Classes

MSAL configuration interface responsible for setting up MSAL logging callback and configuring log collection behavior.

An Azure Active Directory (AAD) authority indicating a directory that MSAL can use to obtain tokens. For AAD it is of the form https://aad_instance/aad_tenant, where aad_instance is the directory host (e.g. login.microsoftonline.com) and aad_tenant is a identifier within the directory itself (e.g. a domain associated to the tenant, such as contoso.onmicrosoft.com, or the GUID representing the TenantID property of the directory)

An ADFS authority indicating an endpoint that MSAL can use to obtain tokens when talking to ADFS directly. For example: https://somesite.contoso.com/adfs

Representation of an authenticated account in the Microsoft identity platform. MSALAccount class implements MSALAccount protocol.

MSALAccountEnumerationParameters represents possible account identifying parameters that could be used for filtering cached accounts.

Account identifier in the Azure Active Directory (AAD).

Undocumented

Undocumented

MSALAuthority represents an identity provider instance that MSAL can use to obtain tokens. For AAD it is of the form https://aad_instance/aad_tenant, where aad_instance is the directory host (e.g. https://login.microsoftonline.com) and aad_tenant is a identifier within the directory itself (e.g. a domain associated to the tenant, such as contoso.onmicrosoft.com, or the GUID representing the TenantID property of the directory)

B2C endpoint that MSAL will use to get a token and perform B2C policies.

CIAM endpoint that MSAL will use to get a token and perform CIAM policies.

MSAL configuration interface responsible for token caching and keychain configuration.

OpenID Connect allows you to optionally request the return of individual claims from the UserInfo Endpoint and/or in the ID Token. A claims request is represented as a JSON object that contains a list of requested claims.

The Microsoft Authentication Library (MSAL) for iOS and macOS allows requesting specific claims in both interactive and silent token acquisition scenarios. It does so through the claimsRequest parameter.

There are multiple scenarios where this is needed. For example:

• Requesting claims outside of the standard set for your application.
• Requesting specific combinations of the standard claims that cannot be specified using scopes for your application. For example, if an access token gets rejected because of missing claims, the application can request the missing claims using MSAL.

See more info here: https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter

Example of Claims Request serialized to json:

{
   "access_token":
   {
       "capolids": {"essential":true, "values":["00000000-0000-0000-0000-000000000001"]}
   },
   "id_token":
   {
    "auth_time": {"essential": true},
    "acr": {"values": ["urn:mace:incommon:iap:silver"]}
   }
}

Information about the device that is applicable to MSAL scenarios.

MSAL configuration interface responsible for globally applicable authentication properties.

MSAL configuration interface responsible for network configuration.

Represents the individual claim request. See more info here: https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests

Example of Individual Claim Request serialized to JSON:

“auth_time”: {“essential”: true}

Represents the additional information that can be sent to an authorization server for a request claim in the claim request parameter. See more info here: https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests

Example of Individual Claim Request Additional Info serialized to json:

{“essential”: true}

Token parameters to be used when MSAL is getting a token interactively.

Sample implementation of the MSALExternalAccountProviding protocol that can work with legacy Microsoft account storage. Use it if:

1. You’re migrating from ADAL to MSAL and where previously relying on shared Microsoft account storage. In that case, usage of this class should be temporary, until more than X% of users migrate to MSAL (X can be 95% depending on your app requirements).
2. As sample code to implement your own MSALExternalAccountProviding

MSAL configuration interface responsible for setting up MSAL logging callback and configuring log collection behavior.

Undocumented

Representation of OAuth 2.0 Public client application. Create an instance of this class to acquire tokens. One instance of MSALPublicClientApplication can be used to interact with multiple AAD clouds, and tenants, without needing to create a new instance for each authority. For most apps, one MSALPublicClientApplication instance is sufficient.

To create an instance of the MSALPublicClientApplication, first create an instance MSALPublicClientApplicationConfig. Setup MSALPublicClientApplicationConfig with needed configuration, and pass it to the [MSALPublicClientApplication initWithConfiguration:error:] initializer.

For example:

NSError *msalError = nil;

MSALPublicClientApplicationConfig *config =
        [[MSALPublicClientApplicationConfig alloc] initWithClientId:@"your-client-id-here"];

MSALPublicClientApplication *application =
        [[MSALPublicClientApplication alloc] initWithConfiguration:config error:&msalError];

Configuration for an instance of MSALPublicClientApplication

MSALRedirectUri is a representation of an OAuth redirect_uri parameter. A redirect URI, or reply URL, is the location that the authorization server will send the user to once the app has been successfully authorized, and granted an authorization code or access token.

MSALResult represents information returned to the application after a successful interactive or silent token acquisition. It contains information requested by the application (e.g. access_token and id_token), and information that can be used to get a token silently from MSAL (e.g. account).

Representation of ADAL serialized cache. Use it to achieve SSO or migration scenarios between ADAL Objective-C for macOS and MSAL for macOS

Undocumented

Token parameters to be used when MSAL is getting a token silently.

MSAL configuration interface responsible for custom parameters to target MSAL at a specific test slice & flight

The central class for MSAL telemetry.

Usage: Get a singleton instance of MSALTelemetry; register a callback (telemetryCallback) for receiving telemetry events.

MSAL configuration interface responsible for setting up MSAL telemetry callback and configuring telemetry collection behavior.

The Microsoft Identity platform allows one account to be used to access resources belonging to multiple organizations (Azure Active Directory tenants). MSALTenantProfile represents information about the account record in a particular AAD tenant

MSALTokenParameters is the base abstract class for all types of token parameters (see MSALInteractiveTokenParameters and MSALSilentTokenParameters).

Metadata about the WPJ user that is applicable to MSAL scenarios.

User Interface configuration that MSAL uses when getting a token interactively or authorizing an end user.

MSAL configuration interface responsible for keeping a list of additional cache locations for partner caches to be wiped.

MSALAuthMethod represents a user’s authentication methods.

The channel type via which a code was sent

Main interface to interact with the Native Auth methods

To create an instance of the MSALNativeAuthPublicClientApplication use the clientId, tenantSubdomain, challengeTypes and redirectUri (optional) to the initialiser method.

For example:

    do {
        nativeAuth = try MSALNativeAuthPublicClientApplication(
            clientId: "Enter_the_Application_Id_Here",
            tenantSubdomain: "Enter_the_Tenant_Subdomain_Here",
            challengeTypes: [.OOB]
       )
       print("Initialised Native Auth successfully.")
    } catch {
        print("Unable to initialize MSAL \(error)")
    }

Undocumented

Class that groups account and token information.

Class that defines the structure of a Required Attribute

Class that defines the structure and type of an Attributes Required error

Class that defines the structure and type of a MFAGetAuthMethodsError

Class that defines the structure and type of a MFARequestChallengeError

Class that defines the structure and type of a MFASubmitChallengeError

Class that defines the basic structure of a Native Auth error

Class that defines the structure and type of a PasswordRequired error

Class that defines the structure and type of a ResendCode error

Class that defines the structure and type of a ResetPasswordStart error

Class that defines the structure and type of a RetrieveAccessToken error

Class that defines the structure and type of a SignInAfterResetPassword error

Class that defines the structure and type of a SignInAfterSignUp error

Class that defines the structure and type of a SignInStart error

Class that defines the structure and type of a SignUpStart error

Class that defines the structure and type of a VerifyCode error

Base class for MFA state

An object of this type is created whenever a user needs to make a specific request to send the MFA challenge.

Undocumented

Base class for Native Auth states

Base class for the ResetPassword state

An object of this type is created when a user is required to supply a verification code to continue a reset password flow.

An object of this type is created when a user is required to supply a password to continue a reset password flow.

Base class for the SignInAfterPreviousFlow state

An object of this type is created when a user has reset their password successfully.

An object of this type is created when a user has signed up successfully.

Base class for the SignIn state

An object of this type is created when a user is required to supply a verification code to continue a sign in flow.

An object of this type is created when a user is required to supply a password to continue a sign in flow.

Base class for the SignUp state

An object of this type is created when a user is required to supply a verification code to continue a sign up flow.

An object of this type is created when a user is required to supply a password to continue a sign up flow.

An object of this type is created when a user is required to supply attributes to continue a sign up flow.