MSALPublicClientApplication

Objective-C

@interface MSALPublicClientApplication : NSObject

Swift

class MSALPublicClientApplication : NSObject

Representation of OAuth 2.0 Public client application. Create an instance of this class to acquire tokens. One instance of MSALPublicClientApplication can be used to interact with multiple AAD clouds, and tenants, without needing to create a new instance for each authority. For most apps, one MSALPublicClientApplication instance is sufficient.

To create an instance of the MSALPublicClientApplication, first create an instance MSALPublicClientApplicationConfig. Setup MSALPublicClientApplicationConfig with needed configuration, and pass it to the [MSALPublicClientApplication initWithConfiguration:error:] initializer.

For example:

NSError *msalError = nil;

MSALPublicClientApplicationConfig *config =
        [[MSALPublicClientApplicationConfig alloc] initWithClientId:@"your-client-id-here"];

MSALPublicClientApplication *application =
        [[MSALPublicClientApplication alloc] initWithConfiguration:config error:&msalError];

Configuration

  • A copy of the configuration which was provided in the initializer. Any changes to mutable properties on the configuration object will not affect the behavior of the Public Cilent Application. Parameter to be used to configure MSALPublicClientApplication. It contains all values to be used in the instance and is a superset of all properties known to this class.

    Declaration

    Objective-C

    @property (readonly, nonnull) MSALPublicClientApplicationConfig *configuration;

    Swift

    var configuration: MSALPublicClientApplicationConfig { get }

Initializing MSALPublicClientApplication

  • Initialize a MSALPublicClientApplication with a given configuration

    Note

    It is important to configure your MSALPublicClientApplicationConfig object before calling MSALPublicClientApplication’s initializer. MSALPublicClientApplication makes a copy of the configuration object you provide on initialization. Once configured, MSALPublicClientApplication object ignores any changes you make to the MSALPublicClientApplicationConfig object.

    Declaration

    Objective-C

    - (nullable instancetype)
        initWithConfiguration:(nonnull MSALPublicClientApplicationConfig *)config
                        error:(NSError *_Nullable *_Nullable)error;

    Parameters

    config

    Configuration for PublicClientApplication

    error

    The error that occurred creating the application object, if any (optional)

  • Initialize a MSALPublicClientApplication with a given clientID

    Declaration

    Objective-C

    - (nullable instancetype)initWithClientId:(nonnull NSString *)clientId
                                        error:(NSError *_Nullable *_Nullable)error;

    Swift

    init(clientId: String) throws

    Parameters

    clientId

    The clientID of your application, you should get this from the app portal.

    error

    The error that occurred creating the application object, if any (optional)

  • Returns an array of all accounts visible to this application.

    Declaration

    Objective-C

    - (nullable NSArray<MSALAccount *> *)allAccounts:
        (NSError *_Nullable *_Nullable)error;

    Swift

    func allAccounts() throws -> [MSALAccount]

    Parameters

    error

    The error that occured trying to retrieve accounts, if any, if you’re not interested in the specific error pass in nil.

  • Returns account for the given account identifier (received from an account object returned in a previous acquireToken call)

    Declaration

    Objective-C

    - (nullable MSALAccount *)accountForIdentifier:(nonnull NSString *)identifier
                                             error:(NSError *_Nullable *_Nullable)
                                                       error;

    Swift

    func account(forIdentifier identifier: String) throws -> MSALAccount

    Parameters

    error

    The error that occured trying to get the accounts, if any, if you’re not interested in the specific error pass in nil.

  • Returns account for the given account identifying parameters (received from an account object returned in a previous acquireToken call)

    Declaration

    Objective-C

    - (nullable NSArray<MSALAccount *> *)
        accountsForParameters:(nonnull MSALAccountEnumerationParameters *)parameters
                        error:(NSError *_Nullable *_Nullable)error;

    Swift

    func accounts(for parameters: MSALAccountEnumerationParameters) throws -> [MSALAccount]

    Parameters

    error

    The error that occured trying to get the accounts, if any, if you’re not interested in the specific error pass in nil.

  • Returns account for for the given username (received from an account object returned in a previous acquireToken call or ADAL)

    Declaration

    Objective-C

    - (nullable MSALAccount *)accountForUsername:(nonnull NSString *)username
                                           error:
                                               (NSError *_Nullable *_Nullable)error;

    Swift

    func account(forUsername username: String) throws -> MSALAccount

    Parameters

    username

    The displayable value in UserPrincipleName(UPN) format

    error

    The error that occured trying to get the accounts, if any, if you’re not interested in the specific error pass in nil.

  • Returns account for the given account identifying parameters including locally cached accounts and accounts from the SSO extension Accounts from SSO extension are only available on iOS 13+ and macOS 10.15+. On earlier versions, this method will return same results as a local account query.

    Declaration

    Objective-C

    - (void)accountsFromDeviceForParameters:
                (nonnull MSALAccountEnumerationParameters *)parameters
                            completionBlock:(nonnull MSALAccountsCompletionBlock)
                                                completionBlock;

    Swift

    func accountsFromDevice(for parameters: MSALAccountEnumerationParameters) async throws -> [MSALAccount]

    Parameters

    completionBlock

    The completion block that will be called when accounts are loaded, or MSAL encountered an error.

Handling MSAL responses

  • Ask MSAL to handle a URL response.

    Declaration

    Objective-C

    + (BOOL)handleMSALResponse:(nonnull NSURL *)response
             sourceApplication:(nullable NSString *)sourceApplication;

    Swift

    class func handleMSALResponse(_ response: URL, sourceApplication: String?) -> Bool

    Parameters

    response

    URL response from your application delegate’s openURL handler for MSAL web or brokered authentication sessions

    sourceApplication

    The application that opened your app with that URL. Can be retrieved from options by UIApplicationOpenURLOptionsSourceApplicationKey key. See more info here: https://developer.apple.com/documentation/uikit/uiapplicationdelegate/1623112-application?language=objc

    Return Value

    YES if URL is a response to a MSAL web or brokered session and handled, NO otherwise.

  • Cancels any currently running interactive web authentication session, resulting in the authorization UI being dismissed and the acquireToken request ending in a cancelation error.

    Declaration

    Objective-C

    + (BOOL)cancelCurrentWebAuthSession;

    Swift

    class func cancelCurrentWebAuthSession() -> Bool

Getting a token interactively

Acquire Token Silent

Remove account from cache

  • Removes all tokens from the cache for this application for the provided account. MSAL won’t be able to return tokens silently after calling this API, and developer will need to call acquireToken. User might need to enter his credentials again after calling this API

    Declaration

    Objective-C

    - (BOOL)removeAccount:(nonnull MSALAccount *)account
                    error:(NSError *_Nullable *_Nullable)error;

    Swift

    func remove(_ account: MSALAccount) throws

    Parameters

    account

    The account to remove from the cache

  • Removes all tokens from the cache for this application for the provided account. Additionally, this API will remove account from the system browser or the embedded webView by navigating to the OIDC end session endpoint if requested in parameters (see more https://openid.net/specs/openid-connect-session-1_0.html). Moreover, if device has an SSO extension installed, the signout request will be handled through the SSO extension.

    As a result of the signout operation, application will not be able to get tokens for the given account without user entering credentials. However, this will not sign out from other signed in apps on the device, unless it is explicitly enabled by the administrator configuration through an MDM profile.

    Declaration

    Objective-C

    - (void)signoutWithAccount:(nonnull MSALAccount *)account
             signoutParameters:(nonnull MSALSignoutParameters *)signoutParameters
               completionBlock:
                   (nonnull MSALSignoutCompletionBlock)signoutCompletionBlock;

    Swift

    func signout(with account: MSALAccount, signoutParameters: MSALSignoutParameters) async throws -> Bool

Device information

SingleAccount

  • Gets the current account and return previous account if present. This can be useful to detect if the current account changes. This method must be called whenever the application is resumed or prior to running a scheduled background operation.

    If there’re multiple accounts present, MSAL will return an ambiguous account error, and application should do account disambiguation by calling other MSAL Account enumeration APIs.

    Declaration

    Objective-C

    - (void)getCurrentAccountWithParameters:(nullable MSALParameters *)parameters
                            completionBlock:
                                (nonnull MSALCurrentAccountCompletionBlock)
                                    completionBlock;

    Swift

    func currentAccount(with parameters: MSALParameters?) async throws -> (MSALAccount?, MSALAccount?)