-
Notifications
You must be signed in to change notification settings - Fork 328
MSAL.NET 2.x to MSAL.NET 3.x
Peter edited this page Oct 19, 2023
·
20 revisions
See Microsoft Authentication Library for .NET for updated documentation.
This page explains how to change the code to move from the MSAL 2.x to MSAL 3.x
IEnumerable<string> scopes = new string[]{"user.read"};
IAccount account;
string authority;
bool forceRefresh = false;Used to acquire an access token from the user cache, and refresh it if needed
| Instead of | use |
app.AcquireTokenSilentAsync(scopes,
account) |
app.AcquireTokenSilent(scopes,
account)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenSilentAsync(scopes,
account,
authority,
forceRefresh) |
app.AcquireTokenSilent(scopes, account)
.WithAuthority(authority)
.WithForceRefresh(forceRefresh)
.ExecuteAsync()
.ConfigureAwait(false); |
Instead of calling the constructor of PublicClientApplication directly, use the PublicClientApplicationBuilder.Create() or the PublicClientApplicationBuilder.CreateWithOptions() methods. The reference documentation page for PublicClientApplicationBuilder shows all the options that you can use.
string clientId;
PublicClientApplicationOptions options;| Instead of | use |
app=new PublicClientApplication(clientId); |
app=PublicClientApplicationBuilder
.Create(clientId)
.Build(); |
app=new PublicClientApplication(clientId,
authority); |
app=PublicClientApplicationBuilder
.Create(clientId)
.WithAuthority(authority)
.Build();or options = new PublicClientApplicationOptions()
{
ClientId = client,
Authority = authority
};
app=PublicClientApplicationBuilder
.CreateWithOptions(options )
.Build(); |
MSAL.NET 2.x had twelve overrides of AcquireTokenAsync
| Instead of | use |
app.AcquireTokenAsync(scopes) |
app=AcquireTokenInteractive(scopes, null)
.ExecuteAsync().
.ConfigureAwait(false); |
app.AcquireTokenAsync(scopes, loginHint) |
app=AcquireTokenInteractive(scopes, null)
.WithLoginHint(loginHint)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenAsync(scopes, account) |
app=AcquireTokenInteractive(scopes, null)
.WithAccount(account)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenAsync(scopes,
loginHint,
uiBehavior,
extraQueryParameters) |
app=AcquireTokenInteractive(scopes, null)
.WithLoginHint(account)
.WithPrompt(prompt)
.WithExtraQueryParameters(extraQueryParameters)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenAsync(scopes,
loginHint,
uiBehavior,
extraQueryParameters,
extraScopesToConsent,
authority) |
app=AcquireTokenInteractive(scopes, null)
.WithLoginHint(loginHint)
.WithPrompt(prompt)
.WithExtraQueryParameters(extraQueryParameters)
.WithExtraSCopesToConsent(extraScopesToConsent)
.WithAuthority(authority)
.ExecuteAsync()
.ConfigureAwait(false);but of course you only need to specify the parameters that you need |
app.AcquireTokenAsync(scopes,
account,
uiBehavior,
extraQueryParameters,
extraScopesToConsent,
authority) |
app=AcquireTokenInteractive(scopes, null)
.WithAccount(account)
.WithPrompt(prompt)
.WithExtraQueryParameters(extraQueryParameters)
.WithExtraSCopesToConsent(extraScopesToConsent)
.WithAuthority(authority)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenAsync(scopes,
uiParent) |
app=AcquireTokenInteractive(scopes,
parentObject)
.WithUseEmbeddedWebView(useEmbeddedWebView)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenAsync(scopes,
loginHint,
uiParent) |
app=AcquireTokenInteractive(scopes,
parentObject)
.WithUseEmbeddedWebView(useEmbeddedWebView)
.WithLoginHint(loginHint)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenAsync(scopes,
account,
uiParent) |
app=AcquireTokenInteractive(scopes,
parentObject)
.WithUseEmbeddedWebView(useEmbeddedWebView)
.WithAccount(account)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenAsync(scopes,
loginHint,
uiBehavior,
extraQueryParameters,
uiParent) |
app=AcquireTokenInteractive(scopes,
parentObject)
.WithUseEmbeddedWebView(useEmbeddedWebView)
.WithLoginHint(account)
.WithPrompt(prompt)
.WithExtraQueryParameters(extraQueryParameters)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenAsync(scopes,
loginHint,
uiBehavior,
extraQueryParameters,
extraScopesToConsent,
authority,
uiParent) |
app=AcquireTokenInteractive(scopes,
parentObject)
.WithUseEmbeddedWebView(useEmbeddedWebView)
.WithLoginHint(loginHint)
.WithPrompt(prompt)
.WithExtraQueryParameters(extraQueryParameters)
.WithExtraSCopesToConsent(extraScopesToConsent)
.WithAuthority(authority)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenAsync(scopes,
account,
uiBehavior,
extraQueryParameters,
extraScopesToConsent,
authority,
uiParent) |
app=AcquireTokenInteractive(scopes,
parentObject)
.WithUseEmbeddedWebView(useEmbeddedWebView)
.WithAccount(account)
.WithPrompt(prompt)
.WithExtraQueryParameters(extraQueryParameters)
.WithExtraSCopesToConsent(extraScopesToConsent)
.WithAuthority(authority)
.ExecuteAsync()
.ConfigureAwait(false); |
For the list of all the .With operations applicable on AcquireTokenInteractive see AcquireTokenInteractiveParameterBuilder
| Instead of | use |
app.AcquireTokenByUsernamePasswordAsync(scopes,
username,
securePassword) |
app.AcquireTokenByUsernamePassword(scopes,
username,
password)
.ExecuteAsync()
.ConfigureAwait(false); |
For the list of all the .With parameters on AcquireTokenByUsernamePassword, see AcquireTokenByUsernamePasswordParameterBuilder
| Instead of | use |
app
.AcquireTokenWithDeviceCodeAsync(scopes,
deviceCodeResultCallback) |
app
.AcquireTokenWithDeviceCode(scopes,
deviceCodeResultCallback)
.ExecuteAsync()
.ConfigureAwait(false); |
app
.AcquireTokenWithDeviceCodeAsync(scopes,
extraQueryParameters
deviceCodeResultCallback) |
app
.AcquireTokenWithDeviceCode(scopes,
deviceCodeResultCallback)
.WithExtraQueryParameters(extraQueryParameters)
.ExecuteAsync()
.ConfigureAwait(false); |
app
.AcquireTokenWithDeviceCodeAsync(scopes,
extraQueryParameters
deviceCodeResultCallback,
CancellationToken) |
app
.AcquireTokenWithDeviceCode(scopes,
deviceCodeResultCallback)
.WithExtraQueryParameters(extraQueryParameters)
.ExecuteAsync(CancellationToken)
.ConfigureAwait(false); |
For the list of all the .With parameters on AcquireTokenWithDeviceCode, see AcquireTokenWithDeviceCodeParameterBuilder
| Instead of | use |
app
.AcquireTokenByRefreshTokenAsync(scopes,
refreshToken) |
IByRefreshToken brt = app as IByRefreshToken;
brt
.AcquireTokenByRefreshToken(scopes,
refreshToken)
.ExecuteAsync()
.ConfigureAwait(false); |
Similar to the PublicClientApplication, use the ConfidentialClientApplicationBuilder.Create() or the ConfidentialClientApplicationBuilder.CreateWithOptions() methods to construct the ConfidentialClientApplication. The reference documentation page for ConfidentialClientApplicationBuilder shows all the options that you can use.
string clientId;
ConfidentialClientApplicationOptions options;| Instead of | use |
app=new ConfidentialClientApplication(clientId); |
app=ConfidentialClientApplicationBuilder
.Create(clientId)
.Build(); |
app=new ConfidentialClientApplication(clientId,
authority); |
app=ConfidentialClientApplicationBuilder
.Create(clientId)
.WithAuthority(authority)
.Build();or options = new ConfidentialClientApplicationOptions()
{
ClientId = client,
Authority = authority
};
app=ConfidentialClientApplicationBuilder
.CreateWithOptions(options )
.Build(); |
MSAL.NET 2.x had twelve overrides of AcquireTokenForClientAsync
| Instead of | use |
app.AcquireTokenForClientAsync(scopes) |
app=AcquireTokenForClientAsync(scopes, null)
.ExecuteAsync().
.ConfigureAwait(false); |
app.AcquireTokenForClientWithCertificateAsync(scopes) |
app=AcquireTokenForClientAsync(scopes)
.ExecuteAsync()
.ConfigureAwait(false); |
| Instead of | use |
app.AcquireTokenByAuthorizationCodeAsync(authorizationCode, scopes) |
app=AcquireTokenByAuthorizationCodeAsync(scopes, null)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenByAuthorizationCodeAsync(authorizationCode, scopes, authority) |
app=AcquireTokenByAuthorizationCodeAsync(scopes, null)
.WithAuthority(authority)
.ExecuteAsync()
.ConfigureAwait(false); |
| Instead of | use |
app.AcquireTokenOnBehalfOfAsync(scopes, userAssertion) |
app=AcquireTokenOnBehalfOfAsync(scopes, userAssertion)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenOnBehalfOfAsync(scopes, userAssertion, authority) |
app=AcquireTokenOnBehalfOfAsync(scopes, userAssertion)
.WithAuthority(authority)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenOnBehalfOfWithCertificateAsync(scopes, userAssertion) |
app=AcquireTokenOnBehalfOfAsync(scopes, userAssertion)
.ExecuteAsync()
.ConfigureAwait(false); |
app.AcquireTokenOnBehalfOfWithCertificateAsync(scopes, userAssertion, authority) |
app=AcquireTokenOnBehalfOfAsync(scopes, userAssertion)
.ExecuteAsync()
.ConfigureAwait(false); |
- Home
- Why use MSAL.NET
- Is MSAL.NET right for me
- Scenarios
- Register your app with AAD
- Client applications
- Acquiring tokens
- MSAL samples
- Known Issues
- AcquireTokenInteractive
- WAM - the Windows broker
- .NET Core
- Xamarin Docs
- UWP
- Custom Browser
- Applying an AAD B2C policy
- Integrated Windows Authentication for domain or AAD joined machines
- Username / Password
- Device Code Flow for devices without a Web browser
- ADFS support
- Acquiring a token for the app
- Acquiring a token on behalf of a user in Web APIs
- Acquiring a token by authorization code in Web Apps
- High Availability
- Token cache serialization
- Logging
- Exceptions in MSAL
- Provide your own Httpclient and proxy
- Extensibility Points
- Clearing the cache
- Client Credentials Multi-Tenant guidance
- Performance perspectives
- Differences between ADAL.NET and MSAL.NET Apps
- PowerShell support
- Testing apps that use MSAL
- Experimental Features
- Proof of Possession (PoP) tokens
- Using in Azure functions
- Extract info from WWW-Authenticate headers
- SPA Authorization Code