Object for the MSAL PublicClientApplication instance
Optional controller: IControllerThis function redeems an authorization code (passed as code) from the eSTS token endpoint. This authorization code should be acquired server-side using a confidential client to acquire a spa_code. This API is not indended for normal authorization code acquisition and redemption.
Redemption of this authorization code will not require PKCE, as it was acquired by a confidential client.
A promise that is fulfilled when this function has completed, or rejected if an error was raised.
Use when you want to obtain an access_token for your API via opening a popup window in the user's browser
A promise that is fulfilled when this function has completed, or rejected if an error was raised.
Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute.
IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function.
Silently acquire an access token for a given set of scopes. Returns currently processing promise if parallel requests are made.
Adds event callbacks to array
Registers a callback to receive performance events.
Clears tokens and account from the browser cache.
Optional logoutRequest: ClearCacheRequestReturns the signed in account matching homeAccountId. (the account object is created at the time of successful login) or null when no matching account is found
The account object stored in MSAL
Returns the signed in account matching localAccountId. (the account object is created at the time of successful login) or null when no matching account is found
The account object stored in MSAL
Returns the signed in account matching username. (the account object is created at the time of successful login) or null when no matching account is found. This API is provided for convenience but getAccountById should be used for best reliability
The account object stored in MSAL
Gets the currently active account
Returns all accounts that MSAL currently has data for. (the account object is created at the time of successful login) or empty array when no accounts are found
Array of account objects in cache
Gets the token cache for the application.
Event handler function which allows users to fire events after the PublicClientApplication object has loaded during redirect flows. This should be invoked on all page loads involved in redirect auth flows.
Optional hash: stringHash to process. Defaults to the current value of window.location.hash. Only needs to be provided explicitly if the response to be handled is not contained in the current value.
Token response or null. If the return value is null, then no auth redirect was detected.
Hydrates cache with the tokens and account in the AuthenticationResult object
The request object that was used to obtain the AuthenticationResult
Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc.
Use when initiating the login process via opening a popup window in the user's browser
Optional request: PopupRequestA promise that is fulfilled when this function has completed, or rejected if an error was raised.
Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute.
IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function.
Optional request: RedirectRequestDeprecated logout function. Use logoutRedirect or logoutPopup instead
Optional logoutRequest: EndSessionRequestClears local cache for the current user then opens a popup window prompting the user to sign-out of the server
Optional logoutRequest: EndSessionRequestUse to log out the current user, and redirect the user to the postLogoutRedirectUri.
Default behaviour is to redirect the user to window.location.href.
Optional logoutRequest: EndSessionRequestSets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account.
Replaces the default logger set in configurations with new Logger with new configurations
Logger instance
Sets navigation client
This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work:
In these cases, the request must be done inside a popup or full frame redirect.
For the cases where interaction is required, you cannot send a request with prompt=none.
If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as you session on the server still exists.
A promise that is fulfilled when this function has completed, or rejected if an error was raised.
Static createGenerated using TypeDoc
The PublicClientApplication class is the object exposed by the library to perform authentication and authorization functions in Single Page Applications to obtain JWT tokens as described in the OAuth 2.0 Authorization Code Flow with PKCE specification.