MSALAccount

Objective-C

@protocol MSALAccount <NSObject>

Swift

protocol MSALAccountProtocol : NSObjectProtocol

Representation of an authenticated account in the Microsoft identity platform. Use MSALAccount to query information about the account, like username or id_token claims. Store identifier for getting tokens silently from MSAL at a later point.

Note

For a list of standard id_token claims in the Microsoft Identity platform, see https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens
  • Shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe. This value MAY be any valid JSON string including special characters such as @, /, or whitespace. Mostly maps to UserPrincipleName(UPN) in case of AAD. Can be nil if not returned from the service.

    Declaration

    Objective-C

    @property (readonly, nullable) NSString *username;

    Swift

    var username: String? { get }
  • Unique identifier for the account. Save this for account lookups from cache at a later point.

    Declaration

    Objective-C

    @property (readonly, nullable) NSString *identifier;

    Swift

    var identifier: String? { get }
  • Host part of the authority string used for authentication based on the issuer identifier. Note that if a host supports multiple tenants, there’ll be one MSALAccount for the host and one tenant profile per each tenant accessed (see MSALAccount+MultiTenantAccount.h header) If a host doesn’t support multiple tenants, there’ll be one MSALAccount with accountClaims returned.

    e.g. if app accesses following tenants: Contoso.com and MyOrg.com in the Public AAD cloud, there’ll be following information returned:

    MSALAccount

    • environment of “login.microsoftonline.com”
    • identifier based on the GUID of “MyOrg.com”
    • accountClaims from the id token for the “MyOrg.com”
    • tenantProfiles
      • tenantProfile[0]
      • identifier based on account identifiers from “MyOrg.com” (account object id in MyOrg.com and tenant Id for MyOrg.com directory)
      • claims for the id token issued by MyOrg.com
    • tenantProfile[1]
      • identifier based on account identifiers from “Contoso.com”
      • claims for the id token issued by Contoso.com

    Declaration

    Objective-C

    @property (readonly, nonnull) NSString *environment;

    Swift

    var environment: String { get }
  • ID token claims for the account. Can be used to read additional information about the account, e.g. name Will only be returned if there has been an id token issued for the client Id for the account’s source tenant.

    Declaration

    Objective-C

    @property (readonly, nullable) NSDictionary<NSString *, id> *accountClaims;

    Swift

    var accountClaims: [String : Any]? { get }