com.microsoft.aad.msal4j

Class ConfidentialClientApplication

java.lang.Object

com.microsoft.aad.msal4j.ConfidentialClientApplication

All Implemented Interfaces:

IConfidentialClientApplication

public class ConfidentialClientApplication
extends Object
implements IConfidentialClientApplication

Class to be used to acquire tokens for confidential client applications (Web Apps, Web APIs, and daemon applications). For details see IConfidentialClientApplication

Conditionally thread-safe

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	ConfidentialClientApplication.Builder

Field Summary

Fields

Modifier and Type	Field and Description
protected com.microsoft.aad.msal4j.Authority	authenticationAuthority
static String	DEFAULT_AUTHORITY
protected org.slf4j.Logger	log
protected TokenCache	tokenCache

Method Summary

Modifier and Type	Method and Description
com.microsoft.aad.msal4j.AadInstanceDiscoveryResponse	aadAadInstanceDiscoveryResponse()
CompletableFuture<IAuthenticationResult>	acquireToken(AuthorizationCodeParameters parameters) Acquires security token from the authority using an authorization code previously received.
CompletableFuture<IAuthenticationResult>	acquireToken(AuthorizationCodeParameters parameters) Acquires security token from the authority using an authorization code previously received.
CompletableFuture<IAuthenticationResult>	acquireToken(ClientCredentialParameters parameters) Acquires tokens from the authority configured in the application, for the confidential client itself.
CompletableFuture<IAuthenticationResult>	acquireToken(OnBehalfOfParameters parameters) Acquires an access token for this application (usually a Web API) from the authority configured in the application, in order to access another downstream protected Web API on behalf of a user using the On-Behalf-Of flow.
CompletableFuture<IAuthenticationResult>	acquireToken(RefreshTokenParameters parameters) Acquires a security token from the authority using a refresh token previously received.
CompletableFuture<IAuthenticationResult>	acquireToken(RefreshTokenParameters parameters) Acquires a security token from the authority using a refresh token previously received.
CompletableFuture<IAuthenticationResult>	acquireTokenSilently(SilentParameters parameters) Returns tokens from cache if present and not expired or acquires new tokens from the authority by using the refresh token present in cache.
CompletableFuture<IAuthenticationResult>	acquireTokenSilently(SilentParameters parameters) Returns tokens from cache if present and not expired or acquires new tokens from the authority by using the refresh token present in cache.
String	applicationName()
String	applicationVersion()
String	authority()
String	authority()
boolean	autoDetectRegion()
String	azureRegion()
static ConfidentialClientApplication.Builder	builder(String clientId, IClientCredential clientCredential) Creates instance of Builder of ConfidentialClientApplication
protected com.nimbusds.oauth2.sdk.auth.ClientAuthentication	clientAuthentication()
String	clientCapabilities()
String	clientId()
String	clientId()
Integer	connectTimeoutForDefaultHttpClient()
String	correlationId()
String	correlationId()
protected static String	enforceTrailingSlash(String authority)
CompletableFuture<Set<IAccount>>	getAccounts() Returns accounts in the cache
CompletableFuture<Set<IAccount>>	getAccounts() Returns accounts in the cache
URL	getAuthorizationRequestUrl(AuthorizationRequestUrlParameters parameters) Computes the URL of the authorization request letting the user sign-in and consent to the application.
URL	getAuthorizationRequestUrl(AuthorizationRequestUrlParameters parameters) Computes the URL of the authorization request letting the user sign-in and consent to the application.
boolean	logPii()
boolean	logPii()
Proxy	proxy()
Proxy	proxy()
Integer	readTimeoutForDefaultHttpClient()
CompletableFuture	removeAccount(IAccount account) Removes IAccount from the cache
CompletableFuture<Void>	removeAccount(IAccount account) Removes IAccount from the cache
boolean	sendX5c()
SSLSocketFactory	sslSocketFactory()
SSLSocketFactory	sslSocketFactory()
ITokenCache	tokenCache()
TokenCache	tokenCache()
boolean	validateAuthority()
boolean	validateAuthority()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_AUTHORITY

public static final String DEFAULT_AUTHORITY

See Also:

Constant Field Values

log

protected org.slf4j.Logger log

authenticationAuthority

protected com.microsoft.aad.msal4j.Authority authenticationAuthority

tokenCache

protected TokenCache tokenCache

Method Detail

acquireToken

public CompletableFuture<IAuthenticationResult> acquireToken(ClientCredentialParameters parameters)

Description copied from interface: IConfidentialClientApplication

Acquires tokens from the authority configured in the application, for the confidential client itself. It will by default attempt to get tokens from the token cache. If no tokens are found, it falls back to acquiring them via client credentials from the STS

Specified by:

acquireToken in interface IConfidentialClientApplication

Parameters:

parameters - instance of ClientCredentialParameters

Returns:

CompletableFuture containing an IAuthenticationResult

acquireToken

public CompletableFuture<IAuthenticationResult> acquireToken(OnBehalfOfParameters parameters)

Description copied from interface: IConfidentialClientApplication

Acquires an access token for this application (usually a Web API) from the authority configured in the application, in order to access another downstream protected Web API on behalf of a user using the On-Behalf-Of flow. It will by default attempt to get tokens from the token cache. This confidential client application was itself called with an acces token which is provided in the UserAssertion field of OnBehalfOfParameters. When serializing/deserializing the in-memory token cache to permanent storage, there should be a token cache per incoming access token, where the hash of the incoming access token can be used as the token cache key. Access tokens are usually only valid for a 1 hour period of time, and a new access token in the UserAssertion means there will be a new token cache and new token cache key. To avoid your permanent storage from being filled with expired token caches, an eviction policy should be set. For example, a token cache that is more than a couple of hours old can be deemed expired and therefore evicted from the serialized token cache.

Specified by:

acquireToken in interface IConfidentialClientApplication

Parameters:

parameters - instance of OnBehalfOfParameters

Returns:

CompletableFuture containing an IAuthenticationResult

clientAuthentication

protected com.nimbusds.oauth2.sdk.auth.ClientAuthentication clientAuthentication()

builder

public static ConfidentialClientApplication.Builder builder(String clientId,
                                                            IClientCredential clientCredential)

Creates instance of Builder of ConfidentialClientApplication

Parameters:

clientId - Client ID (Application ID) of the application as registered in the application registration portal (portal.azure.com)

clientCredential - The client credential to use for token acquisition.

Returns:

instance of Builder of ConfidentialClientApplication

sendX5c

public boolean sendX5c()

Specified by:

sendX5c in interface IConfidentialClientApplication

Returns:

a boolean value which determines whether x5c claim (public key of the certificate) will be sent to the STS.

clientId

public String clientId()

Returns:

Client ID (Application ID) of the application as registered in the application registration portal (portal.azure.com) and as passed in the constructor of the application

authority

public String authority()

Returns:

URL of the authority, or security token service (STS) from which MSAL will acquire security tokens. Default value is IClientApplicationBase.DEFAULT_AUTHORITY

validateAuthority

public boolean validateAuthority()

Returns:

a boolean value which determines whether the authority needs to be verified against a list of known authorities.

correlationId

public String correlationId()

Returns:

Correlation Id which is used for diagnostics purposes, is attached to token service requests Default value is random UUID

logPii

public boolean logPii()

Returns:

a boolean value which determines whether Pii (personally identifiable information) will be logged in

proxy

public Proxy proxy()

Returns:

proxy used by the application for all network communication.

sslSocketFactory

public SSLSocketFactory sslSocketFactory()

Returns:

SSLSocketFactory used by the application for all network communication.

tokenCache

public ITokenCache tokenCache()

Returns:

Cache holding access tokens, refresh tokens, id tokens. It is maintained and used silently if needed when calling IClientApplicationBase.acquireTokenSilently(SilentParameters)

getAuthorizationRequestUrl

public URL getAuthorizationRequestUrl(AuthorizationRequestUrlParameters parameters)

Computes the URL of the authorization request letting the user sign-in and consent to the application. The URL target the /authorize endpoint of the authority configured in the application object. Once the user successfully authenticates, the response should contain an authorization code, which can then be passed in toAbstractClientApplicationBase.acquireToken(AuthorizationCodeParameters) to be exchanged for a token

Parameters:

parameters - AuthorizationRequestUrlParameters

Returns:

url of the authorization endpoint where the user can sign-in and consent to the application.

acquireToken

public CompletableFuture<IAuthenticationResult> acquireToken(AuthorizationCodeParameters parameters)

Acquires security token from the authority using an authorization code previously received.

Parameters:

parameters - AuthorizationCodeParameters

Returns:

A CompletableFuture object representing the IAuthenticationResult of the call.

acquireToken

public CompletableFuture<IAuthenticationResult> acquireToken(RefreshTokenParameters parameters)

Acquires a security token from the authority using a refresh token previously received. Can be used in migration to MSAL from ADAL, and in various integration scenarios where you have a refresh token available.

Parameters:

parameters - RefreshTokenParameters

Returns:

A CompletableFuture object representing the IAuthenticationResult of the call.

acquireTokenSilently

public CompletableFuture<IAuthenticationResult> acquireTokenSilently(SilentParameters parameters)
                                                              throws MalformedURLException

Returns tokens from cache if present and not expired or acquires new tokens from the authority by using the refresh token present in cache.

Parameters:

parameters - instance of SilentParameters

Returns:

A CompletableFuture object representing the IAuthenticationResult of the call.

Throws:

MalformedURLException - if authorityUrl from parameters is malformed URL

getAccounts

public CompletableFuture<Set<IAccount>> getAccounts()

Returns accounts in the cache

Returns:

set of unique accounts from cache which can be used for silent acquire token call

removeAccount

public CompletableFuture removeAccount(IAccount account)

Removes IAccount from the cache

Parameters:

account - instance of Account to be removed from cache

Returns:

CompletableFuture object representing account removal task.

acquireToken

public CompletableFuture<IAuthenticationResult> acquireToken(AuthorizationCodeParameters parameters)

Acquires security token from the authority using an authorization code previously received.

Parameters:

parameters - AuthorizationCodeParameters

Returns:

A CompletableFuture object representing the IAuthenticationResult of the call.

acquireToken

public CompletableFuture<IAuthenticationResult> acquireToken(RefreshTokenParameters parameters)

Acquires a security token from the authority using a refresh token previously received. Can be used in migration to MSAL from ADAL, and in various integration scenarios where you have a refresh token available.

Parameters:

parameters - RefreshTokenParameters

Returns:

A CompletableFuture object representing the IAuthenticationResult of the call.

acquireTokenSilently

public CompletableFuture<IAuthenticationResult> acquireTokenSilently(SilentParameters parameters)
                                                              throws MalformedURLException

Returns tokens from cache if present and not expired or acquires new tokens from the authority by using the refresh token present in cache.

Parameters:

parameters - instance of SilentParameters

Returns:

A CompletableFuture object representing the IAuthenticationResult of the call.

Throws:

MalformedURLException - if authorityUrl from parameters is malformed URL

getAccounts

public CompletableFuture<Set<IAccount>> getAccounts()

Returns accounts in the cache

Returns:

set of unique accounts from cache which can be used for silent acquire token call

removeAccount

public CompletableFuture<Void> removeAccount(IAccount account)

Removes IAccount from the cache

Parameters:

account - instance of Account to be removed from cache

Returns:

CompletableFuture object representing account removal task.

getAuthorizationRequestUrl

public URL getAuthorizationRequestUrl(AuthorizationRequestUrlParameters parameters)

Computes the URL of the authorization request letting the user sign-in and consent to the application. The URL target the /authorize endpoint of the authority configured in the application object. Once the user successfully authenticates, the response should contain an authorization code, which can then be passed in toAbstractClientApplicationBase.acquireToken(AuthorizationCodeParameters) to be exchanged for a token

Parameters:

parameters - AuthorizationRequestUrlParameters

Returns:

url of the authorization endpoint where the user can sign-in and consent to the application.

enforceTrailingSlash

protected static String enforceTrailingSlash(String authority)

clientId

public String clientId()

Returns:

Client ID (Application ID) of the application as registered in the application registration portal (portal.azure.com) and as passed in the constructor of the application

authority

public String authority()

Returns:

URL of the authority, or security token service (STS) from which MSAL will acquire security tokens. Default value is IClientApplicationBase.DEFAULT_AUTHORITY

validateAuthority

public boolean validateAuthority()

Returns:

a boolean value which determines whether the authority needs to be verified against a list of known authorities.

correlationId

public String correlationId()

Returns:

Correlation Id which is used for diagnostics purposes, is attached to token service requests Default value is random UUID

logPii

public boolean logPii()

Returns:

a boolean value which determines whether Pii (personally identifiable information) will be logged in

proxy

public Proxy proxy()

Returns:

proxy used by the application for all network communication.

sslSocketFactory

public SSLSocketFactory sslSocketFactory()

Returns:

SSLSocketFactory used by the application for all network communication.

connectTimeoutForDefaultHttpClient

public Integer connectTimeoutForDefaultHttpClient()

readTimeoutForDefaultHttpClient

public Integer readTimeoutForDefaultHttpClient()

tokenCache

public TokenCache tokenCache()

Returns:

Cache holding access tokens, refresh tokens, id tokens. It is maintained and used silently if needed when calling IClientApplicationBase.acquireTokenSilently(SilentParameters)

applicationName

public String applicationName()

applicationVersion

public String applicationVersion()

aadAadInstanceDiscoveryResponse

public com.microsoft.aad.msal4j.AadInstanceDiscoveryResponse aadAadInstanceDiscoveryResponse()

clientCapabilities

public String clientCapabilities()

autoDetectRegion

public boolean autoDetectRegion()

azureRegion

public String azureRegion()