Options
All
  • Public
  • Public/Protected
  • All
Menu

Index

References

AccountEntity

Re-exports AccountEntity

AccountInfo

Re-exports AccountInfo

AuthError

Re-exports AuthError

AuthErrorMessage

Re-exports AuthErrorMessage

AuthenticationResult

Re-exports AuthenticationResult

AuthenticationScheme

Re-exports AuthenticationScheme

ClientAuthError

Re-exports ClientAuthError

ClientAuthErrorMessage

Re-exports ClientAuthErrorMessage

ClientConfigurationError

Re-exports ClientConfigurationError

ClientConfigurationErrorMessage

Re-exports ClientConfigurationErrorMessage

ExternalTokenResponse

Re-exports ExternalTokenResponse

ILoggerCallback

Re-exports ILoggerCallback

INetworkModule

Re-exports INetworkModule

InteractionRequiredAuthError

Re-exports InteractionRequiredAuthError

InteractionRequiredAuthErrorMessage

Re-exports InteractionRequiredAuthErrorMessage

LogLevel

Re-exports LogLevel

Logger

Re-exports Logger

NetworkRequestOptions

Re-exports NetworkRequestOptions

NetworkResponse

Re-exports NetworkResponse

ProtocolMode

Re-exports ProtocolMode

ServerError

Re-exports ServerError

UrlString

Re-exports UrlString

Type aliases

AuthorizationUrlRequest

AuthorizationUrlRequest: Omit<CommonAuthorizationUrlRequest, "state" | "nonce"> & { nonce: string; state: string }

This type is deprecated and will be removed on the next major version update

BrowserAuthOptions

BrowserAuthOptions: { authority?: string; authorityMetadata?: string; clientCapabilities?: string[]; clientId: string; cloudDiscoveryMetadata?: string; knownAuthorities?: string[]; navigateToLoginRequestUrl?: boolean; postLogoutRedirectUri?: string | null; protocolMode?: ProtocolMode; redirectUri?: string }

Use this to configure the auth options in the Configuration object

  • clientId - Client ID of your app registered with our Application registration portal : https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredAppsPreview in Microsoft Identity Platform
  • authority - You can configure a specific authority, defaults to " " or "https://login.microsoftonline.com/common"
  • knownAuthorities - An array of URIs that are known to be valid. Used in B2C scenarios.
  • cloudDiscoveryMetadata - A string containing the cloud discovery response. Used in AAD scenarios.
  • redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.
  • postLogoutRedirectUri - The redirect URI where the window navigates after a successful logout.
  • navigateToLoginRequestUrl - Boolean indicating whether to navigate to the original request URL after the auth server navigates to the redirect URL.
  • clientCapabilities - Array of capabilities which will be added to the claims.access_token.xms_cc request property on every network request.
  • protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.

Type declaration

  • Optional authority?: string
  • Optional authorityMetadata?: string
  • Optional clientCapabilities?: string[]
  • clientId: string
  • Optional cloudDiscoveryMetadata?: string
  • Optional knownAuthorities?: string[]
  • Optional navigateToLoginRequestUrl?: boolean
  • Optional postLogoutRedirectUri?: string | null
  • Optional protocolMode?: ProtocolMode
  • Optional redirectUri?: string

BrowserSystemOptions

BrowserSystemOptions: SystemOptions & { allowRedirectInIframe?: boolean; asyncPopups?: boolean; iframeHashTimeout?: number; loadFrameTimeout?: number; loggerOptions?: LoggerOptions; navigateFrameWait?: number; navigationClient?: INavigationClient; networkClient?: INetworkModule; redirectNavigationTimeout?: number; windowHashTimeout?: number }

Library Specific Options

  • tokenRenewalOffsetSeconds - Sets the window of offset needed to renew the token before expiry
  • loggerOptions - Used to initialize the Logger object (See ClientConfiguration.ts)
  • networkClient - Network interface implementation
  • windowHashTimeout - Sets the timeout for waiting for a response hash in a popup. Will take precedence over loadFrameTimeout if both are set.
  • iframeHashTimeout - Sets the timeout for waiting for a response hash in an iframe. Will take precedence over loadFrameTimeout if both are set.
  • loadFrameTimeout - Sets the timeout for waiting for a response hash in an iframe or popup
  • navigateFrameWait - Maximum time the library should wait for a frame to load
  • redirectNavigationTimeout - Time to wait for redirection to occur before resolving promise
  • asyncPopups - Sets whether popups are opened asynchronously. By default, this flag is set to false. When set to false, blank popups are opened before anything else happens. When set to true, popups are opened when making the network request.
  • allowRedirectInIframe - Flag to enable redirect opertaions when the app is rendered in an iframe (to support scenarios such as embedded B2C login).

CacheOptions

CacheOptions: { cacheLocation?: BrowserCacheLocation | string; secureCookies?: boolean; storeAuthStateInCookie?: boolean }

Use this to configure the below cache configuration options:

  • cacheLocation - Used to specify the cacheLocation user wants to set. Valid values are "localStorage" and "sessionStorage"
  • storeAuthStateInCookie - If set, MSAL stores the auth request state required for validation of the auth flows in the browser cookies. By default this flag is set to false.
  • secureCookies - If set, MSAL sets the "Secure" flag on cookies so they can only be sent over HTTPS. By default this flag is set to false.

Type declaration

  • Optional cacheLocation?: BrowserCacheLocation | string
  • Optional secureCookies?: boolean
  • Optional storeAuthStateInCookie?: boolean

Configuration

Configuration: { auth: BrowserAuthOptions; cache?: CacheOptions; system?: BrowserSystemOptions }

Use the configuration object to configure MSAL and initialize the UserAgentApplication.

This object allows you to configure important elements of MSAL functionality:

  • auth: this is where you configure auth elements like clientID, authority used for authenticating against the Microsoft Identity Platform
  • cache: this is where you configure cache location and whether to store cache in cookies
  • system: this is where you can configure the network client, logger, token renewal offset

Type declaration

EndSessionPopupRequest

EndSessionPopupRequest: Partial<CommonEndSessionRequest> & { authority?: string; mainWindowRedirectUri?: string; popupWindowAttributes?: PopupWindowAttributes }

EndSessionPopupRequest

  • account - Account object that will be logged out of. All tokens tied to this account will be cleared.
  • postLogoutRedirectUri - URI to navigate to after logout page inside the popup. Required to ensure popup can be closed.
  • authority - Authority to send logout request to.
  • correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
  • idTokenHint - ID Token used by B2C to validate logout if required by the policy
  • mainWindowRedirectUri - URI to navigate the main window to after logout is complete
  • popupWindowAttributes - Optional popup window attributes. popupSize with height and width, and popupPosition with top and left can be set.

EndSessionRequest

EndSessionRequest: Partial<CommonEndSessionRequest> & { authority?: string; onRedirectNavigate?: (url: string) => boolean | void }

EndSessionRequest

  • account - Account object that will be logged out of. All tokens tied to this account will be cleared.
  • postLogoutRedirectUri - URI to navigate to after logout page.
  • authority - Authority to send logout request to.
  • correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
  • idTokenHint - ID Token used by B2C to validate logout if required by the policy
  • onRedirectNavigate - Callback that will be passed the url that MSAL will navigate to. Returning false in the callback will stop navigation.

EventCallbackFunction

EventCallbackFunction: (message: EventMessage) => void

Type declaration

EventError

EventError: AuthError | Error | null

EventMessage

EventMessage: { error: EventError; eventType: EventType; interactionType: InteractionType | null; payload: EventPayload; timestamp: number }

Type declaration

EventPayload

LoadTokenOptions

LoadTokenOptions: { clientInfo?: string; extendedExpiresOn?: number }

Type declaration

  • Optional clientInfo?: string
  • Optional extendedExpiresOn?: number

NavigationOptions

NavigationOptions: { apiId: ApiId; noHistory: boolean; timeout: number }

Additional information passed to the navigateInternal and navigateExternal functions

Type declaration

  • apiId: ApiId

    The Id of the API that initiated navigation

  • noHistory: boolean

    When set to true the url should not be added to the browser history

  • timeout: number

    Suggested timeout (ms) based on the configuration provided to PublicClientApplication

PopupEvent

PopupEvent: { popupWindow: Window }

Type declaration

  • popupWindow: Window

PopupRequest

PopupRequest: Partial<Omit<CommonAuthorizationUrlRequest, "responseMode" | "scopes" | "codeChallenge" | "codeChallengeMethod">> & { popupWindowAttributes?: PopupWindowAttributes; scopes: string[] }

PopupRequest: Request object passed by user to retrieve a Code from the server (first leg of authorization code grant flow) with a popup window.

  • scopes - Array of scopes the application is requesting access to.
  • authority - Url of the authority which the application acquires tokens from.
  • correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
  • redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.
  • extraScopesToConsent - Scopes for a different resource when the user needs consent upfront.
  • state - A value included in the request that is also returned in the token response. A randomly generated unique value is typically used for preventing cross site request forgery attacks. The state is also used to encode information about the user's state in the app before the authentication request occurred.
  • prompt - Indicates the type of user interaction that is required.
       login: will force the user to enter their credentials on that request, negating single-sign on
       none:  will ensure that the user isn't presented with any interactive prompt. if request can't be completed via single-sign on, the endpoint will return an interaction_required error
       consent: will the trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app
       select_account: will interrupt single sign-=on providing account selection experience listing all the accounts in session or any remembered accounts or an option to choose to use a different account
       create: will direct the user to the account creation experience instead of the log in experience
    
  • loginHint - Can be used to pre-fill the username/email address field of the sign-in page for the user, if you know the username/email address ahead of time. Often apps use this parameter during re-authentication, having already extracted the username from a previous sign-in using the preferred_username claim.
  • sid - Session ID, unique identifier for the session. Available as an optional claim on ID tokens.
  • domainHint - Provides a hint about the tenant or domain that the user should use to sign in. The value of the domain hint is a registered domain for the tenant.
  • extraQueryParameters - String to string map of custom query parameters added to the /authorize call
  • tokenQueryParameters - String to string map of custom query parameters added to the /token call
  • claims - In cases where Azure AD tenant admin has enabled conditional access policies, and the policy has not been met, exceptions will contain claims that need to be consented to.
  • nonce - A value included in the request that is returned in the id token. A randomly generated unique value is typically used to mitigate replay attacks.
  • popupWindowAttributes - Optional popup window attributes. popupSize with height and width, and popupPosition with top and left can be set.

RedirectRequest

RedirectRequest: Partial<Omit<CommonAuthorizationUrlRequest, "responseMode" | "scopes" | "codeChallenge" | "codeChallengeMethod">> & { onRedirectNavigate?: (url: string) => boolean | void; redirectStartPage?: string; scopes: string[] }

RedirectRequest: Request object passed by user to retrieve a Code from the server (first leg of authorization code grant flow) with a full page redirect.

  • scopes - Array of scopes the application is requesting access to.
  • authority - Url of the authority which the application acquires tokens from.
  • correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
  • redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.
  • extraScopesToConsent - Scopes for a different resource when the user needs consent upfront.
  • state - A value included in the request that is also returned in the token response. A randomly generated unique value is typically used for preventing cross site request forgery attacks. The state is also used to encode information about the user's state in the app before the authentication request occurred.
  • prompt - Indicates the type of user interaction that is required.
       login: will force the user to enter their credentials on that request, negating single-sign on
       none:  will ensure that the user isn't presented with any interactive prompt. if request can't be completed via single-sign on, the endpoint will return an interaction_required error
       consent: will the trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app
       select_account: will interrupt single sign-=on providing account selection experience listing all the accounts in session or any remembered accounts or an option to choose to use a different account
       create: will direct the user to the account creation experience instead of the log in experience
    
  • loginHint - Can be used to pre-fill the username/email address field of the sign-in page for the user, if you know the username/email address ahead of time. Often apps use this parameter during re-authentication, having already extracted the username from a previous sign-in using the preferred_username claim.
  • sid - Session ID, unique identifier for the session. Available as an optional claim on ID tokens.
  • domainHint - Provides a hint about the tenant or domain that the user should use to sign in. The value of the domain hint is a registered domain for the tenant.
  • extraQueryParameters - String to string map of custom query parameters added to the /authorize call
  • tokenQueryParameters - String to string map of custom query parameters added to the /token call
  • claims - In cases where Azure AD tenant admin has enabled conditional access policies, and the policy has not been met, exceptions will contain claims that need to be consented to.
  • nonce - A value included in the request that is returned in the id token. A randomly generated unique value is typically used to mitigate replay attacks.
  • redirectStartPage - The page that should be returned to after loginRedirect or acquireTokenRedirect. This should only be used if this is different from the redirectUri and will default to the page that initiates the request. When the navigateToLoginRequestUrl config option is set to false this parameter will be ignored.
  • onRedirectNavigate - Callback that will be passed the url that MSAL will navigate to. Returning false in the callback will stop navigation.

SilentRequest

SilentRequest: Omit<CommonSilentFlowRequest, "authority" | "correlationId" | "forceRefresh" | "account"> & { account?: AccountInfo; authority?: string; correlationId?: string; extraQueryParameters?: StringDict; forceRefresh?: boolean; redirectUri?: string }

SilentRequest: Request object passed by user to retrieve tokens from the cache, renew an expired token with a refresh token, or retrieve a code (first leg of authorization code grant flow) in a hidden iframe.

  • scopes - Array of scopes the application is requesting access to.
  • authority - Url of the authority which the application acquires tokens from.
  • correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
  • account - Account entity to lookup the credentials.
  • forceRefresh - Forces silent requests to make network calls if true.
  • extraQueryParameters - String to string map of custom query parameters added to the /authorize call. Only used when renewing the refresh token.
  • tokenQueryParameters - String to string map of custom query parameters added to the /token call. Only used when renewing access tokens.
  • redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal. Only used for cases where refresh token is expired.

SsoSilentRequest

SsoSilentRequest: Partial<Omit<CommonAuthorizationUrlRequest, "responseMode" | "codeChallenge" | "codeChallengeMethod">>

Request object passed by user to ssoSilent to retrieve a Code from the server (first leg of authorization code grant flow)

  • scopes - Array of scopes the application is requesting access to (optional for ssoSilent calls)
  • claims - A stringified claims request which will be added to all /authorize and /token calls
  • authority - Url of the authority which the application acquires tokens from.
  • correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
  • redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.
  • extraScopesToConsent - Scopes for a different resource when the user needs consent upfront.
  • state - A value included in the request that is also returned in the token response. A randomly generated unique value is typically used for preventing cross site request forgery attacks. The state is also used to encode information about the user's state in the app before the authentication request occurred.
  • prompt - Indicates the type of user interaction that is required.
       login: will force the user to enter their credentials on that request, negating single-sign on
       none:  will ensure that the user isn't presented with any interactive prompt. if request can't be completed via single-sign on, the endpoint will return an interaction_required error
       consent: will the trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app
       select_account: will interrupt single sign-=on providing account selection experience listing all the accounts in session or any remembered accounts or an option to choose to use a different account
       create: will direct the user to the account creation experience instead of the log in experience
    
  • loginHint - Can be used to pre-fill the username/email address field of the sign-in page for the user, if you know the username/email address ahead of time. Often apps use this parameter during re-authentication, having already extracted the username from a previous sign-in using the preferred_username claim.
  • sid - Session ID, unique identifier for the session. Available as an optional claim on ID tokens.
  • domainHint - Provides a hint about the tenant or domain that the user should use to sign in. The value of the domain hint is a registered domain for the tenant.
  • extraQueryParameters - String to string map of custom query parameters added to the /authorize call
  • tokenQueryParameters - String to string map of custom query parameters added to the /token call
  • nonce - A value included in the request that is returned in the id token. A randomly generated unique value is typically used to mitigate replay attacks.

Variables

Const BrowserAuthErrorMessage

BrowserAuthErrorMessage: { authRequestNotSet: { code: string; desc: string }; blockAcquireTokenInPopupsError: { code: string; desc: string }; blockTokenRequestsInHiddenIframeError: { code: string; desc: string }; cryptoDoesNotExist: { code: string; desc: string }; databaseNotOpen: { code: string; desc: string }; emptyNavigateUriError: { code: string; desc: string }; emptyWindowError: { code: string; desc: string }; failedToParseNetworkResponse: { code: string; desc: string }; getRequestFailed: { code: string; desc: string }; hashDoesNotContainKnownPropertiesError: { code: string; desc: string }; hashDoesNotContainStateError: { code: string; desc: string }; hashEmptyError: { code: string; desc: string }; httpMethodNotImplementedError: { code: string; desc: string }; iframeClosedPrematurelyError: { code: string; desc: string }; interactionInProgress: { code: string; desc: string }; invalidCacheType: { code: string; desc: string }; monitorIframeTimeoutError: { code: string; desc: string }; monitorPopupTimeoutError: { code: string; desc: string }; noAccountError: { code: string; desc: string }; noCachedAuthorityError: { code: string; desc: string }; noNetworkConnectivity: { code: string; desc: string }; noTokenRequestCacheError: { code: string; desc: string }; notInBrowserEnvironment: { code: string; desc: string }; pkceNotGenerated: { code: string; desc: string }; popupWindowError: { code: string; desc: string }; postRequestFailed: { code: string; desc: string }; redirectInIframeError: { code: string; desc: string }; signingKeyNotFoundInStorage: { code: string; desc: string }; silentLogoutUnsupportedError: { code: string; desc: string }; silentPromptValueError: { code: string; desc: string }; stateInteractionTypeMismatchError: { code: string; desc: string }; unableToLoadTokenError: { code: string; desc: string }; unableToParseStateError: { code: string; desc: string }; unableToParseTokenRequestCacheError: { code: string; desc: string }; userCancelledError: { code: string; desc: string } } = ...

BrowserAuthErrorMessage class containing string constants used by error codes and messages.

Type declaration

  • authRequestNotSet: { code: string; desc: string }
    • code: string
    • desc: string
  • blockAcquireTokenInPopupsError: { code: string; desc: string }
    • code: string
    • desc: string
  • blockTokenRequestsInHiddenIframeError: { code: string; desc: string }
    • code: string
    • desc: string
  • cryptoDoesNotExist: { code: string; desc: string }
    • code: string
    • desc: string
  • databaseNotOpen: { code: string; desc: string }
    • code: string
    • desc: string
  • emptyNavigateUriError: { code: string; desc: string }
    • code: string
    • desc: string
  • emptyWindowError: { code: string; desc: string }
    • code: string
    • desc: string
  • failedToParseNetworkResponse: { code: string; desc: string }
    • code: string
    • desc: string
  • getRequestFailed: { code: string; desc: string }
    • code: string
    • desc: string
  • hashDoesNotContainKnownPropertiesError: { code: string; desc: string }
    • code: string
    • desc: string
  • hashDoesNotContainStateError: { code: string; desc: string }
    • code: string
    • desc: string
  • hashEmptyError: { code: string; desc: string }
    • code: string
    • desc: string
  • httpMethodNotImplementedError: { code: string; desc: string }
    • code: string
    • desc: string
  • iframeClosedPrematurelyError: { code: string; desc: string }
    • code: string
    • desc: string
  • interactionInProgress: { code: string; desc: string }
    • code: string
    • desc: string
  • invalidCacheType: { code: string; desc: string }
    • code: string
    • desc: string
  • monitorIframeTimeoutError: { code: string; desc: string }
    • code: string
    • desc: string
  • monitorPopupTimeoutError: { code: string; desc: string }
    • code: string
    • desc: string
  • noAccountError: { code: string; desc: string }
    • code: string
    • desc: string
  • noCachedAuthorityError: { code: string; desc: string }
    • code: string
    • desc: string
  • noNetworkConnectivity: { code: string; desc: string }
    • code: string
    • desc: string
  • noTokenRequestCacheError: { code: string; desc: string }
    • code: string
    • desc: string
  • notInBrowserEnvironment: { code: string; desc: string }
    • code: string
    • desc: string
  • pkceNotGenerated: { code: string; desc: string }
    • code: string
    • desc: string
  • popupWindowError: { code: string; desc: string }
    • code: string
    • desc: string
  • postRequestFailed: { code: string; desc: string }
    • code: string
    • desc: string
  • redirectInIframeError: { code: string; desc: string }
    • code: string
    • desc: string
  • signingKeyNotFoundInStorage: { code: string; desc: string }
    • code: string
    • desc: string
  • silentLogoutUnsupportedError: { code: string; desc: string }
    • code: string
    • desc: string
  • silentPromptValueError: { code: string; desc: string }
    • code: string
    • desc: string
  • stateInteractionTypeMismatchError: { code: string; desc: string }
    • code: string
    • desc: string
  • unableToLoadTokenError: { code: string; desc: string }
    • code: string
    • desc: string
  • unableToParseStateError: { code: string; desc: string }
    • code: string
    • desc: string
  • unableToParseTokenRequestCacheError: { code: string; desc: string }
    • code: string
    • desc: string
  • userCancelledError: { code: string; desc: string }
    • code: string
    • desc: string

Const BrowserConfigurationAuthErrorMessage

BrowserConfigurationAuthErrorMessage: { inMemRedirectUnavailable: { code: string; desc: string }; invalidCallbackObject: { code: string; desc: string }; noRedirectCallbacksSet: { code: string; desc: string }; postLogoutUriNotSet: { code: string; desc: string }; redirectUriNotSet: { code: string; desc: string }; storageNotSupportedError: { code: string; desc: string }; stubPcaInstanceCalled: { code: string; desc: string } } = ...

BrowserAuthErrorMessage class containing string constants used by error codes and messages.

Type declaration

  • inMemRedirectUnavailable: { code: string; desc: string }
    • code: string
    • desc: string
  • invalidCallbackObject: { code: string; desc: string }
    • code: string
    • desc: string
  • noRedirectCallbacksSet: { code: string; desc: string }
    • code: string
    • desc: string
  • postLogoutUriNotSet: { code: string; desc: string }
    • code: string
    • desc: string
  • redirectUriNotSet: { code: string; desc: string }
    • code: string
    • desc: string
  • storageNotSupportedError: { code: string; desc: string }
    • code: string
    • desc: string
  • stubPcaInstanceCalled: { code: string; desc: string }
    • code: string
    • desc: string

Const stubbedPublicClientApplication

stubbedPublicClientApplication: IPublicClientApplication = ...

Const version

version: "2.18.0" = "2.18.0"

Generated using TypeDoc