MSALPublicClientApplication Class Reference
Inherits from | NSObject |
---|---|
Declared in | MSALPublicClientApplication.h |
validateAuthority
When set to YES (default), MSAL will compare the application's authority against well-known URLs
templates representing well-formed authorities. It is useful when the authority is obtained at
run time to prevent MSAL from displaying authentication prompts from malicious pages.
@property BOOL validateAuthority
Discussion
When set to YES (default), MSAL will compare the application's authority against well-known URLs
templates representing well-formed authorities. It is useful when the authority is obtained at
run time to prevent MSAL from displaying authentication prompts from malicious pages.
Declared In
MSALPublicClientApplication.h
authority
The authority the application will use to obtain tokens
@property (readonly) NSURL *authority
Discussion
The authority the application will use to obtain tokens
Declared In
MSALPublicClientApplication.h
clientId
The client ID of the application, this should come from the app developer portal.
@property (readonly) NSString *clientId
Discussion
The client ID of the application, this should come from the app developer portal.
Declared In
MSALPublicClientApplication.h
redirectUri
The redirect URI of the application
@property (readonly) NSURL *redirectUri
Discussion
The redirect URI of the application
Declared In
MSALPublicClientApplication.h
sliceParameters
Used to specify query parameters that must be passed to both the authorize and token endpoints
to target MSAL at a specific test slice & flight. These apply to all requests made by an application.
@property NSDictionary<NSString*NSString*> *sliceParameters
Discussion
Used to specify query parameters that must be passed to both the authorize and token endpoints
to target MSAL at a specific test slice & flight. These apply to all requests made by an application.
Declared In
MSALPublicClientApplication.h
component
Used in logging callbacks to identify what component in the application called MSAL.
@property NSString *component
Discussion
Used in logging callbacks to identify what component in the application called MSAL.
Declared In
MSALPublicClientApplication.h
– initWithClientId:error:
Initialize a MSALPublicClientApplication with a given clientID
- (id)initWithClientId:(NSString *)clientId error:(NSError *__autoreleasing *)error
Parameters
clientId |
The clientID of your application, you should get this from the app portal. |
---|---|
error |
The error that occurred creating the application object, if any (optional) |
Discussion
Initialize a MSALPublicClientApplication with a given clientID
Declared In
MSALPublicClientApplication.h
– initWithClientId:authority:error:
Initialize a MSALPublicClientApplication with a given clientID and authority
- (id)initWithClientId:(NSString *)clientId authority:(NSString *)authority error:(NSError *__autoreleasing *)error
Parameters
clientId |
The clientID of your application, you should get this from the app portal. |
---|---|
authority |
A URL indicating a directory that MSAL can use to obtain tokens. In Azure AD
it is of the form https://<instance/ |
error |
The error that occurred creating the application object, if any, if you’re not interested in the specific error pass in nil. |
Discussion
Initialize a MSALPublicClientApplication with a given clientID and authority
Declared In
MSALPublicClientApplication.h
– users:
Returns an array of users visible to this application
- (NSArray<MSALUser*> *)users:(NSError *__autoreleasing *)error
Parameters
error |
The error that occured trying to retrieve users, if any, if you’re not interested in the specific error pass in nil. |
---|
Discussion
Returns an array of users visible to this application
Declared In
MSALPublicClientApplication.h
– userForIdentifier:error:
Returns a specific user for the identifier given (received from a user object returned
in a previous acquireToken call)
- (MSALUser *)userForIdentifier:(NSString *)identifier error:(NSError *__autoreleasing *)error
Parameters
error |
The error that occured trying to the user, if any, if you’re not interested in the specific error pass in nil. |
---|
Discussion
Returns a specific user for the identifier given (received from a user object returned
in a previous acquireToken call)
Declared In
MSALPublicClientApplication.h
+ handleMSALResponse:
Ask MSAL to handle a URL response.
+ (BOOL)handleMSALResponse:(NSURL *)response
Parameters
response |
URL response from your application delegate’s openURL handler into MSAL for web authentication sessions |
---|
Return Value
YES if URL is a response to a MSAL web authentication session and handled, NO otherwise.
Discussion
Ask MSAL to handle a URL response.
Declared In
MSALPublicClientApplication.h
+ cancelCurrentWebAuthSession
Cancels any currently running interactive web authentication session, resulting
in the SafariViewController being dismissed and the acquireToken request ending
in a cancelation error.
+ (void)cancelCurrentWebAuthSession
Discussion
Cancels any currently running interactive web authentication session, resulting
in the SafariViewController being dismissed and the acquireToken request ending
in a cancelation error.
Declared In
MSALPublicClientApplication.h
– acquireTokenForScopes:completionBlock:
Acquire a token for a new user using interactive authentication
- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes completionBlock:(MSALCompletionBlock)completionBlock
Parameters
scopes |
Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned. |
---|---|
completionBlock |
The completion block that will be called when the authentication flow completes, or encounters an error. |
Discussion
Acquire a token for a new user using interactive authentication
Declared In
MSALPublicClientApplication.h
– acquireTokenForScopes:loginHint:completionBlock:
Acquire a token for a new user using interactive authentication
- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes loginHint:(NSString *)loginHint completionBlock:(MSALCompletionBlock)completionBlock
Parameters
scopes |
Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned. |
---|---|
loginHint |
A loginHint (usually an email) to pass to the service at the beginning of the interactive authentication flow. The user returned in the completion block is not guaranteed to match the loginHint. |
completionBlock |
The completion block that will be called when the authentication flow completes, or encounters an error. |
Discussion
Acquire a token for a new user using interactive authentication
Declared In
MSALPublicClientApplication.h
– acquireTokenForScopes:loginHint:uiBehavior:extraQueryParameters:completionBlock:
Acquire a token for a new user using interactive authentication
- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes loginHint:(NSString *)loginHint uiBehavior:(MSALUIBehavior)uiBehavior extraQueryParameters:(NSDictionary<NSString*,NSString*> *)extraQueryParameters completionBlock:(MSALCompletionBlock)completionBlock
Parameters
scopes |
Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned. |
---|---|
loginHint |
A loginHint (usually an email) to pass to the service at the beginning of the interactive authentication flow. The user returned in the completion block is not guaranteed to match the loginHint. |
uiBehavior |
A specific UI behavior for the interactive authentication flow |
extraQueryParameters |
Key-value pairs to pass to the authentication server during the interactive authentication flow. |
completionBlock |
The completion block that will be called when the authentication flow completes, or encounters an error. |
Discussion
Acquire a token for a new user using interactive authentication
Declared In
MSALPublicClientApplication.h
– acquireTokenForScopes:extraScopesToConsent:loginHint:uiBehavior:extraQueryParameters:authority:correlationId:completionBlock:
Acquire a token for a new user using interactive authentication
- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes extraScopesToConsent:(NSArray<NSString*> *)extraScopesToConsent loginHint:(NSString *)loginHint uiBehavior:(MSALUIBehavior)uiBehavior extraQueryParameters:(NSDictionary<NSString*,NSString*> *)extraQueryParameters authority:(NSString *)authority correlationId:(NSUUID *)correlationId completionBlock:(MSALCompletionBlock)completionBlock
Parameters
scopes |
Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned. |
---|---|
extraScopesToConsent |
Permissions you want the user to consent to in the same authentication flow, but won’t be included in the returned access token |
loginHint |
A loginHint (usually an email) to pass to the service at the beginning of the interactive authentication flow. The user returned in the completion block is not guaranteed to match the loginHint. |
uiBehavior |
A UI behavior for the interactive authentication flow |
extraQueryParameters |
Key-value pairs to pass to the authentication server during the interactive authentication flow. |
authority |
A URL indicating a directory that MSAL can use to obtain tokens. Azure AD
it is of the form https://<instance/ |
correlationId |
UUID to correlate this request with the server |
completionBlock |
The completion block that will be called when the authentication flow completes, or encounters an error. |
Discussion
Acquire a token for a new user using interactive authentication
Declared In
MSALPublicClientApplication.h
– acquireTokenForScopes:user:completionBlock:
Acquire a token interactively for an existing user. This is typically used after receiving
a MSALErrorInteractionRequired error.
- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes user:(MSALUser *)user completionBlock:(MSALCompletionBlock)completionBlock
Parameters
scopes |
Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned. |
---|---|
user |
A user object retrieved from the application object that the interactive authentication flow will be locked down to. |
completionBlock |
The completion block that will be called when the authentication flow completes, or encounters an error. |
Discussion
Acquire a token interactively for an existing user. This is typically used after receiving
a MSALErrorInteractionRequired error.
Declared In
MSALPublicClientApplication.h
– acquireTokenForScopes:user:uiBehavior:extraQueryParameters:completionBlock:
Acquire a token interactively for an existing user. This is typically used after receiving
a MSALErrorInteractionRequired error.
- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes user:(MSALUser *)user uiBehavior:(MSALUIBehavior)uiBehavior extraQueryParameters:(NSDictionary<NSString*,NSString*> *)extraQueryParameters completionBlock:(MSALCompletionBlock)completionBlock
Parameters
scopes |
Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned. |
---|---|
user |
A user object retrieved from the application object that the interactive authentication flow will be locked down to. |
uiBehavior |
A UI behavior for the interactive authentication flow |
extraQueryParameters |
Key-value pairs to pass to the authentication server during the interactive authentication flow. |
completionBlock |
The completion block that will be called when the authentication flow completes, or encounters an error. |
Discussion
Acquire a token interactively for an existing user. This is typically used after receiving
a MSALErrorInteractionRequired error.
Declared In
MSALPublicClientApplication.h
– acquireTokenForScopes:extraScopesToConsent:user:uiBehavior:extraQueryParameters:authority:correlationId:completionBlock:
Acquire a token interactively for an existing user. This is typically used after receiving
a MSALErrorInteractionRequired error.
- (void)acquireTokenForScopes:(NSArray<NSString*> *)scopes extraScopesToConsent:(NSArray<NSString*> *)extraScopesToConsent user:(MSALUser *)user uiBehavior:(MSALUIBehavior)uiBehavior extraQueryParameters:(NSDictionary<NSString*,NSString*> *)extraQueryParameters authority:(NSString *)authority correlationId:(NSUUID *)correlationId completionBlock:(MSALCompletionBlock)completionBlock
Parameters
scopes |
Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned. |
---|---|
extraScopesToConsent |
Permissions you want the user to consent to in the same authentication flow, but won’t be included in the returned access token |
user |
A user object retrieved from the application object that the interactive authentication flow will be locked down to. |
uiBehavior |
A UI behavior for the interactive authentication flow |
extraQueryParameters |
Key-value pairs to pass to the authentication server during the interactive authentication flow. |
authority |
A URL indicating a directory that MSAL can use to obtain tokens.
Azure AD it is of the form https://<instance/ |
correlationId |
UUID to correlate this request with the server |
completionBlock |
The completion block that will be called when the authentication flow completes, or encounters an error. |
Discussion
Acquire a token interactively for an existing user. This is typically used after receiving
a MSALErrorInteractionRequired error.
Declared In
MSALPublicClientApplication.h
– acquireTokenSilentForScopes:user:completionBlock:
Acquire a token silently for an existing user.
- (void)acquireTokenSilentForScopes:(NSArray<NSString*> *)scopes user:(MSALUser *)user completionBlock:(MSALCompletionBlock)completionBlock
Parameters
scopes |
Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned. |
---|---|
user |
A user object retrieved from the application object that the interactive authentication flow will be locked down to. |
completionBlock |
The completion block that will be called when the authentication flow completes, or encounters an error. |
Discussion
Acquire a token silently for an existing user.
Declared In
MSALPublicClientApplication.h
– acquireTokenSilentForScopes:user:authority:completionBlock:
Acquire a token silently for an existing user.
- (void)acquireTokenSilentForScopes:(NSArray<NSString*> *)scopes user:(MSALUser *)user authority:(NSString *)authority completionBlock:(MSALCompletionBlock)completionBlock
Parameters
scopes |
Permissions you want included in the access token received in the result in the completionBlock. Not all scopes are gauranteed to be included in the access token returned. |
---|---|
user |
A user object retrieved from the application object that the interactive authentication flow will be locked down to. |
authority |
A URL indicating a directory that MSAL can use to obtain tokens.
Azure AD it is of the form https://<instance/ |
completionBlock |
The completion block that will be called when the authentication flow completes, or encounters an error. |
Discussion
Acquire a token silently for an existing user.
Declared In
MSALPublicClientApplication.h
– acquireTokenSilentForScopes:user:authority:forceRefresh:correlationId:completionBlock:
Acquire a token silently for an existing user.
- (void)acquireTokenSilentForScopes:(NSArray<NSString*> *)scopes user:(MSALUser *)user authority:(NSString *)authority forceRefresh:(BOOL)forceRefresh correlationId:(NSUUID *)correlationId completionBlock:(MSALCompletionBlock)completionBlock
Parameters
scopes |
Scopes to request from the server, the scopes that come back can differ from the ones in the original call |
---|---|
user |
A user object retrieved from the application object that the interactive authentication flow will be locked down to. |
authority |
A URL indicating a directory that MSAL can use to obtain tokens.
Azure AD it is of the form https://<instance/ |
forceRefresh |
Ignore any existing access token in the cache and force MSAL to get a new access token from the service. |
correlationId |
UUID to correlate this request with the server |
completionBlock |
The completion block that will be called when the authentication flow completes, or encounters an error. |
Discussion
Acquire a token silently for an existing user.
Declared In
MSALPublicClientApplication.h
– removeUser:error:
Removes all tokens from the cache for this application for the provided user
- (BOOL)removeUser:(MSALUser *)user error:(NSError *__autoreleasing *)error
Parameters
user |
The user to remove from the cache |
---|
Discussion
Removes all tokens from the cache for this application for the provided user
Declared In
MSALPublicClientApplication.h