.SystemWebViewOptions"/>.
These are mutually exclusive.
<para>Mitigation</para>Either set <see cref="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithUseEmbeddedWebView(System.Boolean)"/> to true or do not use
<see cref="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithSystemWebViewOptions(Microsoft.Identity.Client.SystemWebViewOptions)"/>
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ClientCredentialAuthenticationTypesAreMutuallyExclusive">
<summary>
<para>What happens?</para>You configured MSAL confidential client authentication with more than one authentication type (Certificate, Secret, Client Assertion)
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ClientCredentialAuthenticationTypeMustBeDefined">
<summary>
<para>What happens?</para>You configured MSAL confidential client authentication without an authentication type (Certificate, Secret, Client Assertion)
<para>Mitigation</para>Either call ConfidentialClientApplicationBuilder.WithClientSecret, ConfidentialClientApplicationBuilder.WithCertificate, ConfidentialClientApplicationBuilder.WithClientAssertion
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.BasicAction">
<summary>
Issue can be resolved by user interaction during the interactive authentication flow.
See https://aka.ms/msal-net-UiRequiredException for details
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AdditionalAction">
<summary>
Issue can be resolved by additional remedial interaction with the system, outside of the interactive authentication flow.
Interactive authentication is still required to inform the user of what is needed. Calling application may choose to hide flows that require additional_action if the user is unlikely to complete the remedial action.
Example:
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.MessageOnly">
<summary>
Issue cannot be resolved at this time. Launching interactive authentication flow will show a message explaining the condition.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UserPasswordExpired">
<summary>
User's password has expired.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ConsentRequired">
<summary>
User consent is missing, or has been revoked.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.BadToken">
<summary>
Internal to MSALs. Indicates that no further silent calls should be made with this refresh token.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.TokenExpired">
<summary>
Internal to MSALs. Indicates that no further silent calls should be made with this refresh token.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ProtectionPolicyRequired">
<summary>
Internal to MSALs. Needed in ios/android to complete the end-to-end true MAM flow. This sub-error code is re-mapped to a different top level error code (IntuneAppProtectionPoliciesRequired), and not InteractionRequired
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ClientMismatch">
<summary>
Internal to MSALs. Used in scenarios where an application is using family refresh token even though it is not part of FOCI (or vice versa). Needed to handle cases where app changes FOCI membership after being shipped. This is handled internally and doesn't need to be exposed to the calling app. Please see FOCI design document for more details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.DeviceAuthenticationFailed">
<summary>
Internal to MSALs. Indicates that device should be re-registered.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidInstance">
<summary>
AAD service error indicating that the configured authority does not exist
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidUserInstanceMetadata">
<summary>
<para>What happens?</para>You have configured your own instance metadata, but the json provided seems to be invalid.
<para>Mitigation</para>See https://aka.ms/msal-net-custom-instance-metadata for an example of a valid json that can be used.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ValidateAuthorityOrCustomMetadata">
<summary>
<para>What happens?</para>You have configured your own instance metadata, and have also set validate authority to true. These are mutually exclusive.
<para>Mitigation</para>Set the validate authority flag to false. See https://aka.ms/msal-net-custom-instance-metadata for more details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.NoClientId">
<summary>
<para>What happens?</para>You haven't set a client ID.
<para>Mitigation</para>Use the application ID (a GUID) from the application portal as client ID in this SDK
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.TelemetryConfigOrTelemetryCallback">
<summary>
<para>What happens?</para>You have configured both a telemetry callback and a telemetry config.
<para>Mitigation</para>Only one telemetry mechanism can be configured.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidClient">
<summary>
Azure AD service error indicating a configuration issue.
<para>Mitigation</para>See error message for details, then take corrective action in the app registration portal
See https://aka.ms/msal-net-invalid-client for details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.SSHCertUsedAsHttpHeader">
<summary>
<para>What happens?</para>You have configured MSAL to request SSH certificates from AAD, and you are trying to format an HTTP authentication header.
<para>Mitigation</para>SSH certificates should not used as Bearer tokens. Developers are responsible for sending the certificates to the target machines.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.WABError">
<summary>
<para>What happens?</para>Windows Authentication Broker, which handles the interaction between the user and AAD, has failed.
<para>Mitigation</para>See the error message for more details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.TokenTypeMismatch">
<summary>
<para>What happens?</para>You asked for one type of token, but did not receive it.
<para>Mitigation</para>This happens if the Identity Provider (AAD, B2C, ADFS etc.) does not support / implement the requested token type. In case of ADFS, consider upgrading to the latest version.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AccessTokenTypeMissing">
<summary>
<para>What happens?</para>The response from the token endpoint does not contain the token_type parameter.
<para>Mitigation</para>This happens if the identity provider (AAD, B2C, ADFS, etc.) did not include the access token type in the token response. Verify the configuration of the identity provider.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ExperimentalFeature">
<summary>
<para>What happens?</para>You are trying to use a feature which was marked as experimental
<para>Mitigation</para>When creating the PublicClientApplication or ConfidentialClientApplication, use .WithExperimentalFeatures() option. See https://aka.ms/msal-net-experimental-features for details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.BrokerApplicationRequired">
<summary>
<para>What happens?</para>A broker application is required, but one could not be found or communicated with.
<para>Mitigation</para>Install a broker application, such as Authenticator, from the application store
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.FailedToGetBrokerResponse">
<summary>
<para>What happens?</para>You are trying to authenticate with the broker but MSAL is unable to read the response from the broker.
<para>Mitigation</para>The currently installed broker may not support MSAL.Xamarin, you need to ensure that you have installed either Intune Company Portal (5.0.4689.0 or greater) or Microsoft Authenticator (6.2001.0140 or greater). see https://aka.ms/Brokered-Authentication-for-Android"
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidJsonClaimsFormat">
<summary>
<para>What happens?</para>You have configured a claims request, but the claims string is not in JSON format
<para>Mitigation</para>Ensure that the claims parameter is valid JSON. Inspect the inner exception for details about JSON parsing.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AuthorityTypeMismatch">
<summary>
<para>What happens?</para>The authority configured at the application level is different than the authority configured at the request level
<para>Mitigation</para>Ensure the same authority type is used
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AuthorityTenantSpecifiedTwice">
<summary>
<para>What happens?</para>You specified a tenant twice - once in WithAuthority() and once using WithTenant()
<para>Mitigation</para>Specify the tenant once.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.CustomMetadataInstanceOrUri">
<summary>
<para>What happens?</para>You have configured your own instance metadata using both an Uri and a string. Only one is supported.
<para>Mitigation</para>Call WithInstanceDiscoveryMetadata only once. See https://aka.ms/msal-net-custom-instance-metadata for more details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ScopesRequired">
<summary>
<para>What happens?</para>No scopes have been requested
<para>Mitigation</para>At least one scope must be specified for this authentication flow
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.CertWithoutPrivateKey">
<summary>
<para>What happens?</para>The certificate provided does not have a private key.
<para>Mitigation</para>Ensure the certificate has a private key.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.CertificateNotRsa">
<summary>
<para>What happens?</para>The certificate provided is not of type RSA.
<para>Mitigation</para>Please use an RSA certificate.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.DeviceCertificateNotFound">
<summary>
Device certificate not found.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidAdalCacheMultipleRTs">
<summary>
<para>What happens?</para>The ADAL cache is invalid as it contains multiple refresh token entries for one user.
<para>Mitigation</para>Delete the ADAL cache. If you do not maintain an ADAL cache, this may be a bug in MSAL.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.RegionDiscoveryFailed">
<summary>
Region discovery failed.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.RegionDiscoveryNotEnabled">
<summary>
<para>What happens?</para>WithAzureRegion is set to true
<para>Mitigation</para>Region discovery cannot be performed for ADFS authority.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.BrokerDoesNotSupportPop">
<summary>
<para>What happens?</para>The request has broker enabled and Proof-of-Possession configured but the broker does not support Proof-of-Possession
<para>Mitigation</para>only configure Proof-of-Possession for public clients on windows.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.BrokerRequiredForPop">
<summary>
<para>What happens?</para>The request has Proof-of-Possession configured but does not have broker enabled. Broker is required to use Proof-of-Possession on public clients
<para>Mitigation</para>Enable the broker when Proof-of-Possession is configured.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.AdfsNotSupportedWithBroker">
<summary>
<para>What happens?</para>Broker is configured with an ADFS authority, however, it does not support ADFS environments.
<para>Mitigation</para>Broker does not support ADFS environments.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.NonceRequiredForPopOnPCA">
<summary>
<para>What happens?</para>The request has Proof-of-Possession configured but does not have a nonce configured. A nonce is required for Proof-of-Possession on public clients
<para>Mitigation</para>Provide a nonce when Proof-of-Possession is configured for public clients.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.WamUiThread">
<summary>
When calling AcquireTokenInteractive with the WAM broker, the call must be made from the UI thread.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.WamNoB2C">
<summary>
The Windows broker (WAM) is only supported in conjunction with "work and school" accounts
and with Microsoft accounts.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.WamInteractiveError">
<summary>
WAM service exception that can occur when calling AcquireTokenInteractive
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.WamPickerError">
<summary>
WAM service exception that can occur when calling AcquireTokenInteractive and the account picker
pops up
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.WamScopesRequired">
<summary>
<para>What happens?</para>No scopes have been requested
<para>Mitigation</para>At least one scope must be specified for MSAL Runtime WAM
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.WebView2NotInstalled">
<summary>
<para>What happens?</para>The embedded browser cannot be started because a runtime component is missing.
<para>Mitigation</para>The embedded browser needs WebView2 runtime to be installed. An end user of the app can download and install the WebView2 runtime from https://go.microsoft.com/fwlink/p/?LinkId=2124703 and restart the app.
The app developer can <see href="https://learn.microsoft.com/microsoft-edge/webview2/concepts/distribution">get the distributable version of the WebView2 runtime</see>.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.WebView2LoaderNotFound">
<summary>
<para>What happens?</para>The embedded WebView2 browser cannot be started because a runtime component cannot be loaded.
<para>Mitigation</para> For troubleshooting details, see https://aka.ms/msal-net-webview2 .
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.RegionalAuthorityValidation">
<summary>
<para>What happens?</para>You configured both Regional Authority and Authority Validation. Authority validation is not currently supported for regional authorities.
<para>Mitigation</para>Set the validateAuthority flag to false to use Azure Regional authority. Do not disable authority validation if you read the authority from an untrusted source,
for example from the WWWAuthenticate header of an HTTP request that resulted in a 401 response.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.RegionDiscoveryWithCustomInstanceMetadata">
<summary>
<para>What happens?</para>You have configured both Region Discovery and Custom Instance Metadata. Custom metadata supersedes region discovery.
<para>Mitigation</para>Configure either Region Discovery or Custom Instance Discovery Metadata.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.HttpListenerError">
<summary>
An HttpListenerException occurred while listening for the system browser to complete the login.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InitializeProcessSecurityError">
<summary>
<para>What happens?</para>Failure setting process security to enable WAM Account Picker in an elevated process.
<para>Mitigation</para>For troubleshooting details, see https://aka.ms/msal-net-wam .
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.StaticCacheWithExternalSerialization">
<summary>
<para>What happens?</para>You configured MSAL cache serialization at the same time with a static internal cache via <see cref="M:Microsoft.Identity.Client.AbstractApplicationBuilder`1.WithCacheOptions(Microsoft.Identity.Client.CacheOptions)"/>
These are mutually exclusive.
<para>Mitigation</para> Use only one option. Web site and web API scenarios should rely on external cache serialization, as internal cache serialization cannot scale. See https://aka.ms/msal-net-cca-token-cache-serialization
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.TenantOverrideNonAad">
<summary>
<para>What happens?</para>You configured WithTenant at the request level, but the application is using a non-AAD authority
These are mutually exclusive.
<para>Mitigation</para> WithTenantId can only be used in conjunction with AAD authorities.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.RegionalAndAuthorityOverride">
<summary>
<para>What happens?</para>You configured WithAuthority at the request level, and also WithAzureRegion. This is not supported when the environment changes from application to request.
<para>Mitigation</para> Use WithTenantId at the request level instead.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.OboCacheKeyNotInCacheError">
<summary>
<para>What happens?</para>The token cache does not contain a token with an OBO cache key that
matches the <c>longRunningProcessSessionKey</c> passed into <see cref="M:Microsoft.Identity.Client.ILongRunningWebApi.AcquireTokenInLongRunningProcess(System.Collections.Generic.IEnumerable{System.String},System.String)"/>.
<para>Mitigation</para> Call <see cref="M:Microsoft.Identity.Client.ILongRunningWebApi.InitiateLongRunningProcessInWebApi(System.Collections.Generic.IEnumerable{System.String},System.String,System.String@)"/> with this <c>longRunningProcessSessionKey</c>
first or call <see cref="M:Microsoft.Identity.Client.ILongRunningWebApi.AcquireTokenInLongRunningProcess(System.Collections.Generic.IEnumerable{System.String},System.String)"/> with an already used <c>longRunningProcessSessionKey</c>.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidTokenProviderResponseValue">
<summary>
A required value is missing from the token provider response
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UnableToParseAuthenticationHeader">
<summary>
MSAL is unable to parse the authentication header returned from the endpoint. This can be a result of a malformed header returned in either the WWW-Authenticate or the Authentication-Info collections.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidManagedIdentityResponse">
<summary>
A required value is missing from the managed identity response.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ManagedIdentityRequestFailed">
<summary>
Managed Identity error response was received.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ManagedIdentityUnreachableNetwork">
<summary>
Managed Identity endpoint is not reachable.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UnknownManagedIdentityError">
<summary>
Unknown error response received.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.InvalidManagedIdentityEndpoint">
<summary>
Invalid managed identity endpoint.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.ExactlyOneScopeExpected">
<summary>
Exactly one scope is expected.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UserAssignedManagedIdentityNotSupported">
<summary>
User assigned managed identity is not supported for this source.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.UserAssignedManagedIdentityNotConfigurableAtRuntime">
<summary>
User assigned managed identity is not configurable at runtime for service fabric.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.CombinedUserAppCacheNotSupported">
<summary>
Using combined flat storage, like a file, to store both app and user tokens is not supported. Use a partitioned token cache (for ex. distributed cache like Redis) or separate files for app and user token caches. See https://aka.ms/msal-net-token-cache-serialization .
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.SetCiamAuthorityAtRequestLevelNotSupported">
<summary>
Setting the CIAM authority (ex. "{tenantName}.ciamlogin.com") at the request level is not supported. The CIAM authority must be set during application creation.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalError.CryptographicError">
<summary>
A cryptographic exception occurred when trying to use the provided certificate
</summary>
</member>
<member name="T:Microsoft.Identity.Client.MsalErrorMessage">
<summary>
The active directory authentication error message.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.MsalException">
<summary>
Base exception type thrown when an error occurs during token acquisition.
For more details, see https://aka.ms/msal-net-exceptions
</summary>
<remarks>Avoid throwing this exception. Instead throw the more specialized <see cref="T:Microsoft.Identity.Client.MsalClientException"/>
or <see cref="T:Microsoft.Identity.Client.MsalServiceException"/>
</remarks>
</member>
<member name="F:Microsoft.Identity.Client.MsalException.BrokerErrorContext">
<summary>
An <see cref="P:Microsoft.Identity.Client.MsalException.AdditionalExceptionData"/> property key, available when using desktop brokers.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalException.BrokerErrorTag">
<summary>
An <see cref="P:Microsoft.Identity.Client.MsalException.AdditionalExceptionData"/> property key, available when using desktop brokers.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalException.BrokerErrorStatus">
<summary>
An <see cref="P:Microsoft.Identity.Client.MsalException.AdditionalExceptionData"/> property key, available when using desktop brokers.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalException.BrokerErrorCode">
<summary>
An <see cref="P:Microsoft.Identity.Client.MsalException.AdditionalExceptionData"/> property key, available when using desktop brokers.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalException.BrokerTelemetry">
<summary>
An <see cref="P:Microsoft.Identity.Client.MsalException.AdditionalExceptionData"/> property key, available when using desktop brokers.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.MsalException.ManagedIdentitySource">
<summary>
An <see cref="P:Microsoft.Identity.Client.MsalException.AdditionalExceptionData"/> property key, available when using managed identity.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.MsalException.IsRetryable">
<summary>
Indicates if the previous operation that resulted in this exception should be retried.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.MsalException.#ctor">
<summary>
Initializes a new instance of the exception class.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.MsalException.#ctor(System.String)">
<summary>
Initializes a new instance of the exception class with a specified
error code.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalException.#ctor(System.String,System.String)">
<summary>
Initializes a new instance of the exception class with a specified
error code and error message.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalException.#ctor(System.String,System.String,System.Exception)">
<summary>
Initializes a new instance of the exception class with a specified
error code and a reference to the inner exception that is the cause of
this exception.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="innerException">
The exception that is the cause of the current exception, or a null reference if no inner
exception is specified.
</param>
</member>
<member name="P:Microsoft.Identity.Client.MsalException.ErrorCode">
<summary>
Gets the protocol error code returned by the service or generated by the client. This is the code you can rely on for
exception handling. Values for this code are typically provided in constant strings in the derived exceptions types
with explanations of mitigation.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.MsalException.CorrelationId">
<summary>
An ID that can used to piece up a single authentication flow.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.MsalException.AdditionalExceptionData">
<summary>
A property bag with extra details for this exception.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.MsalException.ToString">
<summary>
Creates and returns a string representation of the current exception.
</summary>
<returns>A string representation of the current exception.</returns>
</member>
<member name="M:Microsoft.Identity.Client.MsalException.ToJsonString">
<summary>
Allows serialization of most values of the exception into JSON.
</summary>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.MsalException.FromJsonString(System.String)">
<summary>
Allows re-hydration of the MsalException (or one of its derived types) from JSON generated by ToJsonString().
</summary>
<param name="json"></param>
<returns></returns>
</member>
<member name="T:Microsoft.Identity.Client.MsalManagedIdentityException">
<summary>
This exception class is for exceptions generated from Managed Identity sources.
This class is deprecated and will be removed in a future release.
Catch MsalServiceException instead.
For more details, see https://aka.ms/msal-net-managed-identity
</summary>
</member>
<member name="M:Microsoft.Identity.Client.MsalManagedIdentityException.#ctor(System.String,System.String,Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and inner exception indicating the root cause.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="source">Specifies the managed identity source from which the exception initiates.</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalManagedIdentityException.#ctor(System.String,System.String,Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource,System.Int32)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and inner exception indicating the root cause.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="source">Specifies the managed identity source from which the exception initiates.</param>
<param name="statusCode">The status code of the response.</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalManagedIdentityException.#ctor(System.String,System.String,System.Exception,Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource,System.Int32)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and managed identity source.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="innerException">Represents the root cause of the exception.</param>
<param name="source">Specifies the managed identity source from which the exception initiates.</param>
<param name="statusCode">The status code of the response.</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalManagedIdentityException.#ctor(System.String,System.String,System.Exception,Microsoft.Identity.Client.ManagedIdentity.ManagedIdentitySource)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and managed identity source.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="innerException">Represents the root cause of the exception.</param>
<param name="source">Specifies the managed identity source from which the exception initiates.</param>
</member>
<member name="P:Microsoft.Identity.Client.MsalManagedIdentityException.ManagedIdentitySource">
<summary>
Specifies the managed identity source from which the exception initiates.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.MsalManagedIdentityException.UpdateIsRetryable">
<summary>
Retry error codes specific to managed identity
</summary>
</member>
<member name="T:Microsoft.Identity.Client.MsalServiceException">
<summary>
Exception type thrown when service returns an error response or other networking errors occur.
For more details, see https://aka.ms/msal-net-exceptions
</summary>
</member>
<member name="M:Microsoft.Identity.Client.MsalServiceException.#ctor(System.String,System.String)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and a reference to the inner exception that is the cause of
this exception.
</summary>
<param name="errorCode">
The protocol error code returned by the service or generated by client. This is the code you
can rely on for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalServiceException.#ctor(System.String,System.String,System.Int32)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and a reference to the inner exception that is the cause of
this exception.
</summary>
<param name="errorCode">
The protocol error code returned by the service or generated by the client. This is the code you
can rely on for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="statusCode">Status code of the response received from the service.</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalServiceException.#ctor(System.String,System.String,System.Exception)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and a reference to the inner exception that is the cause of
this exception.
</summary>
<param name="errorCode">
The protocol error code returned by the service or generated by the client. This is the code you
can rely on for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="innerException">
The exception that is the cause of the current exception, or a null reference if no inner
exception is specified.
</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalServiceException.#ctor(System.String,System.String,System.Int32,System.Exception)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and a reference to the inner exception that is the cause of
this exception.
</summary>
<param name="errorCode">
The protocol error code returned by the service or generated by the client. This is the code you
can rely on for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="statusCode">HTTP status code of the response received from the service.</param>
<param name="innerException">
The exception that is the cause of the current exception, or a null reference if no inner
exception is specified.
</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalServiceException.#ctor(System.String,System.String,System.Int32,System.String,System.Exception)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and a reference to the inner exception that is the cause of
this exception.
</summary>
<param name="errorCode">
The protocol error code returned by the service or generated by the client. This is the code you
can rely on for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="statusCode">The status code of the request.</param>
<param name="claims">The claims challenge returned back from the service.</param>
<param name="innerException">
The exception that is the cause of the current exception, or a null reference if no inner
exception is specified.
</param>
</member>
<member name="P:Microsoft.Identity.Client.MsalServiceException.StatusCode">
<summary>
Gets the status code returned from HTTP layer. This status code is either the <c>HttpStatusCode</c> in the inner
<see cref="T:System.Net.Http.HttpRequestException"/> response or the NavigateError Event Status Code in a browser based flow (see <see href="https://learn.microsoft.com/previous-versions/bb268233(v=vs.85)">NavigateError Event Status Codes</see>).
You can use this code for purposes such as implementing retry logic or error investigation.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.MsalServiceException.Claims">
<summary>
Additional claims requested by the service. When this property is not null or empty, this means that the service requires the user to
provide additional claims, such as doing two factor authentication. The are two cases:
<list type="bullet">
<item><description>
If your application is a <see cref="T:Microsoft.Identity.Client.IPublicClientApplication"/>, you should just call <see cref="M:Microsoft.Identity.Client.IPublicClientApplication.AcquireTokenInteractive(System.Collections.Generic.IEnumerable{System.String})"/>
and add the <see cref="M:Microsoft.Identity.Client.AbstractAcquireTokenParameterBuilder`1.WithClaims(System.String)"/> modifier.
</description></item>
<item>><description>If your application is a <see cref="T:Microsoft.Identity.Client.IConfidentialClientApplication"/>, (therefore doing the On-Behalf-Of flow), you should throw an HTTP unauthorize
exception with a message containing the claims</description></item>
</list>
For more details see https://aka.ms/msal-net-claim-challenge
</summary>
</member>
<member name="P:Microsoft.Identity.Client.MsalServiceException.ResponseBody">
<summary>
Raw response body received from the server.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.MsalServiceException.Headers">
<summary>
Contains the HTTP headers from the server response that indicated an error.
</summary>
<remarks>
When the server returns a 429 Too Many Requests error, a Retry-After should be set. It is important to read and respect the
time specified in the Retry-After header to avoid a retry storm.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.MsalServiceException.SubError">
<remarks>
The suberror should not be exposed for public consumption yet, as STS needs to do some work first.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.MsalServiceException.ErrorCodes">
<summary>
A list of STS-specific error codes that can help in diagnostics.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.MsalServiceException.UpdateIsRetryable">
<summary>
As per discussion with Evo, AAD
</summary>
</member>
<member name="M:Microsoft.Identity.Client.MsalServiceException.ToString">
<summary>
Creates and returns a string representation of the current exception.
</summary>
<returns>A string representation of the current exception.</returns>
</member>
<member name="T:Microsoft.Identity.Client.MsalThrottledServiceException">
<summary>
Exception type thrown when MSAL detects that an application is trying to acquire a token too often, as a result of:
- A previous request resulted in an HTTP response containing a Retry-After header which was not followed.
- A previous request resulted in an HTTP 429 or 5xx, which indicates a problem with the server.
The properties of this exception are identical to the original exception
For more details see https://aka.ms/msal-net-throttling
</summary>
</member>
<member name="M:Microsoft.Identity.Client.MsalThrottledServiceException.#ctor(Microsoft.Identity.Client.MsalServiceException)">
<summary>
Constructor
</summary>
</member>
<member name="P:Microsoft.Identity.Client.MsalThrottledServiceException.OriginalServiceException">
<summary>
The original service exception that triggered the throttling.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.MsalThrottledUiRequiredException">
<summary>
Exception type thrown when MSAL detects that an application is trying to acquire a token even
though an <see cref="T:Microsoft.Identity.Client.MsalUiRequiredException"/> was recently thrown.
To mitigate this, when a <see cref="T:Microsoft.Identity.Client.MsalUiRequiredException"/> is encountered,
the application should switch to acquiring a token interactively. To better understand
why the <see cref="T:Microsoft.Identity.Client.MsalUiRequiredException" /> was thrown, inspect the <see cref="P:Microsoft.Identity.Client.MsalUiRequiredException.Classification"/>
property.
The properties of this exception are identical to the original exception
For more details see https://aka.ms/msal-net-throttling
</summary>
</member>
<member name="M:Microsoft.Identity.Client.MsalThrottledUiRequiredException.#ctor(Microsoft.Identity.Client.MsalUiRequiredException)">
<summary>
Constructor
</summary>
</member>
<member name="P:Microsoft.Identity.Client.MsalThrottledUiRequiredException.OriginalServiceException">
<summary>
The original exception that triggered the throttling.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.MsalUiRequiredException">
<summary>
This exception class is to inform developers that UI interaction is required for authentication to
succeed. It's thrown when calling <see cref="M:Microsoft.Identity.Client.ClientApplicationBase.AcquireTokenSilent(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.IAccount)"/> or one
of its overrides, and when the token does not exists in the cache, or the user needs to provide more content, or perform multiple factor authentication based
on Azure AD policies, etc..
For more details, see https://aka.ms/msal-net-exceptions
</summary>
</member>
<member name="M:Microsoft.Identity.Client.MsalUiRequiredException.#ctor(System.String,System.String)">
<summary>
Initializes a new instance of the exception class with a specified
error code and error message.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalUiRequiredException.#ctor(System.String,System.String,System.Exception)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and inner exception indicating the root cause.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="innerException">Represents the root cause of the exception.</param>
</member>
<member name="M:Microsoft.Identity.Client.MsalUiRequiredException.#ctor(System.String,System.String,System.Exception,Microsoft.Identity.Client.UiRequiredExceptionClassification)">
<summary>
Initializes a new instance of the exception class with a specified
error code, error message and inner exception indicating the root cause.
</summary>
<param name="errorCode">
The error code returned by the service or generated by the client. This is the code you can rely on
for exception handling.
</param>
<param name="errorMessage">The error message that explains the reason for the exception.</param>
<param name="innerException">Represents the root cause of the exception.</param>
<param name="classification">A higher level description for this exception, that allows handling code to
understand what type of action it needs to take to resolve the issue. </param>
</member>
<member name="P:Microsoft.Identity.Client.MsalUiRequiredException.Classification">
<summary>
Classification of the conditional access error, enabling you to do more actions or inform the user depending on your scenario.
See https://aka.ms/msal-net-UiRequiredException for more details.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.OAuth2.MsalTokenResponse.FamilyId">
<summary>
Optional field, FOCI support.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.OAuth2.MsalTokenResponse.CreateFromAndroidBrokerResponse(System.String,System.String)">
<remarks>
This method does not belong here - it is more tied to the Android code. However, that code is
not unit testable, and this one is.
The values of the JSON response are based on
https://github.com/AzureAD/microsoft-authentication-library-common-for-android/blob/dev/common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerResult.java
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.OAuth2.OAuth2Client">
<summary>
Responsible for talking to all the Identity provider endpoints:
- instance discovery
- endpoint metadata
- mex
- /token endpoint via TokenClient
- device code endpoint
</summary>
</member>
<member name="P:Microsoft.Identity.Client.OAuth2.OAuth2ResponseBase.ErrorCodes">
<summary>
Do not expose these in the MsalException because Evo does not guarantee that the error
codes remain the same.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.OAuth2.OAuth2Error">
<summary>
OAuth2 errors that are only used internally. All error codes used when propagating exceptions should
be made public.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.OAuth2.Throttling.HttpStatusProvider.s_throttleDuration">
<summary>
Default timespan that blocks an application, if HTTP 429 and HTTP 5xx was received and Retry-After HTTP header was NOT returned by AAD.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.OAuth2.Throttling.HttpStatusProvider.ThrottlingCache">
<summary>
Exposed only for testing purposes
</summary>
</member>
<member name="M:Microsoft.Identity.Client.OAuth2.Throttling.IThrottlingProvider.ResetCache">
<summary>
For test purposes, so that the static state can be reset
</summary>
</member>
<member name="T:Microsoft.Identity.Client.OAuth2.Throttling.RetryAfterProvider">
<summary>
The Retry-After provider observes all service exceptions from all flows and looks for a header like: RetryAfter X seconds.
It then enforces this header, by throttling for X seconds.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.OAuth2.Throttling.SingletonThrottlingManager">
<summary>
Throttling is the action through which MSAL blocks applications from making repeated
bad requests to the server. This works by MSAL detecting certain conditions when the server
returns an error. If a similar request is then issued under the same condition, the same
server error is returned by MSAL, without contacting the server.
Throttling occurs in the following conditions:
<list type="bullet">
<item><description>After receiving an RetryAfter header</description></item>
<item><description>After receiving 429, 5xx HTTP status.</description></item>
</list>
This class manages the throttling providers and is itself a provider
</summary>
<remarks>
Client Throttling spec https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1624
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.OAuth2.Throttling.ThrottleCommon.GetRequestStrictThumbprint(System.Collections.Generic.IReadOnlyDictionary{System.String,System.String},System.String,System.String)">
<summary>
The strict thumbprint is based on:
ClientId
Authority
Resource
Scope
Account
</summary>
</member>
<member name="F:Microsoft.Identity.Client.OAuth2.Throttling.ThrottlingCache.s_cleanupCacheInterval">
<summary>
To prevent the cache from becoming too large, purge expired entries every X seconds
</summary>
</member>
<member name="F:Microsoft.Identity.Client.OAuth2.Throttling.UiRequiredProvider.s_uiRequiredExpiration">
<summary>
Default number of seconds that application returns the cached response, in case of UI required requests.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.OAuth2.Throttling.UiRequiredProvider.ThrottlingCache">
<summary>
Exposed only for testing purposes
</summary>
</member>
<member name="M:Microsoft.Identity.Client.OAuth2.Throttling.UiRequiredProvider.IsRequestSupported(Microsoft.Identity.Client.Internal.Requests.AuthenticationRequestParameters)">
<summary>
MsalUiRequiredException is thrown from AcquireTokenSilent, based on certain error codes from the server
when contacting the token endpoint.
Currently, throttling will only apply to public client applications at first.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.OAuth2.Throttling.UiRequiredProvider.GetRequestStrictThumbprint(System.Collections.Generic.IReadOnlyDictionary{System.String,System.String},System.String,Microsoft.Identity.Client.PlatformsCommon.Interfaces.ICryptographyManager)">
<summary>
The strict thumbprint is based on:
ClientId
Authority (env + tenant)
Scopes
hash(RT) or UPN for IWA (not supported)
</summary>
</member>
<member name="T:Microsoft.Identity.Client.OAuth2.TokenClient">
<summary>
Responsible for talking to the /token endpoint
</summary>
</member>
<member name="F:Microsoft.Identity.Client.OAuth2.TokenClient._requestInProgress">
<summary>
Used to avoid sending duplicate "last request" telemetry
from a multi-threaded environment
</summary>
</member>
<member name="M:Microsoft.Identity.Client.OAuth2.TokenClient.AddThrottlingHeader">
<summary>
A client side library needs to communicate to the server side that
it has implemented enforcement of HTTP 429 and Retry-After header.
Because if the server-side detects loops, then it can break the loop by sending
either HTTP 429 or Retry-After header with a different HTTP status.
Right now, the server side breaks the loops by invalid_grant response,
which breaks protocol under some condition and also causes unexplained prompt.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.OAuth2.TokenClient.AddClaims">
<summary>
Add Claims, including ClientCapabilities, to body parameter for POST request.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.OsCapabilitiesExtensions">
<summary>
Extension methods
</summary>
</member>
<member name="M:Microsoft.Identity.Client.OsCapabilitiesExtensions.IsSystemWebViewAvailable(Microsoft.Identity.Client.IPublicClientApplication)">
<summary>
Returns true if MSAL can use a system browser.
</summary>
<remarks>
On Windows, Mac and Linux a system browser can always be used, except in cases where there is no UI, e.g. SSH connection.
On Android, the browser must support tabs.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.OsCapabilitiesExtensions.IsEmbeddedWebViewAvailable(Microsoft.Identity.Client.IPublicClientApplication)">
<summary>
Returns true if MSAL can use an embedded webview (browser).
</summary>
<remarks>
Currently there are no embedded webviews on Mac and Linux. On Windows, app developers or users should install
the WebView2 runtime and this property will inform if the runtime is available, see https://aka.ms/msal-net-webview2
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.OsCapabilitiesExtensions.IsUserInteractive(Microsoft.Identity.Client.IPublicClientApplication)">
<summary>
Returns false when the program runs in headless OS, for example when SSH-ed into a Linux machine.
Browsers (webviews) and brokers cannot be used if there is no UI support.
Instead, please use <see cref="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenWithDeviceCode(System.Collections.Generic.IEnumerable{System.String},System.Func{Microsoft.Identity.Client.DeviceCodeResult,System.Threading.Tasks.Task})"/>
or <see cref="M:Microsoft.Identity.Client.PublicClientApplication.AcquireTokenByIntegratedWindowsAuth(System.Collections.Generic.IEnumerable{System.String})"/>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.OsCapabilitiesExtensions.GetCertificate(Microsoft.Identity.Client.IConfidentialClientApplication)">
<summary>
Returns the certificate used to create this <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>, if any.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.PlatformsCommon.Factories.PlatformProxyFactory">
<summary>
Returns the platform / os specific implementation of a PlatformProxy.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Factories.PlatformProxyFactory.CreatePlatformProxy(Microsoft.Identity.Client.Core.ILoggerAdapter)">
<summary>
Gets the platform proxy, which can be used to perform platform specific operations
</summary>
</member>
<member name="T:Microsoft.Identity.Client.PlatformsCommon.Interfaces.IPlatformProxy">
<summary>
Common operations for extracting platform / operating system specifics.
Scope: per app
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Interfaces.IPlatformProxy.GetDeviceModel">
<summary>
Gets the device model. On some TFMs this is not returned for security reasons.
</summary>
<returns>device model or null</returns>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Interfaces.IPlatformProxy.GetUserPrincipalNameAsync">
<summary>
Gets the UPN of the user currently logged into the OS
</summary>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Interfaces.IPlatformProxy.GetCallingApplicationName">
<summary>
Returns the name of the calling assembly
</summary>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Interfaces.IPlatformProxy.GetCallingApplicationVersion">
<summary>
Returns the version of the calling assembly
</summary>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Interfaces.IPlatformProxy.GetDeviceId">
<summary>
Returns a device identifier. Varies by platform.
</summary>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Interfaces.IPlatformProxy.GetDefaultRedirectUri(System.String,System.Boolean)">
<summary>
Gets the default redirect URI for the platform, which sometimes includes the clientId
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Interfaces.IPlatformProxy.GetProductName">
<summary>
Returns the MSAL platform, e.g. MSAL.NetCore, MSAL.Desktop.
</summary>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Interfaces.IPlatformProxy.GetRuntimeVersion">
<summary>
Returns the framework runtime version on which the app is running, e.g. .NET Core 3.1.3, .NET Framework 4.8.
</summary>
<returns>Runtime version</returns>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Interfaces.IPlatformProxy.StartDefaultOsBrowserAsync(System.String,System.Boolean)">
<summary>
Go to a URL using the OS default browser.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Interfaces.IPlatformProxy.CanBrokerSupportSilentAuth">
<summary>
Most brokers take care of both silent auth and interactive auth, however some (iOS)
does not support silent auth and gives the RT back to MSAL.
</summary>
<returns></returns>
</member>
<member name="P:Microsoft.Identity.Client.PlatformsCommon.Interfaces.IPlatformProxy.BrokerSupportsWamAccounts">
<summary>
WAM broker has a deeper integration into MSAL because MSAL needs to store
WAM account IDs in the token cache.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.GetWebUiFactory(Microsoft.Identity.Client.ApplicationConfiguration)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.GetDeviceModel">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.GetOperatingSystem">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.GetProcessorArchitecture">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.GetUserPrincipalNameAsync">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.GetCallingApplicationName">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.GetCallingApplicationVersion">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.GetDeviceId">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.GetDefaultRedirectUri(System.String,System.Boolean)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.GetProductName">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.GetRuntimeVersion">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.CreateLegacyCachePersistence">
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.CryptographyManager">
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.PlatformLogger">
<inheritdoc/>
</member>
<member name="P:Microsoft.Identity.Client.PlatformsCommon.Shared.AbstractPlatformProxy.LegacyCacheRequiresSerialization">
<summary>
On Android and iOS, MSAL will save the legacy ADAL cache in a known location.
On other platforms, the app developer must use the serialization callbacks
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.CommonCryptographyManager.SignWithCertificate(System.String,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.RSASignaturePadding)">
<remarks>AAD only supports RSA certs for client credentials </remarks>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.DesktopOsHelper.IsWamSupportedOSInternal">
<summary>
Checks if the OS supports WAM (Web Account Manager)
WAM Supported OS's are Windows 10 and above for Client, Windows 2019 and above for Server
</summary>
<returns>Returns <c>true</c> if the Windows Version has WAM support</returns>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.DeviceAuthHelper.GetBypassChallengeResponse(System.Net.Http.Headers.HttpResponseHeaders)">
<summary>
Constructs a bypass response to the PKeyAuth challenge on platforms where the challenge cannot be completed.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.DeviceAuthHelper.GetBypassChallengeResponse(System.Collections.Generic.Dictionary{System.String,System.String})">
<summary>
Constructs a bypass response to the PKeyAuth challenge on platforms where the challenge cannot be completed.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedAppTokenCacheAccessor">
<summary>
Stores tokens for an application.
Partitions the access token collection by a key of client ID with tenant ID.
App metadata collection is not partitioned.
Refresh token, ID token, and account related methods are no-op.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedAppTokenCacheAccessor.SaveRefreshToken(Microsoft.Identity.Client.Cache.Items.MsalRefreshTokenCacheItem)">
<summary>
This method is not supported for the app token cache because
there are no refresh tokens in a client credential flow.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedAppTokenCacheAccessor.SaveIdToken(Microsoft.Identity.Client.Cache.Items.MsalIdTokenCacheItem)">
<summary>
This method is not supported for the app token cache because
there are no ID tokens in a client credential flow.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedAppTokenCacheAccessor.SaveAccount(Microsoft.Identity.Client.Cache.Items.MsalAccountCacheItem)">
<summary>
This method is not supported for the app token cache because
there are no user accounts in a client credential flow.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedAppTokenCacheAccessor.GetIdToken(Microsoft.Identity.Client.Cache.Items.MsalAccessTokenCacheItem)">
<summary>
This method is not supported for the app token cache because
there are no ID tokens in a client credential flow.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedAppTokenCacheAccessor.GetAccount(Microsoft.Identity.Client.Cache.Items.MsalAccountCacheItem)">
<summary>
This method is not supported for the app token cache because
there are no user accounts in a client credential flow.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedAppTokenCacheAccessor.DeleteRefreshToken(Microsoft.Identity.Client.Cache.Items.MsalRefreshTokenCacheItem)">
<summary>
This method is not supported for the app token cache because
there are no refresh tokens in a client credential flow.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedAppTokenCacheAccessor.DeleteIdToken(Microsoft.Identity.Client.Cache.Items.MsalIdTokenCacheItem)">
<summary>
This method is not supported for the app token cache because
there are no ID tokens in a client credential flow.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedAppTokenCacheAccessor.DeleteAccount(Microsoft.Identity.Client.Cache.Items.MsalAccountCacheItem)">
<summary>
This method is not supported for the app token cache because
there are no user accounts in a client credential flow.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedAppTokenCacheAccessor.GetAllAccessTokens(System.String,Microsoft.Identity.Client.Core.ILoggerAdapter)">
<summary>
WARNING: if partitionKey = null, this API is slow as it loads all tokens, not just from 1 partition.
It should only support external token caching, in the hope that the external token cache is partitioned.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedUserTokenCacheAccessor">
<summary>
Stores tokens for users.
Partitions the access and refresh token collections by a user assertion hash in case of OBO and by home account ID otherwise.
Partitions the ID token and account collections by home account ID.
App metadata collection is not partitioned.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedUserTokenCacheAccessor.GetAllAccessTokens(System.String,Microsoft.Identity.Client.Core.ILoggerAdapter)">
WARNING: if partitionKey is null, this API is slow as it loads all tokens, not just from 1 partition.
It should only support external token caching, in the hope that the external token cache is partitioned.
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedUserTokenCacheAccessor.GetAllRefreshTokens(System.String,Microsoft.Identity.Client.Core.ILoggerAdapter)">
WARNING: if partitionKey is null, this API is slow as it loads all tokens, not just from 1 partition.
It should only support external token caching, in the hope that the external token cache is partitioned.
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedUserTokenCacheAccessor.GetAllIdTokens(System.String,Microsoft.Identity.Client.Core.ILoggerAdapter)">
WARNING: if partitionKey is null, this API is slow as it loads all tokens, not just from 1 partition.
It should only support external token caching, in the hope that the external token cache is partitioned.
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedUserTokenCacheAccessor.GetAllAccounts(System.String,Microsoft.Identity.Client.Core.ILoggerAdapter)">
WARNING: if partitionKey is null, this API is slow as it loads all tokens, not just from 1 partition.
It should only support external token caching, in the hope that the external token cache is partitioned.
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.InMemoryPartitionedUserTokenCacheAccessor.HasAccessOrRefreshTokens">
WARNING: this API is slow as it loads all tokens, not just from 1 partition.
It should only support external token caching, in the hope that the external token cache is partitioned.
</member>
<member name="T:Microsoft.Identity.Client.PlatformsCommon.Shared.NullDeviceAuthManager">
<summary>
Used for platforms that do not implement PKeyAuth.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.PlatformsCommon.Shared.SimpleHttpClientFactory">
<summary>
A simple implementation of the HttpClient factory that uses a managed HttpClientHandler
</summary>
<remarks>
.NET should use the IHttpClientFactory, but MSAL cannot take a dependency on it.
.NET should use SocketHandler, but UseDefaultCredentials doesn't work with it
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi">
<summary>
Windows OS Version checks
</summary>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.VER_NT_WORKSTATION">
<summary>
The operating system is Windows 10, Windows 8, Windows 7,...
</summary>
<remarks>VER_NT_WORKSTATION</remarks>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.VER_NT_DOMAIN_CONTROLLER">
<summary>
The system is a domain controller and the operating system is Windows Server.
</summary>
<remarks>VER_NT_DOMAIN_CONTROLLER</remarks>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.VER_NT_SERVER">
<summary>
The operating system is Windows Server. Note that a server that is also a domain controller
is reported as VER_NT_DOMAIN_CONTROLLER, not VER_NT_SERVER.
</summary>
<remarks>VER_NT_SERVER</remarks>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.NT_STATUS_SUCCESS">
<summary>
RtlGetVersion returns STATUS_SUCCESS.
</summary>
<remarks>NT_STATUS</remarks>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.WamSupportedWindows10BuildNumber">
<summary>
Microsoft 365 apps (for example, Office client apps) use Azure Active Directory Authentication Library (ADAL)
framework-based Modern Authentication by default. Starting with build 16.0.7967, Microsoft 365 apps use
Web Account Manager (WAM) for sign-in workflows on Windows builds that are later than 15000
(Windows 10, version 1703, build 15063.138).
https://learn.microsoft.com/microsoft-365/troubleshoot/administration/disabling-adal-wam-not-recommended
</summary>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.Windows2019BuildNumber">
<summary>
Windows Server 2019 (version 1809, Build Number 17763)
Editions : Datacenter, Essentials, Standard
https://learn.microsoft.com/windows-server/get-started/windows-server-release-info
For MultiSession Window 10 Build Number is same as Windows 2019 Server Build Number
MultiSession Windows 10 is supported from Windows 10 multi-session, version 1903
https://learn.microsoft.com/mem/intune/fundamentals/azure-virtual-desktop-multi-session
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.RtlGetVersion(Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.OSVERSIONINFOEXW@)">
<summary>
RtlGetVersion is the kernel-mode equivalent of the user-mode GetVersionEx function in the Windows SDK
The RtlGetVersion routine returns version information about the currently running operating system.
https://learn.microsoft.com/windows-hardware/drivers/ddi/wdm/nf-wdm-rtlgetversion
When using RtlGetVersion to determine whether a particular version of the operating system is running,
a caller should check for version numbers that are greater than or equal to the required version number.
This ensures that a version test succeeds for later versions of Windows.
</summary>
<param name="versionInformation">Pointer to either a RTL_OSVERSIONINFOW structure or a RTL_OSVERSIONINFOEXW
structure that contains the version information about the currently running operating system. A caller specifies
which input structure is used by setting the dwOSVersionInfoSize member of the structure to the size in bytes of
the structure that is used.</param>
<returns>RtlGetVersion returns Status_Success.</returns>
</member>
<member name="T:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.OSVERSIONINFOEXW">
<summary>
Contains operating system version information. The information includes major and minor version numbers,
a build number, a platform identifier, and information about product suites and the latest Service Pack
installed on the system.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.OSVERSIONINFOEXW.dwOSVersionInfoSize">
<summary>
The size, in bytes, of an RTL_OSVERSIONINFOEXW structure.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.OSVERSIONINFOEXW.dwMajorVersion">
<summary>
he major version number of the operating system.
For example, for Windows 2000, the major version number is five.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.OSVERSIONINFOEXW.dwMinorVersion">
<summary>
The minor version number of the operating system.
For example, for Windows 2000, the minor version number is zero.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.OSVERSIONINFOEXW.dwBuildNumber">
<summary>
The build number of the operating system.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.OSVERSIONINFOEXW.dwPlatformId">
<summary>
The operating system platform. This member can be VER_PLATFORM_WIN32_NT (2).
</summary>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.OSVERSIONINFOEXW.scZSDVersion">
<summary>
A null-terminated string, such as "Service Pack 3", that indicates the latest Service Pack
installed on the system. If no Service Pack has been installed, the string is empty.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.OSVERSIONINFOEXW.wServicePackMajor">
<summary>
The major version number of the latest Service Pack installed on the system.
For example, for Service Pack 3, the major version number is 3.
If no Service Pack has been installed, the value is zero.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.OSVERSIONINFOEXW.wServicePackMinor">
<summary>
The minor version number of the latest Service Pack installed on the system.
For example, for Service Pack 3, the minor version number is 0.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.OSVERSIONINFOEXW.wSuiteMask">
<summary>
A bit mask that identifies the product suites available on the system.
This member can be a combination of the following values.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.OSVERSIONINFOEXW.wProductType">
<summary>
The product type. This member contains additional information about the system.
This member can be one of the following values: VER_NT_WORKSTATION, VER_NT_DOMAIN_CONTROLLER, VER_NT_SERVER
</summary>
</member>
<member name="F:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.OSVERSIONINFOEXW.wReserved">
<summary>
Reserved for future use.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.PlatformsCommon.Shared.Win32VersionApi.IsWamSupportedOs">
<summary>
Checks if the OS supports WAM (Web Account Manager)
WAM Supported OS's are Windows 10 and above for Client, Windows 2019 and above for Server
</summary>
<returns>Returns <c>true</c> if the OS Version has WAM support</returns>
</member>
<member name="T:Microsoft.Identity.Client.PreserveAttribute">
<summary>
Attribute that will be picked up by the Xamarin Linker, as a hint for the linker to not remove the type.
Needs to be added to types that get created by reflection, e.g. JSON serialization types
</summary>
<remarks>It's important to not change the name and the 2 fields of this class. The linker looks for these.</remarks>
</member>
<member name="T:Microsoft.Identity.Client.Prompt">
<summary>
Structure containing static members that you can use to specify how the interactive overrides
of AcquireTokenAsync in <see cref="T:Microsoft.Identity.Client.IPublicClientApplication" /> should prompt the user.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Prompt.SelectAccount">
<summary>
AcquireToken will send <c>prompt=select_account</c> to the authorization server's authorize endpoint.
which would present to the user a list of accounts from which one can be selected for
authentication.
</summary>
<remarks>
This is the default prompt for backwards compatibility reasons. Please use <see cref="F:Microsoft.Identity.Client.Prompt.NoPrompt"/> for the best user experience.
</remarks>
</member>
<member name="F:Microsoft.Identity.Client.Prompt.ForceLogin">
<summary>
The user will be prompted for credentials by the service. It is achieved
by sending <c>prompt=login</c> to the authorize endpoint.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Prompt.Consent">
<summary>
The user will be prompted to consent, even if consent was granted before. It is achieved
by sending <c>prompt=consent</c> to the authorization server's authorize endpoint.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Prompt.NoPrompt">
<summary>
Let the identity service decide on the best user experience, based on browser cookies and
on the login hint, which can be specified using WithAccount() or WithLoginHint()
</summary>
<remarks>This is the recommended prompt</remarks>
</member>
<member name="F:Microsoft.Identity.Client.Prompt.Create">
<summary>
AcquireToken will send <c>prompt=create</c> to the authorization server's authorize endpoint
which would trigger a sign-up experience, used for External Identities.
</summary>
<remarks>More details at https://aka.ms/msal-net-prompt-create. </remarks>
</member>
<member name="M:Microsoft.Identity.Client.Prompt.Equals(System.Object)">
<summary>
Equals method override to compare Prompt structs
</summary>
<param name="obj">object to compare against</param>
<returns>true if object are equal.</returns>
</member>
<member name="M:Microsoft.Identity.Client.Prompt.GetHashCode">
<summary>
Override to compute hash code
</summary>
<returns>hash code of the PromptValue</returns>
</member>
<member name="M:Microsoft.Identity.Client.Prompt.op_Equality(Microsoft.Identity.Client.Prompt,Microsoft.Identity.Client.Prompt)">
<summary>
Operator overload to check equality
</summary>
<param name="x">first value</param>
<param name="y">second value</param>
<returns>true if the objects are equal</returns>
</member>
<member name="M:Microsoft.Identity.Client.Prompt.op_Inequality(Microsoft.Identity.Client.Prompt,Microsoft.Identity.Client.Prompt)">
<summary>
Operator overload to check inequality
</summary>
<param name="x">first value</param>
<param name="y">second value</param>
<returns>true if the objects are not equal</returns>
</member>
<member name="T:Microsoft.Identity.Client.KeyTokens">
<summary>Public Key Tokens for InternalsVisibleTo</summary>
</member>
<member name="T:Microsoft.Identity.Client.RegionDetails">
<summary>
Contains the result of region when MSAL region discovery is used,
published as part of AuthenticationResultMetadata.
<see cref="T:Microsoft.Identity.Client.AuthenticationResultMetadata"/> for additional metadata
information of the authentication result.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.RegionDetails.#ctor(Microsoft.Identity.Client.Region.RegionOutcome,System.String,System.String)">
<summary>
Constructor for RegionDetails
</summary>
<param name="regionOutcome"></param>
<param name="regionUsed"></param>
<param name="autoDetectionError "></param>
</member>
<member name="P:Microsoft.Identity.Client.RegionDetails.RegionOutcome">
<summary>
Region Outcome based on MSAL region detection
</summary>
</member>
<member name="P:Microsoft.Identity.Client.RegionDetails.RegionUsed">
<summary>
Region used to construct /token endpoint to contact ESTS.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.RegionDetails.AutoDetectionError">
<summary>
Error details when region auto detect fails
</summary>
</member>
<member name="T:Microsoft.Identity.Client.TelemetryCallback">
<summary>
This callback is for the raw telemetry events (app, HTTP, cache) that we want to aggregate using MATS.
</summary>
<param name="events"></param>
</member>
<member name="T:Microsoft.Identity.Client.TelemetryCore.Http.HttpTelemetryManager">
<summary>
Responsible for recording API events and formatting CSV
with telemetry.
</summary>
<remarks>
Not fully thread safe - it is possible that multiple threads request
the "previous requests" data at the same time. It is the responsibility of
the caller to protect against this.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.TelemetryCore.Http.HttpTelemetryManager.GetLastRequestHeader">
<summary>
CSV expected format:
3|silent_successful_count|failed_requests|errors|platform_fields
failed_request is: api_id_1,correlation_id_1,api_id_2,correlation_id_2|error_1,error_2
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TelemetryCore.Http.HttpTelemetryManager.GetCurrentRequestHeader(Microsoft.Identity.Client.TelemetryCore.Internal.Events.ApiEvent)">
<summary>
Expected format: 5|api_id,cache_info,region_used,region_autodetection,region_outcome|platform_config
platform_config: is_token_cache_serialized,is_legacy_cache_enabled, token_type
</summary>
</member>
<member name="T:Microsoft.Identity.Client.TelemetryCore.IHttpTelemetryManager">
<summary>
Controls the HTTP telemetry that MSAL sends to AAD
via HTTP headers when contacting the /token endpoint.
</summary>
<remarks>
- It is assumed that one manager is created for each application and shared between requests
- Implementer must be thread safe, since one app can fire multiple requests
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.TelemetryCore.IHttpTelemetryManager.RecordStoppedEvent(Microsoft.Identity.Client.TelemetryCore.Internal.Events.ApiEvent)">
<summary>
Record a stopped event
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TelemetryCore.IHttpTelemetryManager.GetCurrentRequestHeader(Microsoft.Identity.Client.TelemetryCore.Internal.Events.ApiEvent)">
<summary>
Csv string with details about the current header (api used, force refresh flag)
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TelemetryCore.IHttpTelemetryManager.GetLastRequestHeader">
<summary>
Csv string with details about the previous failed requests made: api, correlation id, error
</summary>
<remarks>
If AAD returns OK or a normal error (e.g. interaction required), then telemetry is recorded.
If AAD returns a 5xx or 429 HTTP error (i.e. AAD is down), then telemetry has not been recorded and MSAL
will continue to hold on to this data until a successful request is made
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.TelemetryCore.IHttpTelemetryManager.ResetPreviousUnsentData">
<summary>
Resets the state of failed requests. See <see cref="M:Microsoft.Identity.Client.TelemetryCore.IHttpTelemetryManager.GetLastRequestHeader"/> for more details
</summary>
</member>
<member name="T:Microsoft.Identity.Client.TelemetryCore.TelemetryClient.TelemetryClientExtensions">
<summary>
Extension methods used for telemetry client.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TelemetryCore.TelemetryClient.TelemetryClientExtensions.HasEnabledClients(Microsoft.IdentityModel.Abstractions.ITelemetryClient[],System.String)">
<summary>
Checks if any of the clients in the set of <see cref="T:Microsoft.IdentityModel.Abstractions.ITelemetryClient"/>s are enabled for a given <paramref name="eventName"/>.
</summary>
<param name="clients">Set of clients to check.</param>
<param name="eventName">Event name to evaluate.</param>
<returns>True if any of the clients are enabled for the eventName, otherwise false.</returns>
</member>
<member name="M:Microsoft.Identity.Client.TelemetryCore.TelemetryClient.TelemetryClientExtensions.TrackEvent(Microsoft.IdentityModel.Abstractions.ITelemetryClient[],Microsoft.IdentityModel.Abstractions.TelemetryEventDetails)">
<summary>
Sends the same input events to each telemetry client.
</summary>
<param name="clients">Clients to emit telemetry to.</param>
<param name="eventDetails">Telemetry details to emit.</param>
</member>
<member name="T:Microsoft.Identity.Client.TelemetryCore.TelemetryClient.TelemetryData">
<summary>
Stores details to log to the <see cref="T:Microsoft.IdentityModel.Abstractions.ITelemetryClient"/>.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TelemetryCore.TelemetryClient.TelemetryData.CacheLevel">
<summary>
Type of cache used. This data is captured from MSAL or Microsoft.Identity.Web to log to telemetry.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.TenantProfile">
<summary>
Represents an account in a specific tenant. The same account can exist in its home tenant and also as a guest in multiple other tenants.
Access tokens and Id Tokens are tenant specific and this object provides high level information about all the ID tokens associated with the account.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TenantProfile.Oid">
<summary>
The immutable identifier for an user account, in a specific tenant.
This ID uniquely identifies the user across applications - two different applications signing in the same user will receive the same value in the oid claim.
The user will have a different object ID in each tenant - they're considered different accounts, even though the user logs into each account with the same credentials.
</summary>
<remarks>This claim is issued by Microsoft Identity Providers and can be null. Fallback to the sub claim, which is scoped to a user and an app.</remarks>
</member>
<member name="P:Microsoft.Identity.Client.TenantProfile.TenantId">
<summary>
Represents the tenant that the user is signing in to.
For work and school accounts, the GUID is the immutable tenant ID of the organization that the user is signing in to.
For sign-ins to the personal Microsoft account tenant (services like Xbox, Teams for Life, or Outlook), the value is 9188040d-6c67-4c5b-b112-36a304b66dad.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TenantProfile.ClaimsPrincipal">
<summary>
All the claims present in the ID Token associated with this profile.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.TenantProfile.IsHomeTenant">
<summary>
Returns <c>true</c> if this profile is associated with the user's home tenant.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.TokenCacheExtensions">
<summary>
Extension methods for ITokenCache
</summary>
</member>
<member name="M:Microsoft.Identity.Client.TokenCacheExtensions.SetCacheOptions(Microsoft.Identity.Client.ITokenCache,Microsoft.Identity.Client.CacheOptions)">
<summary>
Options for MSAL token caches.
MSAL maintains a token cache internally in memory. By default, this cache object is part of each instance of <see cref="T:Microsoft.Identity.Client.PublicClientApplication"/> or <see cref="T:Microsoft.Identity.Client.ConfidentialClientApplication"/>.
This method allows customization of the in-memory token cache of MSAL.
MSAL's memory cache is different than token cache serialization. Cache serialization pulls the tokens from a cache (e.g. Redis, Cosmos, or a file on disk),
where they are stored in JSON format, into MSAL's internal memory cache. Memory cache operations do not involve JSON operations.
External cache serialization remains the recommended way to handle desktop apps, web site and web APIs, as it provides persistence. These options
do not currently control external cache serialization.
Detailed guidance for each application type and platform:
https://aka.ms/msal-net-token-cache-serialization
</summary>
<param name="tokenCache">Either the UserTokenCache or the AppTokenCache, for which these options apply.</param>
<param name="options">Options for the internal MSAL token caches. </param>
</member>
<member name="T:Microsoft.Identity.Client.TokenSource">
<summary>
Specifies the source of the access and Id tokens in the authentication result.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.TokenSource.IdentityProvider">
<summary>
The source of the access and Id token is Identity Provider - Microsoft Entra ID, ADFS or AAD B2C.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.TokenSource.Cache">
<summary>
The source of access and Id token is MSAL's cache.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.TokenSource.Broker">
<summary>
The source of the access and Id token is a broker application - Authenticator or Company Portal. Brokers are supported only on Android and iOS.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.UiRequiredExceptionClassification">
<summary>
Details about the cause of an <see cref="T:Microsoft.Identity.Client.MsalUiRequiredException"/>, giving a hint about what the user can expect when
they go through interactive authentication. See <see href="https://aka.ms/msal-net-UiRequiredException">Understanding MsalUiRequiredException</see> for details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.UiRequiredExceptionClassification.None">
<summary>
No details are provided. It is possible that the user will be able to resolve the issue by launching interactive authentication.
This is also the classification when no account or valid login hint is passed to <see cref="T:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder"/>.
See <see href="https://aka.ms/msal-net-UiRequiredException">Understanding MsalUiRequiredException</see> for details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.UiRequiredExceptionClassification.MessageOnly">
<summary>
Issue cannot be resolved. Launching interactive authentication flow will show a message explaining the condition.
See <see href="https://aka.ms/msal-net-UiRequiredException">Understanding MsalUiRequiredException</see> for details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.UiRequiredExceptionClassification.BasicAction">
<summary>
Issue can be resolved by user interaction during the interactive authentication flow.
See <see href="https://aka.ms/msal-net-UiRequiredException">Understanding MsalUiRequiredException</see> for details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.UiRequiredExceptionClassification.AdditionalAction">
<summary>
Issue can be resolved by additional remedial interaction within the system, outside of the interactive authentication flow.
Starting an interactive authentication flow will show the user what they need to do but it is possible that the user will be unable to complete the action.
See <see href="https://aka.ms/msal-net-UiRequiredException">Understanding MsalUiRequiredException</see> for details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.UiRequiredExceptionClassification.ConsentRequired">
<summary>
User consent is missing or has been revoked. Issue can be resolved by user consenting during the interactive authentication flow.
See <see href="https://aka.ms/msal-net-UiRequiredException">Understanding MsalUiRequiredException</see> for details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.UiRequiredExceptionClassification.UserPasswordExpired">
<summary>
User's password has expired. Issue can be resolved by user during the interactive authentication flow.
See <see href="https://aka.ms/msal-net-UiRequiredException">Understanding MsalUiRequiredException</see> for details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.UiRequiredExceptionClassification.PromptNeverFailed">
<summary>
<see cref="M:Microsoft.Identity.Client.AcquireTokenInteractiveParameterBuilder.WithPrompt(Microsoft.Identity.Client.Prompt)"/> was used with a <c>Prompt.Never</c> value,
however this could not be honored by the server. Please use a different prompt behavior, such as <see cref="F:Microsoft.Identity.Client.Prompt.SelectAccount"/>.
See <see href="https://aka.ms/msal-net-UiRequiredException">Understanding MsalUiRequiredException</see> for details.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.UiRequiredExceptionClassification.AcquireTokenSilentFailed">
<summary>
An <see cref="T:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder"/> call failed. This is usually part of the pattern
of calling <see cref="T:Microsoft.Identity.Client.AcquireTokenSilentParameterBuilder"/> for getting a token from the cache, followed by an a different
<c>AcquireToken</c> call for getting a token from Microsoft Entra ID. See the error message for details.
See <see href="https://aka.ms/msal-net-UiRequiredException">Understanding MsalUiRequiredException</see> for details.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.UI.AuthorizationResult.State">
<summary>
A string that is added to each Authorization Request and is expected to be sent back along with the
authorization code. MSAL is responsible for validating that the state sent is identical to the state received.
</summary>
<remarks>
This is in addition to PKCE, which is validated by the server to ensure that the system redeeming the auth code
is the same as the system who asked for it. It protects against XSRF https://openid.net/specs/openid-connect-core-1_0.html
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.UI.CustomWebUiHandler.AcquireAuthorizationAsync(System.Uri,System.Uri,Microsoft.Identity.Client.Internal.RequestContext,System.Threading.CancellationToken)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.UI.CustomWebUiHandler.UpdateRedirectUri(System.Uri)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.UI.EmbeddedUiCommon.IsAllowedIeOrEdgeAuthorizationRedirect(System.Uri)">
<summary>
Validates that the authorization redirects do not happen over http or other insecure protocol.
This does not include the final redirect, denoted by the redirect URI.
</summary>
<param name="uri"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.UI.IWebUI.UpdateRedirectUri(System.Uri)">
<summary>
Extra validations on the redirect URI, for example system web views cannot work with the urn:oob... URI because
there is no way of knowing which app to get back to.
WebUIs can update the URI, for example use http://localhost:1234 instead of http://localhost.
Throws, if URI is invalid.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.UserAssertion">
<seealso cref="M:Microsoft.Identity.Client.IConfidentialClientApplication.AcquireTokenOnBehalfOf(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.UserAssertion)"/>
</member>
<member name="M:Microsoft.Identity.Client.UserAssertion.#ctor(System.String)">
<summary>
Constructor from a JWT assertion. For other assertion types (SAML), use the other constructor <see cref="M:Microsoft.Identity.Client.UserAssertion.#ctor(System.String,System.String)"/>
</summary>
<param name="jwtBearerToken">JWT bearer token used to access the Web application itself</param>
</member>
<member name="M:Microsoft.Identity.Client.UserAssertion.#ctor(System.String,System.String)">
<summary>
Constructor of a UserAssertion specifying the assertionType in addition to the assertion
</summary>
<param name="assertion">Assertion representing the user.</param>
<param name="assertionType">Type of the assertion representing the user. Accepted types are currently:
<list type="bullet">
<item><term>urn:ietf:params:oauth:grant-type:jwt-bearer</term><description>JWT bearer token. Passing this is equivalent to using
the other (simpler) constructor</description></item>
<item><term>urn:ietf:params:oauth:grant-type:saml1_1-bearer</term><description>SAML 1.1 bearer token</description></item>
<item><term>urn:ietf:params:oauth:grant-type:saml2-bearer</term><description>SAML 2 bearer token</description></item>
</list></param>
</member>
<member name="P:Microsoft.Identity.Client.UserAssertion.Assertion">
<summary>
Gets the assertion.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.UserAssertion.AssertionType">
<summary>
Gets the assertion type.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Utils.AuthorityHelpers.GetTenantId(System.Uri)">
<summary>
Retrieve the TenantId for an Authority URL.
</summary>
<param name="authorityUri">The Authority URL to parse.</param>
<returns>The Tenant Id</returns>
<remarks>
The Tenant Id can be NULL if the Authority Type is ADFS
</remarks>
</member>
<member name="F:Microsoft.Identity.Client.Utils.Base64UrlHelpers.s_base64Table">
<summary>
Encoding table
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Utils.Base64UrlHelpers.Encode(System.String)">
<summary>
The following functions perform base64url encoding which differs from regular base64 encoding as follows
* padding is skipped so the pad character '=' doesn't have to be percent encoded
* the 62nd and 63rd regular base64 encoding characters ('+' and '/') are replace with ('-' and '_')
The changes make the encoding alphabet file and URL safe.
</summary>
<param name="arg">string to encode.</param>
<returns>Base64Url encoding of the UTF8 bytes.</returns>
</member>
<member name="M:Microsoft.Identity.Client.Utils.Base64UrlHelpers.Encode(System.Byte[],System.Int32,System.Int32)">
<summary>
Converts a subset of an array of 8-bit unsigned integers to its equivalent string representation that is encoded with base-64-url digits. Parameters specify
the subset as an offset in the input array, and the number of elements in the array to convert.
</summary>
<param name="inArray">An array of 8-bit unsigned integers.</param>
<param name="length">An offset in inArray.</param>
<param name="offset">The number of elements of inArray to convert.</param>
<returns>The string representation in base 64 url encoding of length elements of inArray, starting at position offset.</returns>
<exception cref="T:System.ArgumentNullException">'inArray' is null.</exception>
<exception cref="T:System.ArgumentOutOfRangeException">offset or length is negative OR offset plus length is greater than the length of inArray.</exception>
</member>
<member name="M:Microsoft.Identity.Client.Utils.Base64UrlHelpers.Encode(System.Byte[])">
<summary>
Converts a subset of an array of 8-bit unsigned integers to its equivalent string representation that is encoded with base-64-url digits. Parameters specify
the subset as an offset in the input array, and the number of elements in the array to convert.
</summary>
<param name="inArray">An array of 8-bit unsigned integers.</param>
<returns>The string representation in base 64 url encoding of length elements of inArray, starting at position offset.</returns>
<exception cref="T:System.ArgumentNullException">'inArray' is null.</exception>
<exception cref="T:System.ArgumentOutOfRangeException">offset or length is negative OR offset plus length is greater than the length of inArray.</exception>
</member>
<member name="M:Microsoft.Identity.Client.Utils.Base64UrlHelpers.DecodeBytes(System.String)">
<summary>
Converts the specified string, which encodes binary data as base-64-url digits, to an equivalent 8-bit unsigned integer array.</summary>
<param name="str">base64Url encoded string.</param>
<returns>UTF8 bytes.</returns>
</member>
<member name="M:Microsoft.Identity.Client.Utils.Base64UrlHelpers.Decode(System.String)">
<summary>
Decodes the string from Base64UrlEncoded to UTF8.
</summary>
<param name="arg">string to decode.</param>
<returns>UTF8 string.</returns>
</member>
<member name="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1">
<summary>
Represents a thread-safe hash-based unique collection.
</summary>
<typeparam name="T">The type of the items in the collection.</typeparam>
<remarks>
All public members of <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/> are thread-safe and may be used
concurrently from multiple threads.
Based on the implementation from: https://github.com/i3arnon/ConcurrentHashSet/blob/main/src/ConcurrentHashSet/ConcurrentHashSet.cs
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.Count">
<summary>
Gets the number of items contained in the <see
cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>.
</summary>
<value>The number of items contained in the <see
cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>.</value>
<remarks>Count has snapshot semantics and represents the number of items in the <see
cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>
at the moment when Count was accessed.</remarks>
</member>
<member name="P:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.IsEmpty">
<summary>
Gets a value that indicates whether the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/> is empty.
</summary>
<value>true if the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/> is empty; otherwise,
false.</value>
</member>
<member name="M:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.#ctor">
<summary>
Initializes a new instance of the <see
cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>
class that is empty, has the default concurrency level, has the default initial capacity, and
uses the default comparer for the item type.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.#ctor(System.Int32,System.Int32)">
<summary>
Initializes a new instance of the <see
cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>
class that is empty, has the specified concurrency level and capacity, and uses the default
comparer for the item type.
</summary>
<param name="concurrencyLevel">The estimated number of threads that will update the
<see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/> concurrently.</param>
<param name="capacity">The initial number of elements that the <see
cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>
can contain.</param>
<exception cref="T:System.ArgumentOutOfRangeException"><paramref name="concurrencyLevel"/> is
less than 1.</exception>
<exception cref="T:System.ArgumentOutOfRangeException"> <paramref name="capacity"/> is less than
0.</exception>
</member>
<member name="M:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.#ctor(System.Collections.Generic.IEnumerable{`0})">
<summary>
Initializes a new instance of the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>
class that contains elements copied from the specified <see
cref="T:System.Collections.IEnumerable{T}"/>, has the default concurrency
level, has the default initial capacity, and uses the default comparer for the item type.
</summary>
<param name="collection">The <see
cref="T:System.Collections.IEnumerable{T}"/> whose elements are copied to
the new
<see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>.</param>
<exception cref="T:System.ArgumentNullException"><paramref name="collection"/> is a null reference.</exception>
</member>
<member name="M:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.#ctor(System.Collections.Generic.IEqualityComparer{`0})">
<summary>
Initializes a new instance of the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>
class that is empty, has the specified concurrency level and capacity, and uses the specified
<see cref="T:System.Collections.Generic.IEqualityComparer{T}"/>.
</summary>
<param name="comparer">The <see cref="T:System.Collections.Generic.IEqualityComparer{T}"/>
implementation to use when comparing items.</param>
</member>
<member name="M:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.#ctor(System.Collections.Generic.IEnumerable{`0},System.Collections.Generic.IEqualityComparer{`0})">
<summary>
Initializes a new instance of the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>
class that contains elements copied from the specified <see
cref="T:System.Collections.IEnumerable"/>, has the default concurrency level, has the default
initial capacity, and uses the specified
<see cref="T:System.Collections.Generic.IEqualityComparer{T}"/>.
</summary>
<param name="collection">The <see
cref="T:System.Collections.IEnumerable{T}"/> whose elements are copied to
the new
<see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>.</param>
<param name="comparer">The <see cref="T:System.Collections.Generic.IEqualityComparer{T}"/>
implementation to use when comparing items.</param>
<exception cref="T:System.ArgumentNullException"><paramref name="collection"/> is a null reference
(Nothing in Visual Basic).
</exception>
</member>
<member name="M:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.#ctor(System.Int32,System.Collections.Generic.IEnumerable{`0},System.Collections.Generic.IEqualityComparer{`0})">
<summary>
Initializes a new instance of the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>
class that contains elements copied from the specified <see cref="T:System.Collections.IEnumerable"/>,
has the specified concurrency level, has the specified initial capacity, and uses the specified
<see cref="T:System.Collections.Generic.IEqualityComparer{T}"/>.
</summary>
<param name="concurrencyLevel">The estimated number of threads that will update the
<see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/> concurrently.</param>
<param name="collection">The <see cref="T:System.Collections.IEnumerable{T}"/> whose elements are copied to the new
<see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>.</param>
<param name="comparer">The <see cref="T:System.Collections.Generic.IEqualityComparer{T}"/> implementation to use
when comparing items.</param>
<exception cref="T:System.ArgumentNullException">
<paramref name="collection"/> is a null reference.
</exception>
<exception cref="T:System.ArgumentOutOfRangeException">
<paramref name="concurrencyLevel"/> is less than 1.
</exception>
</member>
<member name="M:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.#ctor(System.Int32,System.Int32,System.Collections.Generic.IEqualityComparer{`0})">
<summary>
Initializes a new instance of the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>
class that is empty, has the specified concurrency level, has the specified initial capacity, and
uses the specified <see cref="T:System.Collections.Generic.IEqualityComparer{T}"/>.
</summary>
<param name="concurrencyLevel">The estimated number of threads that will update the
<see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/> concurrently.</param>
<param name="capacity">The initial number of elements that the <see
cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>
can contain.</param>
<param name="comparer">The <see cref="T:System.Collections.Generic.IEqualityComparer{T}"/>
implementation to use when comparing items.</param>
<exception cref="T:System.ArgumentOutOfRangeException">
<paramref name="concurrencyLevel"/> is less than 1. -or-
<paramref name="capacity"/> is less than 0.
</exception>
</member>
<member name="M:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.Add(`0)">
<summary>
Adds the specified item to the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>.
</summary>
<param name="item">The item to add.</param>
<returns>true if the items was added to the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>
successfully; false if it already exists.</returns>
<exception cref="T:System.OverflowException">The <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>
contains too many items.</exception>
</member>
<member name="M:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.Clear">
<summary>
Removes all items from the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.Contains(`0)">
<summary>
Determines whether the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/> contains the specified
item.
</summary>
<param name="item">The item to locate in the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>.</param>
<returns>true if the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/> contains the item; otherwise, false.</returns>
</member>
<member name="M:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.TryRemove(`0)">
<summary>
Attempts to remove the item from the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>.
</summary>
<param name="item">The item to remove.</param>
<returns>true if an item was removed successfully; otherwise, false.</returns>
</member>
<member name="M:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.GetEnumerator">
<summary>Returns an enumerator that iterates through the <see
cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>.</summary>
<returns>An enumerator for the <see cref="T:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1"/>.</returns>
<remarks>
The enumerator returned from the collection is safe to use concurrently with
reads and writes to the collection, however it does not represent a moment-in-time snapshot
of the collection. The contents exposed through the enumerator may contain modifications
made to the collection after <see cref="M:Microsoft.Identity.Client.Utils.ConcurrentHashSet`1.GetEnumerator"/> was called.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Utils.JsonHelper.Merge(System.Text.Json.Nodes.JsonObject,System.Text.Json.Nodes.JsonObject)">
<summary>
Merges two JSON objects into a single JSON object.
</summary>
<param name="originalJson">The original JSON object to merge.</param>
<param name="newContent">The additional JSON object to merge.</param>
<returns>A JObject representing the merged JSON.</returns>
<remarks>
This method parses the original and new JSON objects, merges their elements, and returns
a JObject representing the merged JSON.
Original Code Reference: https://github.com/dotnet/runtime/issues/31433
</remarks>
</member>
<member name="T:Microsoft.Identity.Client.Utils.MeasureDurationResult`1">
<summary>
Structure that holds a <see cref="T:System.Threading.Tasks.Task"/> result and duration of the <see cref="T:System.Threading.Tasks.Task"/> in milliseconds
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Utils.MeasureDurationResult`1.Milliseconds">
<summary>
Measured milliseconds
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Utils.MeasureDurationResult`1.Microseconds">
<summary>
Measured microseconds
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Utils.MeasureDurationResult`1.Ticks">
<summary>
Measured ticks
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Utils.MeasureDurationResult">
<summary>
Structure that holds a duration of the <see cref="T:System.Threading.Tasks.Task"/> in milliseconds.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Utils.MeasureDurationResult.Milliseconds">
<summary>
Measured milliseconds
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Utils.MeasureDurationResult.Microseconds">
<summary>
Measured microseconds
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Utils.MeasureDurationResult.Ticks">
<summary>
Measured ticks
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Utils.OptionalSemaphoreSlim">
<summary>
An object that either wraps a SemaphoreSlim for synchronization or ignores synchronization completely and just keeps track of Wait / Release operations.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Utils.RetryOperationHelper">
<summary>
Provides functionality to automatically try the given piece of logic some number of times before re-throwing the exception.
This is useful for any piece of code which may experience transient failures. Be cautious of passing code with two distinct
actions given that if the second or subsequent piece of logic fails, the first will also be retried upon each retry.
</summary>
<remarks>
Copied from https://github.com/microsoft/RetryOperationHelper/blob/master/RetryOperationHelper/RetryOperationHelper.cs
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Utils.RetryOperationHelper.ExecuteWithRetryAsync``1(System.Func{System.Threading.Tasks.Task{``0}},System.Int32,System.Nullable{System.TimeSpan},System.Action{System.Int32,System.Exception},System.Collections.Generic.ISet{System.Type})">
<summary>Executes asynchronous function with retry logic.</summary>
<param name="func">The asynchronous function to be executed.</param>
<param name="maxAttempts">The maximum number of attempts.</param>
<param name="retryInterval">Timespan to wait between attempts of the operation</param>
<param name="onAttemptFailed">The callback executed when an attempt is failed.</param>
<param name="allowedExceptions">Allowed exceptions</param>
<typeparam name="T">The result type.</typeparam>
<returns>The <see cref="T:System.Threading.Tasks.Task"/> producing the result.</returns>
</member>
<member name="M:Microsoft.Identity.Client.Utils.RetryOperationHelper.ExecuteWithRetryAsync(System.Func{System.Threading.Tasks.Task},System.Int32,System.Nullable{System.TimeSpan},System.Action{System.Int32,System.Exception},System.Collections.Generic.ISet{System.Type})">
<summary>Executes asynchronous function with retry logic.</summary>
<param name="func">The asynchronous function to be executed.</param>
<param name="maxAttempts">The maximum number of attempts.</param>
<param name="retryInterval">Timespan to wait between attempts of the operation</param>
<param name="onAttemptFailed">The retry handler.</param>
<param name="allowedExceptions"></param>
<returns>The <see cref="T:System.Threading.Tasks.Task"/> producing the result.</returns>
</member>
<member name="T:Microsoft.Identity.Client.Utils.StopwatchService">
<summary>
Singleton timer used to measure the duration tasks.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Utils.StopwatchService.Watch">
<summary>
Singleton stopwatch.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.Utils.StopwatchService.CurrentElapsedMilliseconds">
<summary>
Current elapsed milliseconds of the stopwatch
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlock(System.Action)">
<summary>
Measures the duration of a code block
</summary>
<param name="codeBlock"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(System.Func{System.Threading.Tasks.Task})">
<summary>
Measures the duration of an asyncronous code block
</summary>
<param name="codeBlock"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync``1(System.Func{System.Threading.Tasks.Task{``0}})">
<summary>
Measures the duration of an asyncronous code block
</summary>
<param name="codeBlock"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.Utils.StopwatchService.MeasureAsync(System.Threading.Tasks.Task)">
<summary>
Measures duration of <paramref name="task"/> in ticks and milliseconds.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Utils.StopwatchService.MeasureAsync``1(System.Threading.Tasks.Task{``0})">
<summary>
Measures duration of <paramref name="task"/> in ticks and milliseconds.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Utils.StringExtensions.ToByteArray(System.String)">
<summary>
Create an array of bytes representing the UTF-8 encoding of the given string.
</summary>
<param name="stringInput">String to get UTF-8 bytes for</param>
<returns>Array of UTF-8 character bytes</returns>
</member>
<member name="T:Microsoft.Identity.Client.Utils.Windows.WindowsNativeUtils">
<summary>
Public Windows native methods
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Utils.Windows.WindowsNativeUtils.IsElevatedUser">
<summary>
Tests whether the current user is a member of the Administrator's group.
</summary>
<returns>True if the current user is an Admin; false, otherwise.</returns>
</member>
<member name="M:Microsoft.Identity.Client.Utils.Windows.WindowsNativeUtils.InitializeProcessSecurity">
<summary>
Registers security and sets the security values for the process.
</summary>
<remarks>
Workaround to enable WAM Account Picker in an elevated process.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.WsTrust.CommonNonInteractiveHandler.GetPlatformUserAsync">
<summary>
Gets the currently logged in user. Works for Windows when user is AD or AAD joined. Throws otherwise if cannot be found.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.WsTrust.IWsTrustWebRequestManager">
<summary>
</summary>
</member>
<member name="M:Microsoft.Identity.Client.WsTrust.IWsTrustWebRequestManager.GetMexDocumentAsync(System.String,Microsoft.Identity.Client.Internal.RequestContext,System.String)">
<summary>
</summary>
<param name="federationMetadataUrl"></param>
<param name="requestContext"></param>
<param name="federationMetadata"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.WsTrust.IWsTrustWebRequestManager.GetWsTrustResponseAsync(Microsoft.Identity.Client.WsTrust.WsTrustEndpoint,System.String,Microsoft.Identity.Client.Internal.RequestContext)">
<summary>
</summary>
<param name="wsTrustEndpoint"></param>
<param name="wsTrustRequest"></param>
<param name="requestContext"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.WsTrust.IWsTrustWebRequestManager.GetUserRealmAsync(System.String,System.String,Microsoft.Identity.Client.Internal.RequestContext)">
<summary>
</summary>
<param name="userRealmUriPrefix"></param>
<param name="userName"></param>
<param name="requestContext"></param>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.WsTrust.WsTrustWebRequestManager.GetMexDocumentAsync(System.String,Microsoft.Identity.Client.Internal.RequestContext,System.String)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.WsTrust.WsTrustWebRequestManager.GetWsTrustResponseAsync(Microsoft.Identity.Client.WsTrust.WsTrustEndpoint,System.String,Microsoft.Identity.Client.Internal.RequestContext)">
<inheritdoc/>
</member>
<member name="T:Microsoft.Identity.Client.WwwAuthenticateParameters">
<summary>
Parameters returned by the WWW-Authenticate header. This allows for dynamic
scenarios such as Claims challenge, Continuous Access Evaluation (CAE), and Conditional Access (CA).
See https://aka.ms/msal-net/wwwAuthenticate.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.WwwAuthenticateParameters.Resource">
<summary>
Resource for which to request scopes.
This is the App ID URI of the API that returned the WWW-Authenticate header.
</summary>
<remarks>
Clients that perform resource validation (e.g. by comparing the host part of the resource against a list of known good hosts),
can still use the indexer to retrieve the raw value of the resource / scope.
If a resource is used, add "/.default" to it to transform it into a scope, e.g. "https://graph.microsoft.com/.default" is the OAuth2 scope for "https://graph.microsoft.com" resource.
MSAL only works with scopes.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.WwwAuthenticateParameters.Scopes">
<summary>
Scopes to request.
If it's not provided by the web API, it's computed from the Resource.
</summary>
<remarks>
Clients that perform resource validation (e.g. by comparing the host part of the resource against a list of known good hosts),
can still use the indexer to retrieve the raw value of the resource / scope.
If a resource is used, add "/.default" to it to transform it into a scope, e.g. "https://graph.microsoft.com/.default" is the OAuth2 scope for "https://graph.microsoft.com" resource.
MSAL only works with scopes.
</remarks>
</member>
<member name="P:Microsoft.Identity.Client.WwwAuthenticateParameters.Authority">
<summary>
Authority from which to request an access token.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.WwwAuthenticateParameters.Claims">
<summary>
Claims demanded by the web API.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.WwwAuthenticateParameters.Error">
<summary>
Error.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.WwwAuthenticateParameters.AuthenticationScheme">
<summary>
AuthScheme.
See the <see href="https://developer.mozilla.org/docs/Web/HTTP/Headers/WWW-Authenticate#syntax">documentation on WWW-Authenticate</see> for more details
</summary>
</member>
<member name="P:Microsoft.Identity.Client.WwwAuthenticateParameters.Nonce">
<summary>
The nonce acquired from the WWW-Authenticate header.
</summary>
</member>
<member name="P:Microsoft.Identity.Client.WwwAuthenticateParameters.Item(System.String)">
<summary>
Return the <c>RawParameters</c> of key <paramref name="key"/>.
</summary>
<param name="key">Name of the raw parameter to retrieve.</param>
<returns>The raw parameter if it exists,
or throws a <see cref="T:System.Collections.Generic.KeyNotFoundException"/> otherwise.
</returns>
</member>
<member name="P:Microsoft.Identity.Client.WwwAuthenticateParameters.RawParameters">
<summary>
Dictionary of raw parameters in the WWW-Authenticate header (extracted from the WWW-Authenticate header
string value, without any processing). This allows support for APIs which are not mappable easily to the standard
or framework specific (Microsoft.Identity.Model, Microsoft.Identity.Web).
</summary>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.GetTenantId">
<summary>
Gets Azure AD tenant ID.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.CreateFromResourceResponseAsync(System.String)">
<summary>
Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
</summary>
<param name="resourceUri">URI of the resource.</param>
<returns>WWW-Authenticate Parameters extracted from response to the unauthenticated call.</returns>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.CreateFromResourceResponseAsync(System.String,System.Threading.CancellationToken)">
<summary>
Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
</summary>
<param name="resourceUri">URI of the resource.</param>
<param name="cancellationToken">The cancellation token to cancel operation.</param>
<returns>WWW-Authenticate Parameters extracted from response to the unauthenticated call.</returns>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.CreateFromResourceResponseAsync(System.Net.Http.HttpClient,System.String,System.Threading.CancellationToken)">
<summary>
Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
</summary>
<param name="httpClient">Instance of <see cref="T:System.Net.Http.HttpClient"/> to make the request with.</param>
<param name="resourceUri">URI of the resource.</param>
<param name="cancellationToken">The cancellation token to cancel operation.</param>
<returns>WWW-Authenticate Parameters extracted from response to the unauthenticated call.</returns>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.CreateFromResponseHeaders(System.Net.Http.Headers.HttpResponseHeaders,System.String)">
<summary>
Create WWW-Authenticate parameters from the HttpResponseHeaders.
</summary>
<param name="httpResponseHeaders">HttpResponseHeaders.</param>
<param name="scheme">Authentication scheme. Default is "Bearer".</param>
<returns>The parameters requested by the web API.</returns>
<remarks>Currently it only supports the Bearer scheme</remarks>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.CreateFromWwwAuthenticateHeaderValue(System.String)">
<summary>
Creates parameters from the WWW-Authenticate string.
</summary>
<param name="wwwAuthenticateValue">String contained in a WWW-Authenticate header.</param>
<returns>The parameters requested by the web API.</returns>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.CreateFromAuthenticationResponseAsync(System.String,System.String,System.Threading.CancellationToken)">
<summary>
Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
</summary>
<param name="resourceUri">URI of the resource.</param>
<param name="scheme">Authentication scheme.</param>
<param name="cancellationToken">The cancellation token to cancel operation.</param>
<returns>WWW-Authenticate Parameters extracted from response to the unauthenticated call.</returns>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.CreateFromAuthenticationResponseAsync(System.String,System.String,System.Net.Http.HttpClient,System.Threading.CancellationToken)">
<summary>
Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
</summary>
<param name="httpClient">Instance of <see cref="T:System.Net.Http.HttpClient"/> to make the request with.</param>
<param name="resourceUri">URI of the resource.</param>
<param name="cancellationToken">The cancellation token to cancel operation.</param>
<param name="scheme">Authentication scheme.</param>
<returns>WWW-Authenticate Parameters extracted from response to the unauthenticated call.</returns>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.CreateFromAuthenticationHeaders(System.Net.Http.Headers.HttpResponseHeaders,System.String)">
<summary>
Create WWW-Authenticate parameters from the HttpResponseHeaders.
</summary>
<param name="httpResponseHeaders">HttpResponseHeaders.</param>
<param name="scheme">Authentication scheme.</param>
<returns>The parameters requested by the web API.</returns>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.CreateFromAuthenticationResponseAsync(System.String,System.Threading.CancellationToken)">
<summary>
Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
</summary>
<param name="resourceUri">URI of the resource.</param>
<param name="cancellationToken">The cancellation token to cancel operation.</param>
<returns>WWW-Authenticate Parameters extracted from response to the unauthenticated call.</returns>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.CreateFromAuthenticationResponseAsync(System.String,System.Net.Http.HttpClient,System.Threading.CancellationToken)">
<summary>
Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
</summary>
<param name="httpClient">Instance of <see cref="T:System.Net.Http.HttpClient"/> to make the request with.</param>
<param name="resourceUri">URI of the resource.</param>
<param name="cancellationToken">The cancellation token to cancel operation.</param>
<returns>WWW-Authenticate Parameters extracted from response to the unauthenticated call.</returns>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.CreateFromAuthenticationHeaders(System.Net.Http.Headers.HttpResponseHeaders)">
<summary>
Create WWW-Authenticate parameters from the HttpResponseHeaders for each auth scheme.
</summary>
<param name="httpResponseHeaders">HttpResponseHeaders.</param>
<returns>The parameters requested by the web API.</returns>
<remarks>Currently it only supports the Bearer scheme</remarks>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.GetClaimChallengeFromResponseHeaders(System.Net.Http.Headers.HttpResponseHeaders,System.String)">
<summary>
Gets the claim challenge from HTTP header.
Used, for example, for Conditional Access (CA).
</summary>
<param name="httpResponseHeaders">The HTTP response headers.</param>
<param name="scheme">Authentication scheme. Default is Bearer.</param>
<returns>The claims challenge</returns>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.CreateFromWwwAuthenticationHeaderValue(System.String,System.String)">
<summary>
Creates parameters from the WWW-Authenticate string.
</summary>
<param name="wwwAuthenticateValue">String contained in a WWW-Authenticate header.</param>
<param name="scheme">Auth scheme of the result.</param>
<returns>The parameters requested by the web API.</returns>
</member>
<member name="M:Microsoft.Identity.Client.WwwAuthenticateParameters.GetJsonFragment(System.String)">
<summary>
Checks if input is a base-64 encoded string.
If it is one, decodes it to get a JSON fragment.
</summary>
<param name="inputString">Input string</param>
<returns>a json fragment (original input string or decoded from base64 encoded).</returns>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.netcore.NetCorePlatformProxy">
<summary>
Platform / OS specific logic. No library (ADAL / MSAL) specific code should go in here.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.netcore.NetCorePlatformProxy.GetUserPrincipalNameAsync">
<summary>
Get the user logged in
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.netcore.NetCorePlatformProxy.InternalGetOperatingSystem">
<summary>
The name of the operating system is important to the STS, as some CA policies
will look at x-client-os; as such the name of the OS should be parseable by the STS.
Do not use RID, as the format is not standardized across platforms.
Do not use OSDescription, as it can be very long and non-standard, e.g.
Darwin 23.1.0 Darwin Kernel Version 23.1.0: Mon Oct 9 21:27:27 PDT 2023; root:xnu-10002.41.9~6/RELEASE_X86_64
</summary>
<returns></returns>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.netcore.NetCorePlatformProxy.GetDefaultRedirectUri(System.String,System.Boolean)">
<inheritdoc/>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.netcore.NetCorePlatformProxy.InternalGetCallingApplicationName">
<summary>
Considered PII, ensure that it is hashed.
</summary>
<returns>Name of the calling application</returns>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.netcore.NetCorePlatformProxy.InternalGetCallingApplicationVersion">
<summary>
Considered PII, ensure that it is hashed.
</summary>
<returns>Version of the calling application</returns>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.netcore.NetCorePlatformProxy.InternalGetDeviceId">
<summary>
Considered PII. Please ensure that it is hashed.
</summary>
<returns>Device identifier</returns>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.netcore.NetCorePlatformProxy.TryGetExecutablePath(System.String,System.String@)">
<summary>
Searches through PATH variable to find the path to the specified executable.
</summary>
<param name="executable">Executable to find the path for.</param>
<param name="path">Location of the specified executable.</param>
<returns></returns>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.IUriInterceptor">
<summary>
An abstraction over objects that are able to listen to localhost url (e.g. http://localhost:1234)
and to retrieve the whole url, including query params (e.g. http://localhost:1234?code=auth_code_from_aad)
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.IUriInterceptor.ListenToSingleRequestAndRespondAsync(System.Int32,System.String,System.Func{System.Uri,Microsoft.Identity.Client.Platforms.Shared.Desktop.OsBrowser.MessageAndHttpCode},System.Threading.CancellationToken)">
<summary>
Listens to http://localhost:{port} and retrieve the entire url, including query params. Then
push back a response such as a display message or a redirect.
</summary>
<remarks>Cancellation is very important as this is typically a long running unmonitored operation</remarks>
<param name="port">the port to listen to</param>
<param name="path">the path to listen in</param>
<param name="responseProducer">The message to be displayed, or url to be redirected to will be created by this callback</param>
<param name="cancellationToken">Cancellation token</param>
<returns>Full redirect uri</returns>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.net6.JsonObjectAttribute">
<summary>
Dummy class to mimic Microsoft.Identity.Json.JsonObjectAttribute on Net 6 platform to reduce the number of compilation flags in the code
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.net6.MsalJsonSerializerContext">
<summary>
This class specifies metadata for System.Text.Json source generation.
See <see href="https://learn.microsoft.com/dotnet/standard/serialization/system-text-json/source-generation-modes?pivots=dotnet-6-0">Source-generation modes in System.Text.Json</see>.
and <see href="https://learn.microsoft.com/dotnet/standard/serialization/system-text-json/source-generation?pivots=dotnet-6-0">How to use source generation in System.Text.Json</see> for official docs.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.AcceptContextFlag">
<summary>
Flags that specify the attributes required by the AcceptSecurityContext (CredSSP) function
for a server to establish the context.
https://learn.microsoft.com/windows/win32/api/sspi/nf-sspi-acceptsecuritycontext
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.ContextStatus">
<summary>
Result of AcceptSecurityContext (CredSSP) function call which lets the server component of a transport application
establish a security context between the server and a remote client.
https://learn.microsoft.com/windows/win32/api/sspi/nf-sspi-acceptsecuritycontext
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.Credential">
<summary>
Previously authenticated logon data used by a security principal to establish its own identity,
such as a password, or a Kerberos protocol ticket.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.Credential.Current">
<summary>
Create a new <see cref="T:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.Credential"/> object.
</summary>
<returns>Newly created <see cref="T:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.Credential"/> object.</returns>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.CredentialHandle">
<summary>
Extension of a wrapper class for operating system handles.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.CredentialHandle.#ctor(System.Void*)">
<summary>
Constructor.
</summary>
<param name="cred">Credential handle to initialize.</param>
</member>
<member name="P:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.CredentialHandle.IsInvalid">
<summary>
Checks the current contained handle is valid or not.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.CredentialHandle.ReleaseHandle">
<summary>
Release contained internal resource object.
</summary>
<returns>True always.</returns>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.InitContextFlag">
<summary>
Bit flags that indicate requests for the context for InitializeSecurityContext API call.
https://learn.microsoft.com/windows/win32/api/sspi/nf-sspi-initializesecuritycontexta
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.SecStatus">
<summary>
Status code returned from SSPI functions.
https://learn.microsoft.com/windows/win32/api/sspi/nf-sspi-initializesecuritycontexta
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheReader">
<summary>
Helper class to check Kerberos Ticket in user's Ticket Cache.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheReader.#ctor(System.String,System.Int64,System.String)">
<summary>
Creates a <see cref="T:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheReader"/> object to read a Kerberos Ticket from Ticket Cache.
</summary>
<param name="spn">Service principal name of ticket to read out from Ticket Cache.</param>
<param name="logonId">The Logon ID of the user owning the ticket cache.
The default of 0 represents the currently logged in user.</param>
<param name="package">The name of the <see href="https://learn.microsoft.com/windows/win32/secauthn/lsa-authentication">Local Security Authority (LSA)</see> authentication package that will be interacted with.</param>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheReader.RequestToken">
<summary>
Read out a Kerberos Ticket.
</summary>
<returns>Byte stream of Kerberos Ticket, if exists. Null otherwise.</returns>
<remarks>
Throws <see cref="T:System.ComponentModel.Win32Exception"/> if any error occurs while interfacing with Ticket Cache.
</remarks>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheReader.Dispose(System.Boolean)">
<summary>
Clean up all data members used for interaction with Ticket Cache.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheReader.Dispose">
<summary>
Clean up all data members used for interaction with Ticket Cache.
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheWriter">
<summary>
Provides a layer to interact with the LSA functions used to create logon sessions and manipulate the ticket caches.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheWriter.Connect(System.String)">
<summary>
Create a new instance of the interop as a standard unprivileged caller.
</summary>
<param name="package">The name of the LSA authentication package that will be interacted with.</param>
<returns>Returns an instance of the <see cref="T:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheWriter"/> class.</returns>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheWriter.ImportCredential(System.Byte[],System.Int64)">
<summary>
Import a kerberos ticket containing one or more tickets into the current user ticket cache.
</summary>
<param name="ticketBytes">The ticket to import into the cache.</param>
<param name="luid">The Logon Id of the user owning the ticket cache. The default of 0 represents the currently logged on user.</param>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheWriter.LsaCallAuthenticationPackage(System.Void*,System.Int32)">
<summary>
Call Auth package to cache given Kerberos ticket.
</summary>
<param name="pBuffer">Pointer to Kerberos Ticket to cache.</param>
<param name="bufferSize">Length of Kerberos Ticket data.</param>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheWriter.Dispose(System.Boolean)">
<summary>
Dispose all interment members.
</summary>
<param name="disposing">True if Dispose() called by the user. False, otherwise.</param>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheWriter.Finalize">
<summary>
Deletes current object.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos.TicketCacheWriter.Dispose">
<inheritdoc/>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.Features.DesktopOs.StaTaskScheduler">
<summary>Provides a scheduler that uses STA threads.</summary>
</member>
<member name="F:Microsoft.Identity.Client.Platforms.Features.DesktopOs.StaTaskScheduler._threads">
<summary>The STA threads used by the scheduler.</summary>
</member>
<member name="F:Microsoft.Identity.Client.Platforms.Features.DesktopOs.StaTaskScheduler._tasks">
<summary>Stores the queued tasks to be executed by our pool of STA threads.</summary>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.StaTaskScheduler.#ctor(System.Int32)">
<summary>Initializes a new instance of the StaTaskScheduler class with the specified concurrency level.</summary>
<param name="numberOfThreads">The number of threads that should be created and used by this scheduler.</param>
</member>
<member name="P:Microsoft.Identity.Client.Platforms.Features.DesktopOs.StaTaskScheduler.MaximumConcurrencyLevel">
<summary>Gets the maximum concurrency level supported by this scheduler.</summary>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.StaTaskScheduler.Dispose">
<summary>
Cleans up the scheduler by indicating that no more tasks will be queued.
This method blocks until all threads successfully shutdown.
</summary>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.StaTaskScheduler.QueueTask(System.Threading.Tasks.Task)">
<summary>Queues a Task to be executed by this scheduler.</summary>
<param name="task">The task to be executed.</param>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.StaTaskScheduler.GetScheduledTasks">
<summary>Provides a list of the scheduled tasks for the debugger to consume.</summary>
<returns>An enumerable of all tasks currently scheduled.</returns>
</member>
<member name="M:Microsoft.Identity.Client.Platforms.Features.DesktopOs.StaTaskScheduler.TryExecuteTaskInline(System.Threading.Tasks.Task,System.Boolean)">
<summary>Determines whether a Task may be inlined.</summary>
<param name="task">The task to be executed.</param>
<param name="taskWasPreviouslyQueued">Whether the task was previously queued.</param>
<returns>true if the task was successfully inlined; otherwise, false.</returns>
</member>
<member name="P:Microsoft.Identity.Client.Platforms.Features.DesktopOs.WindowsDpiHelper.ZoomPercent">
<summary>
</summary>
</member>
<member name="T:Microsoft.Identity.Client.Platforms.Features.OpenTelemetry.OtelInstrumentation">
<summary>
Class to hold the OpenTelemetry objects used by MSAL.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Platforms.Features.OpenTelemetry.OtelInstrumentation.MeterName">
<summary>
Constant to hold the name of the Meter.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Platforms.Features.OpenTelemetry.OtelInstrumentation.Meter">
<summary>
Meter to hold the MSAL metrics.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Platforms.Features.OpenTelemetry.OtelInstrumentation.s_successCounter">
<summary>
Counter to hold the number of successful token acquisition calls.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Platforms.Features.OpenTelemetry.OtelInstrumentation.s_failureCounter">
<summary>
Counter to hold the number of failed token acquisition calls.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Platforms.Features.OpenTelemetry.OtelInstrumentation.s_durationTotal">
<summary>
Histogram to record total duration in milliseconds of token acquisition calls.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Platforms.Features.OpenTelemetry.OtelInstrumentation.s_durationInL1CacheInUs">
<summary>
Histogram to record total duration of token acquisition calls in microseconds(us) when token is fetched from L1 cache.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Platforms.Features.OpenTelemetry.OtelInstrumentation.s_durationInL2Cache">
<summary>
Histogram to record duration in L2 cache for token acquisition calls.
</summary>
</member>
<member name="F:Microsoft.Identity.Client.Platforms.Features.OpenTelemetry.OtelInstrumentation.s_durationInHttp">
<summary>
Histogram to record duration in milliseconds in http when the token is fetched from identity provider.
</summary>
</member>
</members>
</doc>
Reference in New Issue Copy Permalink