com.microsoft.aad.msal4j

Class PublicClientApplication

java.lang.Object

com.microsoft.aad.msal4j.AbstractApplicationBase

com.microsoft.aad.msal4j.AbstractClientApplicationBase

com.microsoft.aad.msal4j.PublicClientApplication

All Implemented Interfaces:

IPublicClientApplication

public class PublicClientApplication
extends AbstractClientApplicationBase
implements IPublicClientApplication

Class to be used to acquire tokens for public client applications (Desktop, Mobile). For details see IPublicClientApplication

Conditionally thread-safe

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	PublicClientApplication.Builder

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_AUTHORITY

Fields inherited from class com.microsoft.aad.msal4j.AbstractClientApplicationBase

azureRegion

Fields inherited from class com.microsoft.aad.msal4j.AbstractApplicationBase

authenticationAuthority, log, tokenCache

Method Summary

Modifier and Type	Method and Description
CompletableFuture<IAuthenticationResult>	acquireToken(AuthorizationCodeParameters parameters) Acquires security token from the authority using an authorization code previously received.
CompletableFuture<IAuthenticationResult>	acquireToken(DeviceCodeFlowParameters parameters) Acquires security token from the authority using an device code flow.
CompletableFuture<IAuthenticationResult>	acquireToken(IntegratedWindowsAuthenticationParameters parameters) Acquires tokens from the authority configured in the application via Integrated Windows Authentication.
CompletableFuture<IAuthenticationResult>	acquireToken(InteractiveRequestParameters parameters) Acquires tokens from the authority using authorization code grant.
CompletableFuture<IAuthenticationResult>	acquireToken(RefreshTokenParameters parameters) Acquires a security token from the authority using a refresh token previously received.
CompletableFuture<IAuthenticationResult>	acquireToken(UserNamePasswordParameters parameters) Acquires tokens from the authority configured in the application via Username/Password authentication.
CompletableFuture<IAuthenticationResult>	acquireTokenSilently(SilentParameters parameters) Returns tokens from cache if present and not expired or acquires new tokens from the authority by using the refresh token present in cache.
String	authority() Gets the authority URL for this application.
static PublicClientApplication.Builder	builder(String clientId)
String	clientId() Gets the client ID (application ID) for this application.
String	correlationId() Gets the correlation ID used for tracing requests through the authentication system.
CompletableFuture<Set<IAccount>>	getAccounts() Returns accounts in the cache
URL	getAuthorizationRequestUrl(AuthorizationRequestUrlParameters parameters) Computes the URL of the authorization request letting the user sign-in and consent to the application.
IHttpClient	httpClient() Gets the HTTP client used by the application for all HTTP requests.
boolean	logPii() Gets whether personally identifiable information (PII) is included in log messages.
Proxy	proxy() Gets the proxy configuration used by the application for network communication.
CompletableFuture<Void>	removeAccount(IAccount account) Removes IAccount from the cache
SSLSocketFactory	sslSocketFactory() Gets the SSL socket factory used by the application for secure network communication.
boolean	validateAuthority() Gets whether the authority URL should be validated against a list of known authorities.

Methods inherited from class com.microsoft.aad.msal4j.AbstractClientApplicationBase

aadAadInstanceDiscoveryResponse, acquireToken, acquireToken, applicationName, applicationVersion, authority, autoDetectRegion, azureRegion, clientCapabilities, clientId, getAccounts, getAuthorizationRequestUrl, instanceDiscovery, tokenCache, validateAuthority

Methods inherited from class com.microsoft.aad.msal4j.AbstractApplicationBase

connectTimeoutForDefaultHttpClient, correlationId, httpClient, logPii, proxy, readTimeoutForDefaultHttpClient, sslSocketFactory

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_AUTHORITY

public static final String DEFAULT_AUTHORITY

See Also:

Constant Field Values

Method Detail

acquireToken

public CompletableFuture<IAuthenticationResult> acquireToken(UserNamePasswordParameters parameters)

Description copied from interface: IPublicClientApplication

Acquires tokens from the authority configured in the application via Username/Password authentication.

Specified by:

acquireToken in interface IPublicClientApplication

Parameters:

parameters - instance of UserNamePasswordParameters

Returns:

CompletableFuture containing an IAuthenticationResult

acquireToken

public CompletableFuture<IAuthenticationResult> acquireToken(IntegratedWindowsAuthenticationParameters parameters)

Description copied from interface: IPublicClientApplication

Acquires tokens from the authority configured in the application via Integrated Windows Authentication.

Specified by:

acquireToken in interface IPublicClientApplication

Parameters:

parameters - instance of IntegratedWindowsAuthenticationParameters

Returns:

CompletableFuture containing an IAuthenticationResult

acquireToken

public CompletableFuture<IAuthenticationResult> acquireToken(DeviceCodeFlowParameters parameters)

Description copied from interface: IPublicClientApplication

Acquires security token from the authority using an device code flow. Flow is designed for devices that do not have access to a browser or have input constraints. The authorization server issues DeviceCode object with verification code, an end-user code and the end-user verification URI. DeviceCode is provided through deviceCodeConsumer callback. End-user should be instructed to use another device to connect to the authorization server to approve the access request. Since the client cannot receive incoming requests, it polls the authorization server repeatedly until the end-user completes the approval process.

Specified by:

acquireToken in interface IPublicClientApplication

Parameters:

parameters - instance of DeviceCodeFlowParameters

Returns:

CompletableFuture containing an IAuthenticationResult

acquireToken

public CompletableFuture<IAuthenticationResult> acquireToken(InteractiveRequestParameters parameters)

Description copied from interface: IPublicClientApplication

Acquires tokens from the authority using authorization code grant. Will attempt to open the default system browser where the user can input the credentials interactively, consent to scopes, and do multi-factor authentication if such a policy is enabled on the Azure AD tenant. System browser can behavior can be customized via InteractiveRequestParameters.systemBrowserOptions. For more information, see https://aka.ms/msal4j-interactive-request

Specified by:

acquireToken in interface IPublicClientApplication

Parameters:

parameters - instance of InteractiveRequestParameters

Returns:

CompletableFuture containing an IAuthenticationResult

acquireTokenSilently

public CompletableFuture<IAuthenticationResult> acquireTokenSilently(SilentParameters parameters)
                                                              throws MalformedURLException

Returns tokens from cache if present and not expired or acquires new tokens from the authority by using the refresh token present in cache.

Overrides:

acquireTokenSilently in class AbstractClientApplicationBase

Parameters:

parameters - instance of SilentParameters

Returns:

A CompletableFuture object representing the IAuthenticationResult of the call.

Throws:

MalformedURLException - if authorityUrl from parameters is malformed URL

removeAccount

public CompletableFuture<Void> removeAccount(IAccount account)

Removes IAccount from the cache

Overrides:

removeAccount in class AbstractClientApplicationBase

Parameters:

account - instance of Account to be removed from cache

Returns:

CompletableFuture object representing account removal task.

builder

public static PublicClientApplication.Builder builder(String clientId)

Parameters:

clientId - Client ID (Application ID) of the application as registered in the application registration portal (portal.azure.com)

Returns:

instance of Builder of PublicClientApplication

clientId

public String clientId()

Gets the client ID (application ID) for this application.

Returns:

Client ID (Application ID) of the application as registered in the application registration portal (portal.azure.com) and as passed in the constructor of the application

authority

public String authority()

Gets the authority URL for this application.

Returns:

URL of the authority, or security token service (STS) from which MSAL will acquire security tokens. Default value is IApplicationBase.DEFAULT_AUTHORITY

validateAuthority

public boolean validateAuthority()

Gets whether the authority URL should be validated against a list of known authorities.

Returns:

A boolean value which determines whether the authority needs to be verified against a list of known authorities. When true, MSAL will validate the authority against a list of well-known authorities. Set to false only for development/testing with custom authority URLs.

getAuthorizationRequestUrl

public URL getAuthorizationRequestUrl(AuthorizationRequestUrlParameters parameters)

Computes the URL of the authorization request letting the user sign-in and consent to the application. The URL target the /authorize endpoint of the authority configured in the application object.

Once the user successfully authenticates, the response should contain an authorization code, which can then be passed in to AbstractClientApplicationBase.acquireToken(AuthorizationCodeParameters) to be exchanged for a token.

Parameters:

parameters - AuthorizationRequestUrlParameters containing the details needed to create the authorization URL, such as scopes, response type, and redirect URI

Returns:

URL of the authorization endpoint where the user can sign-in and consent to the application

acquireToken

public CompletableFuture<IAuthenticationResult> acquireToken(AuthorizationCodeParameters parameters)

Acquires security token from the authority using an authorization code previously received.

This is typically used as the second step in an authorization code flow, after the user has authenticated and provided consent at the authorization endpoint, resulting in an authorization code.

Parameters:

parameters - AuthorizationCodeParameters containing the authorization code and other information required to exchange the code for tokens

Returns:

A CompletableFuture object representing the IAuthenticationResult of the call, which contains the requested tokens and account information

acquireToken

public CompletableFuture<IAuthenticationResult> acquireToken(RefreshTokenParameters parameters)

Acquires a security token from the authority using a refresh token previously received. Can be used in migration to MSAL from ADAL, and in various integration scenarios where you have a refresh token available.

Parameters:

parameters - RefreshTokenParameters

Returns:

A CompletableFuture object representing the IAuthenticationResult of the call.

getAccounts

public CompletableFuture<Set<IAccount>> getAccounts()

Returns accounts in the cache

Returns:

set of unique accounts from cache which can be used for silent acquire token call

logPii

public boolean logPii()

Gets whether personally identifiable information (PII) is included in log messages.

Returns:

A boolean value which determines whether PII (personally identifiable information) will be included in log messages. When true, PII will be logged; when false, PII will be masked or omitted from logs.

correlationId

public String correlationId()

Gets the correlation ID used for tracing requests through the authentication system.

Returns:

Correlation ID which is used for diagnostics purposes and is attached to token service requests. The default value is a random UUID.

httpClient

public IHttpClient httpClient()

Gets the HTTP client used by the application for all HTTP requests.

Returns:

Instance of IHttpClient used by the application for network communication with the Microsoft identity platform.

proxy

public Proxy proxy()

Gets the proxy configuration used by the application for network communication.

Returns:

Proxy used by the application for all network communication. Returns null if no proxy is configured.

sslSocketFactory

public SSLSocketFactory sslSocketFactory()

Gets the SSL socket factory used by the application for secure network communication.

Returns:

SSLSocketFactory used by the application for all secure network communication. Returns null if no custom SSL socket factory is configured.