MSALPublicClientApplication

Objective-C

@interface MSALPublicClientApplication : NSObject

Swift

class MSALPublicClientApplication : NSObject

Representation of OAuth 2.0 Public client application. Create an instance of this class to acquire tokens. One instance of MSALPublicClientApplication can be used to interact with multiple AAD clouds, and tenants, without needing to create a new instance for each authority. For most apps, one MSALPublicClientApplication instance is sufficient.

To create an instance of the MSALPublicClientApplication, first create an instance MSALPublicClientApplicationConfig. Setup MSALPublicClientApplicationConfig with needed configuration, and pass it to the [MSALPublicClientApplication initWithConfiguration:error:] initializer.

For example:

NSError *msalError = nil;

MSALPublicClientApplicationConfig *config =
        [[MSALPublicClientApplicationConfig alloc] initWithClientId:@"your-client-id-here"];

MSALPublicClientApplication *application =
        [[MSALPublicClientApplication alloc] initWithConfiguration:config error:&msalError];

Configuration

configuration
A copy of the configuration which was provided in the initializer. Any changes to mutable properties on the configuration object will not affect the behavior of the Public Cilent Application. Parameter to be used to configure MSALPublicClientApplication. It contains all values to be used in the instance and is a superset of all properties known to this class.
Declaration
Objective-C

@property (readonly, nonnull) MSALPublicClientApplicationConfig *configuration;
Swift

var configuration: MSALPublicClientApplicationConfig { get }

Initializing MSALPublicClientApplication


                    
                    
                    -initWithConfiguration:error:

Initialize a MSALPublicClientApplication with a given configuration

Note

It is important to configure your MSALPublicClientApplicationConfig object before calling MSALPublicClientApplication’s initializer. MSALPublicClientApplication makes a copy of the configuration object you provide on initialization. Once configured, MSALPublicClientApplication object ignores any changes you make to the MSALPublicClientApplicationConfig object.

Declaration

Objective-C

- (nullable instancetype)
    initWithConfiguration:(nonnull MSALPublicClientApplicationConfig *)config
                    error:(NSError *_Nullable *_Nullable)error;

Swift

init(configuration config: MSALPublicClientApplicationConfig) throws

Parameters

`config`	Configuration for PublicClientApplication
`error`	The error that occurred creating the application object, if any (optional)


                    
                    
                    -initWithClientId:error:

Initialize a MSALPublicClientApplication with a given clientID

Declaration

Objective-C

- (nullable instancetype)initWithClientId:(nonnull NSString *)clientId
                                    error:(NSError *_Nullable *_Nullable)error;

Swift

init(clientId: String) throws

Parameters

`clientId`	The clientID of your application, you should get this from the app portal.
`error`	The error that occurred creating the application object, if any (optional)


                    
                    
                    -allAccounts:

Returns an array of all accounts visible to this application.

Declaration

Objective-C

- (nullable NSArray<MSALAccount *> *)allAccounts:
    (NSError *_Nullable *_Nullable)error;

Swift

func allAccounts() throws -> [MSALAccount]

Parameters


                                error

The error that occured trying to retrieve accounts, if any, if you’re not interested in the specific error pass in nil.


                    
                    
                    -accountForIdentifier:error:

Returns account for the given account identifier (received from an account object returned in a previous acquireToken call)

Declaration

Objective-C

- (nullable MSALAccount *)accountForIdentifier:(nonnull NSString *)identifier
                                         error:(NSError *_Nullable *_Nullable)
                                                   error;

Swift

func account(forIdentifier identifier: String) throws -> MSALAccount

Parameters


                                error

The error that occured trying to get the accounts, if any, if you’re not interested in the specific error pass in nil.


                    
                    
                    -accountsForParameters:error:

Returns account for the given account identifying parameters (received from an account object returned in a previous acquireToken call)

Declaration

Objective-C

- (nullable NSArray<MSALAccount *> *)
    accountsForParameters:(nonnull MSALAccountEnumerationParameters *)parameters
                    error:(NSError *_Nullable *_Nullable)error;

Swift

func accounts(for parameters: MSALAccountEnumerationParameters) throws -> [MSALAccount]

Parameters


                                error

The error that occured trying to get the accounts, if any, if you’re not interested in the specific error pass in nil.


                    
                    
                    -accountForUsername:error:

Returns account for for the given username (received from an account object returned in a previous acquireToken call or ADAL)

Declaration

Objective-C

- (nullable MSALAccount *)accountForUsername:(nonnull NSString *)username
                                       error:
                                           (NSError *_Nullable *_Nullable)error;

Swift

func account(forUsername username: String) throws -> MSALAccount

Parameters

`username`	The displayable value in UserPrincipleName(UPN) format
`error`	The error that occured trying to get the accounts, if any, if you’re not interested in the specific error pass in nil.


                    
                    
                    -accountsFromDeviceForParameters:completionBlock:

Returns account for the given account identifying parameters including locally cached accounts and accounts from the SSO extension Accounts from SSO extension are only available on iOS 13+ and macOS 10.15+. On earlier versions, this method will return same results as a local account query.

Declaration

Objective-C

- (void)accountsFromDeviceForParameters:
            (nonnull MSALAccountEnumerationParameters *)parameters
                        completionBlock:(nonnull MSALAccountsCompletionBlock)
                                            completionBlock;

Swift

func accountsFromDevice(for parameters: MSALAccountEnumerationParameters) async throws -> [MSALAccount]

Parameters


                                completionBlock

The completion block that will be called when accounts are loaded, or MSAL encountered an error.

Handling MSAL responses


                    
                    
                    +handleMSALResponse:sourceApplication:

Ask MSAL to handle a URL response.

Declaration

Objective-C

+ (BOOL)handleMSALResponse:(nonnull NSURL *)response
         sourceApplication:(nullable NSString *)sourceApplication;

Swift

class func handleMSALResponse(_ response: URL, sourceApplication: String?) -> Bool

Parameters

`response`	URL response from your application delegate’s openURL handler for MSAL web or brokered authentication sessions
`sourceApplication`	The application that opened your app with that URL. Can be retrieved from options by UIApplicationOpenURLOptionsSourceApplicationKey key. See more info here: https://developer.apple.com/documentation/uikit/uiapplicationdelegate/1623112-application?language=objc

Return Value

YES if URL is a response to a MSAL web or brokered session and handled, NO otherwise.

+cancelCurrentWebAuthSession
Cancels any currently running interactive web authentication session, resulting in the authorization UI being dismissed and the acquireToken request ending in a cancelation error.
Declaration
Objective-C

+ (BOOL)cancelCurrentWebAuthSession;
Swift

class func cancelCurrentWebAuthSession() -> Bool

Getting a token interactively


                    
                    
                    -acquireTokenWithParameters:completionBlock:

Acquire a token for a provided parameters using interactive authentication.

Declaration

Objective-C

- (void)acquireTokenWithParameters:
            (nonnull MSALInteractiveTokenParameters *)parameters
                   completionBlock:(nonnull MSALCompletionBlock)completionBlock;

Swift

func acquireToken(with parameters: MSALInteractiveTokenParameters) async throws -> MSALResult

Parameters

`parameters`	Parameters used for interactive authentication.
`completionBlock`	The completion block that will be called when the authentication flow completes, or encounters an error.

Acquire Token Silent


                    
                    
                    -acquireTokenSilentWithParameters:completionBlock:

Acquire a token silently for a provided parameters.

Declaration

Objective-C

- (void)acquireTokenSilentWithParameters:
            (nonnull MSALSilentTokenParameters *)parameters
                         completionBlock:
                             (nonnull MSALCompletionBlock)completionBlock;

Swift

func acquireTokenSilent(with parameters: MSALSilentTokenParameters) async throws -> MSALResult

Parameters

`parameters`	Parameters used for silent authentication.
`completionBlock`	The completion block that will be called when the authentication flow completes, or encounters an error.

Remove account from cache


                    
                    
                    -removeAccount:error:

Removes all tokens from the cache for this application for the provided account. MSAL won’t be able to return tokens silently after calling this API, and developer will need to call acquireToken. User might need to enter his credentials again after calling this API

Declaration

Objective-C

- (BOOL)removeAccount:(nonnull MSALAccount *)account
                error:(NSError *_Nullable *_Nullable)error;

Swift

func remove(_ account: MSALAccount) throws

Parameters


                                account

The account to remove from the cache

-signoutWithAccount:signoutParameters:completionBlock:
Removes all tokens from the cache for this application for the provided account. Additionally, this API will remove account from the system browser or the embedded webView by navigating to the OIDC end session endpoint if requested in parameters (see more https://openid.net/specs/openid-connect-session-1_0.html). Moreover, if device has an SSO extension installed, the signout request will be handled through the SSO extension.

As a result of the signout operation, application will not be able to get tokens for the given account without user entering credentials. However, this will not sign out from other signed in apps on the device, unless it is explicitly enabled by the administrator configuration through an MDM profile.
Declaration
Objective-C

- (void)signoutWithAccount:(nonnull MSALAccount *)account signoutParameters:(nonnull MSALSignoutParameters *)signoutParameters completionBlock: (nonnull MSALSignoutCompletionBlock)signoutCompletionBlock;
Swift

func signout(with account: MSALAccount, signoutParameters: MSALSignoutParameters) async throws -> Bool

Device information


                    
                    
                    -getDeviceInformationWithParameters:completionBlock:

Reads device information from the authentication broker if present on the device.

Declaration

Objective-C

- (void)getDeviceInformationWithParameters:(nullable MSALParameters *)parameters
                           completionBlock:
                               (nonnull MSALDeviceInformationCompletionBlock)
                                   completionBlock;

Swift

func deviceInformation(with parameters: MSALParameters?) async throws -> MSALDeviceInformation


                    
                    
                    -getWPJMetaDataDeviceWithParameters:forTenantId:completionBlock:

Reads WPJ metadata (UPN, tenant ID, deviCe ID) from the authentication broker if present on the device for a specific tenantId

Declaration

Objective-C

- (void)getWPJMetaDataDeviceWithParameters:(nullable MSALParameters *)parameters
                               forTenantId:(nullable NSString *)tenantId
                           completionBlock:
                               (nonnull MSALWPJMetaDataCompletionBlock)
                                   completionBlock;

Swift

func wpjMetaDataDevice(with parameters: MSALParameters?, forTenantId tenantId: String?) async throws -> MSALWPJMetaData

isCompatibleAADBrokerAvailable
A boolean indicates if a compatible broker is present in device for AAD requests.
Declaration
Objective-C

@property (readonly) BOOL isCompatibleAADBrokerAvailable;
Swift

var isCompatibleAADBrokerAvailable: Bool { get }


                    
                    
                    sdkVersion

A String indicates the version of current MSAL SDK

Declaration

Objective-C

@property (class, readonly, nullable) NSString *sdkVersion;

Swift

class var sdkVersion: String? { get }

SingleAccount

-getCurrentAccountWithParameters:completionBlock:
Gets the current account and return previous account if present. This can be useful to detect if the current account changes. This method must be called whenever the application is resumed or prior to running a scheduled background operation.

If there’re multiple accounts present, MSAL will return an ambiguous account error, and application should do account disambiguation by calling other MSAL Account enumeration APIs.
Declaration
Objective-C

- (void)getCurrentAccountWithParameters:(nullable MSALParameters *)parameters completionBlock: (nonnull MSALCurrentAccountCompletionBlock) completionBlock;
Swift

func currentAccount(with parameters: MSALParameters?) async throws -> (MSALAccount?, MSALAccount?)