PublicClientApplication class
The PublicClientApplication class is the object exposed by the library to perform authentication and authorization functions in Single Page Applications to obtain JWT tokens as described in the OAuth 2.0 Authorization Code Flow with PKCE specification.
Constructors
| Public |
Methods
| acquire |
This function redeems an authorization code (passed as code) from the eSTS token endpoint. This authorization code should be acquired server-side using a confidential client to acquire a spa_code. This API is not indended for normal authorization code acquisition and redemption. Redemption of this authorization code will not require PKCE, as it was acquired by a confidential client. |
| acquire |
Use when you want to obtain an access_token for your API via opening a popup window in the user's browser |
| acquire |
Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute. IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. |
| acquire |
Silently acquire an access token for a given set of scopes. Returns currently processing promise if parallel requests are made. |
| add |
Adds event callbacks to array |
| add |
Registers a callback to receive performance events. |
| clear |
Clears tokens and account from the browser cache. |
| create |
Creates StandardController and passes it to the PublicClientApplication |
| disable |
Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window |
| enable |
Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window |
| get |
Returns the first account found in the cache that matches the account filter passed in. |
| get |
Returns the signed in account matching homeAccountId. (the account object is created at the time of successful login) or null when no matching account is found |
| get |
Returns the signed in account matching localAccountId. (the account object is created at the time of successful login) or null when no matching account is found |
| get |
Returns the signed in account matching username. (the account object is created at the time of successful login) or null when no matching account is found. This API is provided for convenience but getAccountById should be used for best reliability |
| get |
Gets the currently active account |
| get |
Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned. |
| get |
Returns the logger instance |
| get |
Gets the token cache for the application. |
| handle |
Event handler function which allows users to fire events after the PublicClientApplication object has loaded during redirect flows. This should be invoked on all page loads involved in redirect auth flows. |
| hydrate |
Hydrates cache with the tokens and account in the AuthenticationResult object |
| initialize(Initialize |
Initializer function to perform async startup tasks such as connecting to WAM extension |
| initialize |
Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc. |
| login |
Use when initiating the login process via opening a popup window in the user's browser |
| login |
Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute. IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function. |
| logout(End |
Deprecated logout function. Use logoutRedirect or logoutPopup instead |
| logout |
Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server |
| logout |
Use to log out the current user, and redirect the user to the postLogoutRedirectUri.
Default behaviour is to redirect the user to |
| remove |
Removes callback with provided id from callback array |
| remove |
Removes a callback registered with addPerformanceCallback. |
| set |
Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account. |
| set |
Replaces the default logger set in configurations with new Logger with new configurations |
| set |
Sets navigation client |
| sso |
This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work:
In these cases, the request must be done inside a popup or full frame redirect. For the cases where interaction is required, you cannot send a request with prompt=none. If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as you session on the server still exists. |
Constructor Details
PublicClientApplication(Configuration, IController)
new PublicClientApplication(configuration: Configuration, controller?: IController)Parameters
- configuration
- Configuration
Object for the MSAL PublicClientApplication instance
- controller
- IController
Method Details
acquireTokenByCode(AuthorizationCodeRequest)
This function redeems an authorization code (passed as code) from the eSTS token endpoint. This authorization code should be acquired server-side using a confidential client to acquire a spa_code. This API is not indended for normal authorization code acquisition and redemption.
Redemption of this authorization code will not require PKCE, as it was acquired by a confidential client.
function acquireTokenByCode(request: AuthorizationCodeRequest): Promise<AuthenticationResult>Parameters
Returns
Promise<AuthenticationResult>
A promise that is fulfilled when this function has completed, or rejected if an error was raised.
acquireTokenPopup(PopupRequest)
Use when you want to obtain an access_token for your API via opening a popup window in the user's browser
function acquireTokenPopup(request: PopupRequest): Promise<AuthenticationResult>Parameters
- request
- PopupRequest
Returns
Promise<AuthenticationResult>
A promise that is fulfilled when this function has completed, or rejected if an error was raised.
acquireTokenRedirect(RedirectRequest)
Use when you want to obtain an access_token for your API by redirecting the user's browser window to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute.
IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function.
function acquireTokenRedirect(request: RedirectRequest): Promise<void>Parameters
- request
- RedirectRequest
Returns
Promise<void>
acquireTokenSilent(SilentRequest)
Silently acquire an access token for a given set of scopes. Returns currently processing promise if parallel requests are made.
function acquireTokenSilent(silentRequest: SilentRequest): Promise<AuthenticationResult>Parameters
- silentRequest
- SilentRequest
Returns
Promise<AuthenticationResult>
- a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the AuthenticationResult object
addEventCallback(EventCallbackFunction, EventType[])
Adds event callbacks to array
function addEventCallback(callback: EventCallbackFunction, eventTypes?: EventType[]): null | stringParameters
- callback
- EventCallbackFunction
- eventTypes
-
EventType[]
Returns
null | string
addPerformanceCallback(PerformanceCallbackFunction)
Registers a callback to receive performance events.
function addPerformanceCallback(callback: PerformanceCallbackFunction): stringParameters
- callback
- PerformanceCallbackFunction
Returns
string
clearCache(ClearCacheRequest)
Clears tokens and account from the browser cache.
function clearCache(logoutRequest?: ClearCacheRequest): Promise<void>Parameters
- logoutRequest
- ClearCacheRequest
Returns
Promise<void>
createPublicClientApplication(Configuration)
Creates StandardController and passes it to the PublicClientApplication
static function createPublicClientApplication(configuration: Configuration): Promise<IPublicClientApplication>Parameters
- configuration
- Configuration
{Configuration}
Returns
Promise<IPublicClientApplication>
disableAccountStorageEvents()
Removes event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window
function disableAccountStorageEvents()
enableAccountStorageEvents()
Adds event listener that emits an event when a user account is added or removed from localstorage in a different browser tab or window
function enableAccountStorageEvents()
getAccount(AccountFilter)
Returns the first account found in the cache that matches the account filter passed in.
function getAccount(accountFilter: AccountFilter): null | AccountInfoParameters
- accountFilter
- @azure/msal-common.AccountFilter
Returns
null | AccountInfo
The first account found in the cache matching the provided filter or null if no account could be found.
getAccountByHomeId(string)
Warning
This API is now deprecated.
- Use getAccount instead
Returns the signed in account matching homeAccountId. (the account object is created at the time of successful login) or null when no matching account is found
function getAccountByHomeId(homeAccountId: string): null | AccountInfoParameters
- homeAccountId
-
string
Returns
null | AccountInfo
The account object stored in MSAL
getAccountByLocalId(string)
Warning
This API is now deprecated.
- Use getAccount instead
Returns the signed in account matching localAccountId. (the account object is created at the time of successful login) or null when no matching account is found
function getAccountByLocalId(localId: string): null | AccountInfoParameters
- localId
-
string
Returns
null | AccountInfo
The account object stored in MSAL
getAccountByUsername(string)
Warning
This API is now deprecated.
- Use getAccount instead
Returns the signed in account matching username. (the account object is created at the time of successful login) or null when no matching account is found. This API is provided for convenience but getAccountById should be used for best reliability
function getAccountByUsername(userName: string): null | AccountInfoParameters
- userName
-
string
Returns
null | AccountInfo
The account object stored in MSAL
getActiveAccount()
Gets the currently active account
function getActiveAccount(): null | AccountInfoReturns
null | AccountInfo
getAllAccounts(AccountFilter)
Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned.
function getAllAccounts(accountFilter?: AccountFilter): AccountInfo[]Parameters
- accountFilter
- @azure/msal-common.AccountFilter
(Optional) filter to narrow down the accounts returned
Returns
Array of AccountInfo objects in cache
getLogger()
getTokenCache()
handleRedirectPromise(string)
Event handler function which allows users to fire events after the PublicClientApplication object has loaded during redirect flows. This should be invoked on all page loads involved in redirect auth flows.
function handleRedirectPromise(hash?: string): Promise<null | AuthenticationResult>Parameters
- hash
-
string
Hash to process. Defaults to the current value of window.location.hash. Only needs to be provided explicitly if the response to be handled is not contained in the current value.
Returns
Promise<null | AuthenticationResult>
Token response or null. If the return value is null, then no auth redirect was detected.
hydrateCache(AuthenticationResult, PopupRequest | RedirectRequest | SilentRequest | Partial<Omit<CommonAuthorizationUrlRequest, "responseMode" | "earJwk" | "codeChallenge" | "codeChallengeMethod" | "requestedClaimsHash" | "platformBroker">>)
Hydrates cache with the tokens and account in the AuthenticationResult object
function hydrateCache(result: AuthenticationResult, request: PopupRequest | RedirectRequest | SilentRequest | Partial<Omit<CommonAuthorizationUrlRequest, "responseMode" | "earJwk" | "codeChallenge" | "codeChallengeMethod" | "requestedClaimsHash" | "platformBroker">>): Promise<void>Parameters
- result
- AuthenticationResult
- request
-
PopupRequest | RedirectRequest | SilentRequest | Partial<Omit<@azure/msal-common.CommonAuthorizationUrlRequest, "responseMode" | "earJwk" | "codeChallenge" | "codeChallengeMethod" | "requestedClaimsHash" | "platformBroker">>
The request object that was used to obtain the AuthenticationResult
Returns
Promise<void>
initialize(InitializeApplicationRequest)
Initializer function to perform async startup tasks such as connecting to WAM extension
function initialize(request?: InitializeApplicationRequest): Promise<void>Parameters
- request
- InitializeApplicationRequest
{?InitializeApplicationRequest}
Returns
Promise<void>
initializeWrapperLibrary(WrapperSKU, string)
Called by wrapper libraries (Angular & React) to set SKU and Version passed down to telemetry, logger, etc.
function initializeWrapperLibrary(sku: WrapperSKU, version: string)Parameters
- sku
-
WrapperSKU
- version
-
string
loginPopup(PopupRequest)
Use when initiating the login process via opening a popup window in the user's browser
function loginPopup(request?: PopupRequest): Promise<AuthenticationResult>Parameters
- request
- PopupRequest
Returns
Promise<AuthenticationResult>
A promise that is fulfilled when this function has completed, or rejected if an error was raised.
loginRedirect(RedirectRequest)
Use when initiating the login process by redirecting the user's browser to the authorization endpoint. This function redirects the page, so any code that follows this function will not execute.
IMPORTANT: It is NOT recommended to have code that is dependent on the resolution of the Promise. This function will navigate away from the current browser window. It currently returns a Promise in order to reflect the asynchronous nature of the code running in this function.
function loginRedirect(request?: RedirectRequest): Promise<void>Parameters
- request
- RedirectRequest
Returns
Promise<void>
logout(EndSessionRequest)
Warning
This API is now deprecated.
Deprecated logout function. Use logoutRedirect or logoutPopup instead
function logout(logoutRequest?: EndSessionRequest): Promise<void>Parameters
- logoutRequest
- EndSessionRequest
Returns
Promise<void>
logoutPopup(EndSessionPopupRequest)
Clears local cache for the current user then opens a popup window prompting the user to sign-out of the server
function logoutPopup(logoutRequest?: EndSessionPopupRequest): Promise<void>Parameters
- logoutRequest
- EndSessionPopupRequest
Returns
Promise<void>
logoutRedirect(EndSessionRequest)
Use to log out the current user, and redirect the user to the postLogoutRedirectUri.
Default behaviour is to redirect the user to window.location.href.
function logoutRedirect(logoutRequest?: EndSessionRequest): Promise<void>Parameters
- logoutRequest
- EndSessionRequest
Returns
Promise<void>
removeEventCallback(string)
Removes callback with provided id from callback array
function removeEventCallback(callbackId: string)Parameters
- callbackId
-
string
removePerformanceCallback(string)
Removes a callback registered with addPerformanceCallback.
function removePerformanceCallback(callbackId: string): booleanParameters
- callbackId
-
string
Returns
boolean
setActiveAccount(null | AccountInfo)
Sets the account to use as the active account. If no account is passed to the acquireToken APIs, then MSAL will use this active account.
function setActiveAccount(account: null | AccountInfo)Parameters
- account
-
null | AccountInfo
setLogger(Logger)
Replaces the default logger set in configurations with new Logger with new configurations
function setLogger(logger: Logger)Parameters
- logger
- Logger
Logger instance
setNavigationClient(INavigationClient)
Sets navigation client
function setNavigationClient(navigationClient: INavigationClient)Parameters
- navigationClient
- INavigationClient
ssoSilent(Partial<Omit<CommonAuthorizationUrlRequest, "responseMode" | "earJwk" | "codeChallenge" | "codeChallengeMethod" | "requestedClaimsHash" | "platformBroker">>)
This function uses a hidden iframe to fetch an authorization code from the eSTS. There are cases where this may not work:
- Any browser using a form of Intelligent Tracking Prevention
- If there is not an established session with the service
In these cases, the request must be done inside a popup or full frame redirect.
For the cases where interaction is required, you cannot send a request with prompt=none.
If your refresh token has expired, you can use this function to fetch a new set of tokens silently as long as you session on the server still exists.
function ssoSilent(request: Partial<Omit<CommonAuthorizationUrlRequest, "responseMode" | "earJwk" | "codeChallenge" | "codeChallengeMethod" | "requestedClaimsHash" | "platformBroker">>): Promise<AuthenticationResult>Parameters
- request
-
Partial<Omit<@azure/msal-common.CommonAuthorizationUrlRequest, "responseMode" | "earJwk" | "codeChallenge" | "codeChallengeMethod" | "requestedClaimsHash" | "platformBroker">>
Returns
Promise<AuthenticationResult>
A promise that is fulfilled when this function has completed, or rejected if an error was raised.