MSALPublicClientApplication Class Reference

Inherits from	NSObject
Declared in	MSALPublicClientApplication.h

`validateAuthority`

When set to YES (default), MSAL will compare the application's authority against well-known URLs
templates representing well-formed authorities. It is useful when the authority is obtained at
run time to prevent MSAL from displaying authentication prompts from malicious pages.

@property BOOL validateAuthority

Discussion

When set to YES (default), MSAL will compare the application's authority against well-known URLs
templates representing well-formed authorities. It is useful when the authority is obtained at
run time to prevent MSAL from displaying authentication prompts from malicious pages.

Declared In

MSALPublicClientApplication.h

`authority`

The authority the application will use to obtain tokens

@property (readonly) NSURL *authority

Discussion

The authority the application will use to obtain tokens

Declared In

MSALPublicClientApplication.h

`clientId`

The client ID of the application, this should come from the app developer portal.

@property (readonly) NSString *clientId

Discussion

The client ID of the application, this should come from the app developer portal.

Declared In

MSALPublicClientApplication.h

`redirectUri`

The redirect URI of the application

@property (readonly) NSURL *redirectUri

Discussion

The redirect URI of the application

Declared In

MSALPublicClientApplication.h

`sliceParameters`

Used to specify query parameters that must be passed to both the authorize and token endpoints
to target MSAL at a specific test slice & flight. These apply to all requests made by an application.

@property NSDictionary<NSString*NSString*> *sliceParameters

Discussion

Used to specify query parameters that must be passed to both the authorize and token endpoints
to target MSAL at a specific test slice & flight. These apply to all requests made by an application.

Declared In

MSALPublicClientApplication.h

`component`

Used in logging callbacks to identify what component in the application called MSAL.

@property NSString *component

Discussion

Used in logging callbacks to identify what component in the application called MSAL.

Declared In

MSALPublicClientApplication.h

`– initWithClientId:error:`

Initialize a MSALPublicClientApplication with a given clientID

- (id)initWithClientId:(NSString *)clientId error:(NSError *__autoreleasing *)error

Parameters

`clientId`	The clientID of your application, you should get this from the app portal.
`error`	The error that occurred creating the application object, if any (optional)

Discussion

Initialize a MSALPublicClientApplication with a given clientID

Declared In

MSALPublicClientApplication.h

`– initWithClientId:authority:error:`

Initialize a MSALPublicClientApplication with a given clientID and authority

- (id)initWithClientId:(NSString *)clientId authority:(NSString *)authority error:(NSError *__autoreleasing *)error

Parameters

`clientId`	The clientID of your application, you should get this from the app portal.
`authority`	A URL indicating a directory that MSAL can use to obtain tokens. In Azure AD it is of the form https://<instance/, where is the directory host (e.g. https://login.microsoftonline.com) and is a identifier within the directory itself (e.g. a domain associated to the tenant, such as contoso.onmicrosoft.com, or the GUID representing the TenantID property of the directory)
`error`	The error that occurred creating the application object, if any, if you’re not interested in the specific error pass in nil.

Discussion

Initialize a MSALPublicClientApplication with a given clientID and authority

Declared In

MSALPublicClientApplication.h

`– users:`

Returns an array of users visible to this application

- (NSArray<MSALUser*> *)users:(NSError *__autoreleasing *)error

Parameters

`error`	The error that occured trying to retrieve users, if any, if you’re not interested in the specific error pass in nil.

Discussion

Returns an array of users visible to this application

Declared In

MSALPublicClientApplication.h

`– userForIdentifier:error:`

Returns a specific user for the identifier given (received from a user object returned
in a previous acquireToken call)

- (MSALUser *)userForIdentifier:(NSString *)identifier error:(NSError *__autoreleasing *)error

Parameters

`error`	The error that occured trying to the user, if any, if you’re not interested in the specific error pass in nil.

Discussion

Returns a specific user for the identifier given (received from a user object returned
in a previous acquireToken call)

Declared In

MSALPublicClientApplication.h

`+ handleMSALResponse:`

Ask MSAL to handle a URL response.

+ (BOOL)handleMSALResponse:(NSURL *)response

Parameters

`response`	URL response from your application delegate’s openURL handler into MSAL for web authentication sessions

Return Value

YES if URL is a response to a MSAL web authentication session and handled, NO otherwise.

Discussion

Ask MSAL to handle a URL response.

Declared In

MSALPublicClientApplication.h

`+ cancelCurrentWebAuthSession`

Cancels any currently running interactive web authentication session, resulting
in the SafariViewController being dismissed and the acquireToken request ending
in a cancelation error.

+ (void)cancelCurrentWebAuthSession

Discussion

Cancels any currently running interactive web authentication session, resulting
in the SafariViewController being dismissed and the acquireToken request ending
in a cancelation error.

Declared In

MSALPublicClientApplication.h

`– acquireTokenForScopes:completionBlock:`

Acquire a token for a new user using interactive authentication

- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes completionBlock:(MSALCompletionBlock)completionBlock

Parameters

`scopes`	Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned.
`completionBlock`	The completion block that will be called when the authentication flow completes, or encounters an error.

Discussion

Acquire a token for a new user using interactive authentication

Declared In

MSALPublicClientApplication.h

`– acquireTokenForScopes:loginHint:completionBlock:`

Acquire a token for a new user using interactive authentication

- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes loginHint:(NSString *)loginHint completionBlock:(MSALCompletionBlock)completionBlock

Parameters

`scopes`	Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned.
`loginHint`	A loginHint (usually an email) to pass to the service at the beginning of the interactive authentication flow. The user returned in the completion block is not guaranteed to match the loginHint.
`completionBlock`	The completion block that will be called when the authentication flow completes, or encounters an error.

Discussion

Acquire a token for a new user using interactive authentication

Declared In

MSALPublicClientApplication.h

`– acquireTokenForScopes:loginHint:uiBehavior:extraQueryParameters:completionBlock:`

Acquire a token for a new user using interactive authentication

- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes loginHint:(NSString *)loginHint uiBehavior:(MSALUIBehavior)uiBehavior extraQueryParameters:(NSDictionary<NSString*,NSString*> *)extraQueryParameters completionBlock:(MSALCompletionBlock)completionBlock

Parameters

`scopes`	Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned.
`loginHint`	A loginHint (usually an email) to pass to the service at the beginning of the interactive authentication flow. The user returned in the completion block is not guaranteed to match the loginHint.
`uiBehavior`	A specific UI behavior for the interactive authentication flow
`extraQueryParameters`	Key-value pairs to pass to the authentication server during the interactive authentication flow.
`completionBlock`	The completion block that will be called when the authentication flow completes, or encounters an error.

Discussion

Acquire a token for a new user using interactive authentication

Declared In

MSALPublicClientApplication.h

`– acquireTokenForScopes:extraScopesToConsent:loginHint:uiBehavior:extraQueryParameters:authority:correlationId:completionBlock:`

Acquire a token for a new user using interactive authentication

- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes extraScopesToConsent:(NSArray<NSString*> *)extraScopesToConsent loginHint:(NSString *)loginHint uiBehavior:(MSALUIBehavior)uiBehavior extraQueryParameters:(NSDictionary<NSString*,NSString*> *)extraQueryParameters authority:(NSString *)authority correlationId:(NSUUID *)correlationId completionBlock:(MSALCompletionBlock)completionBlock

Parameters

`scopes`	Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned.
`extraScopesToConsent`	Permissions you want the user to consent to in the same authentication flow, but won’t be included in the returned access token
`loginHint`	A loginHint (usually an email) to pass to the service at the beginning of the interactive authentication flow. The user returned in the completion block is not guaranteed to match the loginHint.
`uiBehavior`	A UI behavior for the interactive authentication flow
`extraQueryParameters`	Key-value pairs to pass to the authentication server during the interactive authentication flow.
`authority`	A URL indicating a directory that MSAL can use to obtain tokens. Azure AD it is of the form https://<instance/, where is the directory host (e.g. https://login.microsoftonline.com) and is a identifier within the directory itself (e.g. a domain associated to the tenant, such as contoso.onmicrosoft.com, or the GUID representing the TenantID property of the directory)
`correlationId`	UUID to correlate this request with the server
`completionBlock`	The completion block that will be called when the authentication flow completes, or encounters an error.

Discussion

Acquire a token for a new user using interactive authentication

Declared In

MSALPublicClientApplication.h

`– acquireTokenForScopes:user:completionBlock:`

Acquire a token interactively for an existing user. This is typically used after receiving
a MSALErrorInteractionRequired error.

- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes user:(MSALUser *)user completionBlock:(MSALCompletionBlock)completionBlock

Parameters

`scopes`	Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned.
`user`	A user object retrieved from the application object that the interactive authentication flow will be locked down to.
`completionBlock`	The completion block that will be called when the authentication flow completes, or encounters an error.

Discussion

Acquire a token interactively for an existing user. This is typically used after receiving
a MSALErrorInteractionRequired error.

Declared In

MSALPublicClientApplication.h

`– acquireTokenForScopes:user:uiBehavior:extraQueryParameters:completionBlock:`

Acquire a token interactively for an existing user. This is typically used after receiving
a MSALErrorInteractionRequired error.

- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes user:(MSALUser *)user uiBehavior:(MSALUIBehavior)uiBehavior extraQueryParameters:(NSDictionary<NSString*,NSString*> *)extraQueryParameters completionBlock:(MSALCompletionBlock)completionBlock

Parameters

`scopes`	Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned.
`user`	A user object retrieved from the application object that the interactive authentication flow will be locked down to.
`uiBehavior`	A UI behavior for the interactive authentication flow
`extraQueryParameters`	Key-value pairs to pass to the authentication server during the interactive authentication flow.
`completionBlock`	The completion block that will be called when the authentication flow completes, or encounters an error.

Discussion

Acquire a token interactively for an existing user. This is typically used after receiving
a MSALErrorInteractionRequired error.

Declared In

MSALPublicClientApplication.h

`– acquireTokenForScopes:extraScopesToConsent:user:uiBehavior:extraQueryParameters:authority:correlationId:completionBlock:`

Acquire a token interactively for an existing user. This is typically used after receiving
a MSALErrorInteractionRequired error.

- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes extraScopesToConsent:(NSArray<NSString*> *)extraScopesToConsent user:(MSALUser *)user uiBehavior:(MSALUIBehavior)uiBehavior extraQueryParameters:(NSDictionary<NSString*,NSString*> *)extraQueryParameters authority:(NSString *)authority correlationId:(NSUUID *)correlationId completionBlock:(MSALCompletionBlock)completionBlock

Parameters

`scopes`	Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned.
`extraScopesToConsent`	Permissions you want the user to consent to in the same authentication flow, but won’t be included in the returned access token
`user`	A user object retrieved from the application object that the interactive authentication flow will be locked down to.
`uiBehavior`	A UI behavior for the interactive authentication flow
`extraQueryParameters`	Key-value pairs to pass to the authentication server during the interactive authentication flow.
`authority`	A URL indicating a directory that MSAL can use to obtain tokens. Azure AD it is of the form https://<instance/, where is the directory host (e.g. https://login.microsoftonline.com) and is a identifier within the directory itself (e.g. a domain associated to the tenant, such as contoso.onmicrosoft.com, or the GUID representing the TenantID property of the directory)
`correlationId`	UUID to correlate this request with the server
`completionBlock`	The completion block that will be called when the authentication flow completes, or encounters an error.

Discussion

Acquire a token interactively for an existing user. This is typically used after receiving
a MSALErrorInteractionRequired error.

Declared In

MSALPublicClientApplication.h

`– acquireTokenSilentForScopes:user:completionBlock:`

Acquire a token silently for an existing user.

- (void)acquireTokenSilentForScopes:(NSArray<NSString*> *)scopes user:(MSALUser *)user completionBlock:(MSALCompletionBlock)completionBlock

Parameters

`scopes`	Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned.
`user`	A user object retrieved from the application object that the interactive authentication flow will be locked down to.
`completionBlock`	The completion block that will be called when the authentication flow completes, or encounters an error.

Discussion

Acquire a token silently for an existing user.

Declared In

MSALPublicClientApplication.h

`– acquireTokenSilentForScopes:user:authority:completionBlock:`

Acquire a token silently for an existing user.

- (void)acquireTokenSilentForScopes:(NSArray<NSString*> *)scopes user:(MSALUser *)user authority:(NSString *)authority completionBlock:(MSALCompletionBlock)completionBlock

Parameters

`scopes`	Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned.
`user`	A user object retrieved from the application object that the interactive authentication flow will be locked down to.
`authority`	A URL indicating a directory that MSAL can use to obtain tokens. Azure AD it is of the form https://<instance/, where is the directory host (e.g. https://login.microsoftonline.com) and is a identifier within the directory itself (e.g. a domain associated to the tenant, such as contoso.onmicrosoft.com, or the GUID representing the TenantID property of the directory)
`completionBlock`	The completion block that will be called when the authentication flow completes, or encounters an error.

Discussion

Acquire a token silently for an existing user.

Declared In

MSALPublicClientApplication.h

`– acquireTokenSilentForScopes:user:authority:forceRefresh:correlationId:completionBlock:`

Acquire a token silently for an existing user.

- (void)acquireTokenSilentForScopes:(NSArray<NSString*> *)scopes user:(MSALUser *)user authority:(NSString *)authority forceRefresh:(BOOL)forceRefresh correlationId:(NSUUID *)correlationId completionBlock:(MSALCompletionBlock)completionBlock

Parameters

`scopes`	Scopes to request from the server, the scopes that come back can differ from the ones in the original call
`user`	A user object retrieved from the application object that the interactive authentication flow will be locked down to.
`authority`	A URL indicating a directory that MSAL can use to obtain tokens. Azure AD it is of the form https://<instance/, where is the directory host (e.g. https://login.microsoftonline.com) and is a identifier within the directory itself (e.g. a domain associated to the tenant, such as contoso.onmicrosoft.com, or the GUID representing the TenantID property of the directory)
`forceRefresh`	Ignore any existing access token in the cache and force MSAL to get a new access token from the service.
`correlationId`	UUID to correlate this request with the server
`completionBlock`	The completion block that will be called when the authentication flow completes, or encounters an error.

Discussion

Acquire a token silently for an existing user.

Declared In

MSALPublicClientApplication.h

`– removeUser:error:`

Removes all tokens from the cache for this application for the provided user

- (BOOL)removeUser:(MSALUser *)user error:(NSError *__autoreleasing *)error

Parameters

`user`	The user to remove from the cache

Discussion

Removes all tokens from the cache for this application for the provided user

Declared In

MSALPublicClientApplication.h