Classes
The following classes are available globally.
-
MSAL configuration interface responsible for setting up MSAL logging callback and configuring log collection behavior.
Note
MSALLogger is deprecated. Configure MSAL logging insideMSALLoggerConfig
insteadDeclaration
Objective-C
@interface MSALLogger : NSObject
Swift
class MSALLogger : NSObject
-
An Azure Active Directory (AAD) authority indicating a directory that MSAL can use to obtain tokens. For AAD it is of the form https://aad_instance/aad_tenant, where aad_instance is the directory host (e.g. login.microsoftonline.com) and aad_tenant is a identifier within the directory itself (e.g. a domain associated to the tenant, such as contoso.onmicrosoft.com, or the GUID representing the TenantID property of the directory)
See moreDeclaration
Objective-C
@interface MSALAADAuthority : MSALAuthority
Swift
class MSALAADAuthority : MSALAuthority
-
An ADFS authority indicating an endpoint that MSAL can use to obtain tokens when talking to ADFS directly. For example: https://somesite.contoso.com/adfs
Note
Modern authentication with Active Directory Federation Services as identity provider (ADFS) is not supported by MSAL. ADFS is supported through federation only. Initialization of MSALADFSAuthority will always fail.Declaration
Objective-C
@interface MSALADFSAuthority : MSALAuthority
Swift
class MSALADFSAuthority : MSALAuthority
-
Representation of an authenticated account in the Microsoft identity platform. MSALAccount class implements
MSALAccount
protocol.Note
MSALAccount should be never created directly by an application. Instead, it is returned by MSAL as a result of getting a token interactively or silently (seeMSALResult
), or looked up by MSAL from cache (e.g. see-[MSALPublicClientApplication allAccounts:]
)Declaration
Objective-C
@interface MSALAccount : NSObject <MSALAccount, NSCopying>
Swift
class MSALAccount : NSObject, MSALAccountProtocol, NSCopying
-
MSALAccountEnumerationParameters represents possible account identifying parameters that could be used for filtering cached accounts.
See moreDeclaration
Objective-C
@interface MSALAccountEnumerationParameters : MSALParameters
Swift
class MSALAccountEnumerationParameters : MSALParameters
-
Account identifier in the Azure Active Directory (AAD).
See moreDeclaration
Objective-C
@interface MSALAccountId : NSObject <NSCopying>
Swift
class MSALAccountId : NSObject, NSCopying
-
Undocumented
See moreDeclaration
Objective-C
@interface MSALAuthenticationSchemeBearer : NSObject <MSALAuthenticationSchemeProtocol> @property (nonatomic, readonly) MSALAuthScheme scheme; @end
Swift
class MSALAuthenticationSchemeBearer : NSObject, MSALAuthenticationSchemeProtocol
-
Undocumented
See moreDeclaration
Objective-C
@interface MSALAuthenticationSchemePop : NSObject<MSALAuthenticationSchemeProtocol> @property (nonatomic, readonly) MSALAuthScheme scheme; - (instancetype)initWithHttpMethod:(MSALHttpMethod)httpMethod requestUrl:(NSURL *)requestUrl nonce:(nullable NSString *)nonce additionalParameters:(nullable NSDictionary *)additionalParameters; - (instancetype)init NS_UNAVAILABLE; + (instancetype)new NS_UNAVAILABLE; @end
Swift
class MSALAuthenticationSchemePop : NSObject, MSALAuthenticationSchemeProtocol
-
MSALAuthority represents an identity provider instance that MSAL can use to obtain tokens. For AAD it is of the form https://aad_instance/aad_tenant, where aad_instance is the directory host (e.g. https://login.microsoftonline.com) and aad_tenant is a identifier within the directory itself (e.g. a domain associated to the tenant, such as contoso.onmicrosoft.com, or the GUID representing the TenantID property of the directory)
Note
The MSALAuthority class is the base abstract class for the MSAL authority classes. Don’t try to create instance of it using alloc or new. Instead, either create one of its subclasses directly (MSALAADAuthority, MSALB2CAuthority) or use the factory methodauthorityWithURL:error:
to create subclasses using an authority URL.Declaration
Objective-C
@interface MSALAuthority : NSObject <NSCopying>
Swift
class MSALAuthority : NSObject, NSCopying
-
B2C endpoint that MSAL will use to get a token and perform B2C policies.
Note
By default, the B2C authority url should be in the following format, where custom_port is optional: https://b2c_host:custom_port/tfp/b2c_tenant/b2c_policy. However, MSAL also supports other arbitrary B2C authority formats. See https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-protocolsDeclaration
Objective-C
@interface MSALB2CAuthority : MSALAuthority
Swift
class MSALB2CAuthority : MSALAuthority
-
CIAM endpoint that MSAL will use to get a token and perform CIAM policies.
Note
By default, the CIAM authority url should be in the following format https://tenant.ciamlogin.com. However, MSAL also supports other arbitrary CIAM such as: https://tenant.ciamlogin.com/GUID and https://tenant.ciamlogin.com/aDomain, where GUID is tenantID and aDomain and domainNameDeclaration
Objective-C
@interface MSALCIAMAuthority : MSALAuthority
Swift
class MSALCIAMAuthority : MSALAuthority
-
MSAL configuration interface responsible for token caching and keychain configuration.
See moreDeclaration
Objective-C
@interface MSALCacheConfig : NSObject <NSCopying>
Swift
class MSALCacheConfig : NSObject, NSCopying
-
OpenID Connect allows you to optionally request the return of individual claims from the UserInfo Endpoint and/or in the ID Token. A claims request is represented as a JSON object that contains a list of requested claims.
The Microsoft Authentication Library (MSAL) for iOS and macOS allows requesting specific claims in both interactive and silent token acquisition scenarios. It does so through the claimsRequest parameter.
There are multiple scenarios where this is needed. For example:
- Requesting claims outside of the standard set for your application.
- Requesting specific combinations of the standard claims that cannot be specified using scopes for your application. For example, if an access token gets rejected because of missing claims, the application can request the missing claims using MSAL.
See more info here: https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter
Example of Claims Request serialized to json:
{ "access_token": { "capolids": {"essential":true, "values":["00000000-0000-0000-0000-000000000001"]} }, "id_token": { "auth_time": {"essential": true}, "acr": {"values": ["urn:mace:incommon:iap:silver"]} } }
Note
MSALClaimsRequest is NOT thread safe.Note
MSAL bypasses the access token cache whenever a claims request is specified. It’s important to only provide claimsRequest parameter when additional claims are needed (as opposed to always providing same claimsRequest parameter in each MSAL API call).Declaration
Objective-C
@interface MSALClaimsRequest : NSObject <MSALJsonSerializable, MSALJsonDeserializable>
Swift
class MSALClaimsRequest : NSObject, MSALJsonSerializable, MSALJsonDeserializable
-
Information about the device that is applicable to MSAL scenarios.
See moreDeclaration
Objective-C
@interface MSALDeviceInformation : NSObject
Swift
class MSALDeviceInformation : NSObject
-
MSAL configuration interface responsible for globally applicable authentication properties.
Note
Configuration changes inside MSALGlobalConfig will apply to all instances ofMSALPublicClientApplication
Declaration
Objective-C
@interface MSALGlobalConfig : NSObject
Swift
class MSALGlobalConfig : NSObject
-
MSAL configuration interface responsible for network configuration.
Note
Configuration changes inside MSALHTTPConfig will apply to all instances ofMSALPublicClientApplication
Declaration
Objective-C
@interface MSALHTTPConfig : NSObject
Swift
class MSALHTTPConfig : NSObject
-
Represents the individual claim request. See more info here: https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests
Example of Individual Claim Request serialized to JSON:
“auth_time”: {“essential”: true}
See moreDeclaration
Objective-C
@interface MSALIndividualClaimRequest : NSObject
Swift
class MSALIndividualClaimRequest : NSObject
-
Represents the additional information that can be sent to an authorization server for a request claim in the claim request parameter. See more info here: https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests
Example of Individual Claim Request Additional Info serialized to json:
{“essential”: true}
See moreDeclaration
Objective-C
@interface MSALIndividualClaimRequestAdditionalInfo : NSObject
Swift
class MSALIndividualClaimRequestAdditionalInfo : NSObject
-
Token parameters to be used when MSAL is getting a token interactively.
See moreDeclaration
Objective-C
@interface MSALInteractiveTokenParameters : MSALTokenParameters
Swift
class MSALInteractiveTokenParameters : MSALTokenParameters
-
Sample implementation of the MSALExternalAccountProviding protocol that can work with legacy Microsoft account storage. Use it if:
- You’re migrating from ADAL to MSAL and where previously relying on shared Microsoft account storage. In that case, usage of this class should be temporary, until more than X% of users migrate to MSAL (X can be 95% depending on your app requirements).
- As sample code to implement your own MSALExternalAccountProviding
Declaration
Objective-C
@interface MSALLegacySharedAccountsProvider : NSObject <MSALExternalAccountProviding>
Swift
class MSALLegacySharedAccountsProvider : NSObject, MSALExternalAccountProviding
-
MSAL configuration interface responsible for setting up MSAL logging callback and configuring log collection behavior.
Note
Configuration changes inside MSALLoggerConfig will apply to all instances ofMSALPublicClientApplication
Declaration
Objective-C
@interface MSALLoggerConfig : NSObject
Swift
class MSALLoggerConfig : NSObject
-
Undocumented
See moreDeclaration
Objective-C
@interface MSALParameters : NSObject /** The dispatch queue on which to dispatch the completion block with MSAL result. This configuration is optional. MSAL default behavior when this property is not set depends on the token acquisition type: 1. For interactive token acquisition and signout requests, MSAL will call completion block on the main thread 2. For silent token acquisition, MSAL doesn't guarantee any specific queue for the completion block dispatch if this property is not set. This means that by default MSAL will call its completion block on the queue that it receives server response on. For example, if MSAL receives a token refresh response on the background queue, it will dispatch the completion block on the same queue and developer needs to make sure to not update any UI elements in the MSAL completion block without checking for the main thread first. */ @property (nonatomic, nullable) dispatch_queue_t completionBlockQueue; @end
Swift
class MSALParameters : NSObject
-
Representation of OAuth 2.0 Public client application. Create an instance of this class to acquire tokens. One instance of MSALPublicClientApplication can be used to interact with multiple AAD clouds, and tenants, without needing to create a new instance for each authority. For most apps, one MSALPublicClientApplication instance is sufficient.
To create an instance of the MSALPublicClientApplication, first create an instance
MSALPublicClientApplicationConfig
. SetupMSALPublicClientApplicationConfig
with needed configuration, and pass it to the[MSALPublicClientApplication initWithConfiguration:error:]
initializer.For example:
NSError *msalError = nil; MSALPublicClientApplicationConfig *config = [[MSALPublicClientApplicationConfig alloc] initWithClientId:@"your-client-id-here"]; MSALPublicClientApplication *application = [[MSALPublicClientApplication alloc] initWithConfiguration:config error:&msalError];
See moreDeclaration
Objective-C
@interface MSALPublicClientApplication : NSObject
Swift
class MSALPublicClientApplication : NSObject
-
Configuration for an instance of
MSALPublicClientApplication
Note
OnceMSALPublicClientApplication
is initialized, MSALPublicClientApplication object ignores any changes you make to the MSALPublicClientApplicationConfig object.Declaration
Objective-C
@interface MSALPublicClientApplicationConfig : NSObject <NSCopying>
Swift
class MSALPublicClientApplicationConfig : NSObject, NSCopying
-
MSALRedirectUri is a representation of an OAuth redirect_uri parameter. A redirect URI, or reply URL, is the location that the authorization server will send the user to once the app has been successfully authorized, and granted an authorization code or access token.
See moreDeclaration
Objective-C
@interface MSALRedirectUri : NSObject <NSCopying>
Swift
class MSALRedirectUri : NSObject, NSCopying
-
MSALResult represents information returned to the application after a successful interactive or silent token acquisition. It contains information requested by the application (e.g. access_token and id_token), and information that can be used to get a token silently from MSAL (e.g. account).
See moreDeclaration
Objective-C
@interface MSALResult : NSObject
Swift
class MSALResult : NSObject
-
Representation of ADAL serialized cache. Use it to achieve SSO or migration scenarios between ADAL Objective-C for macOS and MSAL for macOS
See moreDeclaration
Objective-C
@interface MSALSerializedADALCacheProvider : NSObject <NSCopying>
Swift
class MSALSerializedADALCacheProvider : NSObject, NSCopying
-
Undocumented
See moreDeclaration
Objective-C
@interface MSALSignoutParameters : MSALParameters /** A copy of the configuration which was provided in the initializer. */ @property (nonatomic, readonly, copy) MSALWebviewParameters *webviewParameters; /** Specifies whether signout should also open the browser and send a network request to the end_session_endpoint. NO by default. */ @property (nonatomic) BOOL signoutFromBrowser; /* Removes account from the keychain with either com.microsoft.adalcache shared group by default or the one provided when configuring MSALPublicClientApplication. This is a destructive action and will remove the SSO state from all apps sharing the same cache! It's intended to be used only as a way to achieve GDPR compliance and make sure all user artifacts are cleaned on user sign out. It's not intended to be used as a way to reset or fix token cache. Please make sure end user is shown UI and/or warning before this flag gets set to YES. NO by default. */ @property (nonatomic) BOOL wipeAccount; /* When flag is set, following should happen: - Wipe all known universal cache locations regardless of the clientId, account etc. Should include all tokens and metadata for any cloud. - Wipe all known legacy ADAL cache locations regardless of the clientId, account etc. - MSALWipeCacheForAllAccountsConfig contains a list of additional locations for partner caches to be wiped (e.g. Teams, VisualStudio etc). Wipe operation should wipe out all those additional locations. This file includes "display identifier" of the location (e.g. Teams cache), and precise identifiers like kSecAttrAccount, kSecAttrService etc. - If SSO extension is present, call SSO extension wipe operation. Wipe operation should only be allowed to the privileged applications like Intune CP on macOS or Authenticator on iOS. - Failing any of the steps should return error back to the app including exact locations and apps that failed to be cleared. NO by default. This is a dangerous operation. */ @property (nonatomic) BOOL wipeCacheForAllAccounts; /** Key-value pairs to pass to the logout endpoint. This should not be url-encoded value. */ @property (nonatomic, nullable) NSDictionary <NSString *, NSString *> *extraQueryParameters; /** Initialize MSALSignoutParameters with web parameters. @param webviewParameters User Interface configuration that MSAL uses when getting a token interactively or authorizing an end user. */ - (instancetype)initWithWebviewParameters:(MSALWebviewParameters *)webviewParameters; @end
Swift
class MSALSignoutParameters : MSALParameters
-
Token parameters to be used when MSAL is getting a token silently.
See moreDeclaration
Objective-C
@interface MSALSilentTokenParameters : MSALTokenParameters
Swift
class MSALSilentTokenParameters : MSALTokenParameters
-
MSAL configuration interface responsible for custom parameters to target MSAL at a specific test slice & flight
See moreDeclaration
Objective-C
@interface MSALSliceConfig : NSObject <NSCopying>
Swift
class MSALSliceConfig : NSObject, NSCopying
-
The central class for MSAL telemetry.
Usage: Get a singleton instance of MSALTelemetry; register a callback (
telemetryCallback
) for receiving telemetry events.Note
MSALTelemetry is deprecated. UseMSALTelemetryConfig
instead to register atelemetryCallback
and changing telemetry configuration.Declaration
Objective-C
@interface MSALTelemetry : NSObject
Swift
class MSALTelemetry : NSObject
-
MSAL configuration interface responsible for setting up MSAL telemetry callback and configuring telemetry collection behavior.
Note
Configuration changes inside MSALTelemetryConfig will apply to all instances ofMSALPublicClientApplication
Declaration
Objective-C
@interface MSALTelemetryConfig : NSObject
Swift
class MSALTelemetryConfig : NSObject
-
The Microsoft Identity platform allows one account to be used to access resources belonging to multiple organizations (Azure Active Directory tenants). MSALTenantProfile represents information about the account record in a particular AAD tenant
See moreDeclaration
Objective-C
@interface MSALTenantProfile : NSObject <NSCopying>
Swift
class MSALTenantProfile
-
MSALTokenParameters is the base abstract class for all types of token parameters (see
See moreMSALInteractiveTokenParameters
andMSALSilentTokenParameters
).Declaration
Objective-C
@interface MSALTokenParameters : MSALParameters
Swift
class MSALTokenParameters : MSALParameters
-
Metadata about the WPJ user that is applicable to MSAL scenarios.
See moreDeclaration
Objective-C
@interface MSALWPJMetaData : NSObject
Swift
class MSALWPJMetaData : NSObject
-
User Interface configuration that MSAL uses when getting a token interactively or authorizing an end user.
See moreDeclaration
Objective-C
@interface MSALWebviewParameters : NSObject <NSCopying>
Swift
class MSALWebviewParameters : NSObject, NSCopying
-
MSAL configuration interface responsible for keeping a list of additional cache locations for partner caches to be wiped.
See moreDeclaration
Objective-C
@interface MSALWipeCacheForAllAccountsConfig : NSObject
Swift
class MSALWipeCacheForAllAccountsConfig : NSObject
-
MSALAuthMethod represents a user’s authentication methods.
See moreDeclaration
Swift
@objc public class MSALAuthMethod : NSObject
-
The channel type via which a code was sent
See moreDeclaration
Swift
@objcMembers public class MSALNativeAuthChannelType : NSObject
-
Main interface to interact with the Native Auth methods
To create an instance of the MSALNativeAuthPublicClientApplication use the clientId, tenantSubdomain, challengeTypes and redirectUri (optional) to the initialiser method.
For example:
do { nativeAuth = try MSALNativeAuthPublicClientApplication( clientId: "Enter_the_Application_Id_Here", tenantSubdomain: "Enter_the_Tenant_Subdomain_Here", challengeTypes: [.OOB] ) print("Initialised Native Auth successfully.") } catch { print("Unable to initialize MSAL \(error)") }
See moreDeclaration
Swift
@objcMembers public final class MSALNativeAuthPublicClientApplication : MSALPublicClientApplication
-
Undocumented
See moreDeclaration
Swift
public class MSALNativeAuthTokenResult : NSObject
-
Class that groups account and token information.
See moreDeclaration
Swift
@objc public class MSALNativeAuthUserAccountResult : NSObject
-
Class that defines the structure of a Required Attribute
See moreDeclaration
Swift
@objc public class MSALNativeAuthRequiredAttribute : NSObject
-
Class that defines the structure and type of an Attributes Required error
See moreDeclaration
Swift
@objc public class AttributesRequiredError : MSALNativeAuthError
-
Class that defines the structure and type of a MFAGetAuthMethodsError
See moreDeclaration
Swift
@objcMembers public class MFAGetAuthMethodsError : MSALNativeAuthError
-
Class that defines the structure and type of a MFARequestChallengeError
See moreDeclaration
Swift
@objcMembers public class MFARequestChallengeError : MSALNativeAuthError
-
Class that defines the structure and type of a MFASubmitChallengeError
See moreDeclaration
Swift
@objcMembers public class MFASubmitChallengeError : MSALNativeAuthError
-
Class that defines the basic structure of a Native Auth error
See moreDeclaration
Swift
@objcMembers public class MSALNativeAuthError : NSObject, LocalizedError
-
Class that defines the structure and type of a PasswordRequired error
See moreDeclaration
Swift
@objcMembers public class PasswordRequiredError : MSALNativeAuthError
-
Class that defines the structure and type of a ResendCode error
See moreDeclaration
Swift
@objc public class ResendCodeError : MSALNativeAuthError
-
Class that defines the structure and type of a ResetPasswordStart error
See moreDeclaration
Swift
@objcMembers public class ResetPasswordStartError : MSALNativeAuthError
-
Class that defines the structure and type of a RetrieveAccessToken error
See moreDeclaration
Swift
@objcMembers public class RetrieveAccessTokenError : MSALNativeAuthError
-
Class that defines the structure and type of a SignInAfterResetPassword error
See moreDeclaration
Swift
@objc public class SignInAfterResetPasswordError : MSALNativeAuthError
-
Class that defines the structure and type of a SignInAfterSignUp error
See moreDeclaration
Swift
@objc public class SignInAfterSignUpError : MSALNativeAuthError
-
Class that defines the structure and type of a SignInStart error
See moreDeclaration
Swift
@objcMembers public class SignInStartError : MSALNativeAuthError
-
Class that defines the structure and type of a SignUpStart error
See moreDeclaration
Swift
@objcMembers public class SignUpStartError : MSALNativeAuthError
-
Class that defines the structure and type of a VerifyCode error
See moreDeclaration
Swift
@objcMembers public class VerifyCodeError : MSALNativeAuthError
-
Base class for MFA state
Declaration
Swift
@objcMembers public class MFABaseState : MSALNativeAuthBaseState
-
An object of this type is created whenever a user needs to make a specific request to send the MFA challenge.
See moreDeclaration
Swift
@objcMembers public class AwaitingMFAState : MFABaseState
-
Undocumented
See moreDeclaration
Swift
@objcMembers public class MFARequiredState : MFABaseState
-
Base class for Native Auth states
Declaration
Swift
@objc public class MSALNativeAuthBaseState : NSObject
-
Base class for the ResetPassword state
Declaration
Swift
@objcMembers public class ResetPasswordBaseState : MSALNativeAuthBaseState
-
An object of this type is created when a user is required to supply a verification code to continue a reset password flow.
See moreDeclaration
Swift
@objcMembers public class ResetPasswordCodeRequiredState : ResetPasswordBaseState
-
An object of this type is created when a user is required to supply a password to continue a reset password flow.
See moreDeclaration
Swift
@objcMembers public class ResetPasswordRequiredState : ResetPasswordBaseState
-
Base class for the SignInAfterPreviousFlow state
Declaration
Swift
@objcMembers public class SignInAfterPreviousFlowBaseState : NSObject
-
An object of this type is created when a user has reset their password successfully.
See moreDeclaration
Swift
@objcMembers public class SignInAfterResetPasswordState : SignInAfterPreviousFlowBaseState
-
An object of this type is created when a user has signed up successfully.
See moreDeclaration
Swift
@objcMembers public class SignInAfterSignUpState : SignInAfterPreviousFlowBaseState
-
Base class for the SignIn state
Declaration
Swift
@objcMembers public class SignInBaseState : MSALNativeAuthBaseState
-
An object of this type is created when a user is required to supply a verification code to continue a sign in flow.
See moreDeclaration
Swift
@objcMembers public class SignInCodeRequiredState : SignInBaseState
-
An object of this type is created when a user is required to supply a password to continue a sign in flow.
See moreDeclaration
Swift
@objcMembers public class SignInPasswordRequiredState : SignInBaseState
-
Base class for the SignUp state
Declaration
Swift
@objcMembers public class SignUpBaseState : MSALNativeAuthBaseState
-
An object of this type is created when a user is required to supply a verification code to continue a sign up flow.
See moreDeclaration
Swift
@objcMembers public class SignUpCodeRequiredState : SignUpBaseState
-
An object of this type is created when a user is required to supply a password to continue a sign up flow.
See moreDeclaration
Swift
@objcMembers public class SignUpPasswordRequiredState : SignUpBaseState
-
An object of this type is created when a user is required to supply attributes to continue a sign up flow.
See moreDeclaration
Swift
@objcMembers public class SignUpAttributesRequiredState : SignUpBaseState