azureadwebstacknightly - Microsoft.Identity.Abstractions 5.0.0-preview

Interface for higher level API for confidential client applications.

PM> Install-Package Microsoft.Identity.Abstractions -Version 5.0.0-preview -Source https://www.myget.org/F/azureadwebstacknightly/api/v3/index.json

Copy to clipboard

> nuget.exe install Microsoft.Identity.Abstractions -Version 5.0.0-preview -Source https://www.myget.org/F/azureadwebstacknightly/api/v3/index.json

Copy to clipboard

> dotnet add package Microsoft.Identity.Abstractions --version 5.0.0-preview --source https://www.myget.org/F/azureadwebstacknightly/api/v3/index.json

Copy to clipboard

<PackageReference Include="Microsoft.Identity.Abstractions" Version="5.0.0-preview" />

Copy to clipboard

source https://www.myget.org/F/azureadwebstacknightly/api/v3/index.json

nuget Microsoft.Identity.Abstractions  ~> 5.0.0-preview

Copy to clipboard

> choco install Microsoft.Identity.Abstractions --version 5.0.0-preview --source https://www.myget.org/F/azureadwebstacknightly/api/v2

Copy to clipboard

Import-Module PowerShellGet
Register-PSRepository -Name "azureadwebstacknightly" -SourceLocation "https://www.myget.org/F/azureadwebstacknightly/api/v2"
Install-Module -Name "Microsoft.Identity.Abstractions" -RequiredVersion "5.0.0-preview" -Repository "azureadwebstacknightly" -AllowPreRelease

Copy to clipboard

Microsoft.Identity.Abstractions

Microsoft.Identity.Abstractions contain interfaces and POCO classes used in the Microsoft .NET authentication libraries (Microsoft.IdentityModel, MSAL.NET and Microsoft.Identity.Web). It exposes concepts in three domains:

Application and credentials
Acquire tokens, get authorization headers and call downstream APIs
Extensibility to bring your own credential providers

NuGet Package

Version Lifecycle and Support Matrix

See Long Term Support policy for details.

The following table lists Microsoft.Identity.Abstractions versions currently supported and receiving security fixes.

Major Version	Last Release	Patch release date	Support phase	End of support
9.x		Monthly	Active	Not planned. ✅Supported versions: from 9.0.0 to ⚠️Unsupported versions `< 9.0.0`.

Concepts

Overview of the data classes

the following diagram provides an overview of the data classes exposed by Microsoft.Identity.Abstractions

classDiagram direction TB namespace ApplicationOptions { class CredentialDescription { <<ro>> +string Id <<rw>> +CredentialSource SourceType <<rw>> +string KeyVaultUrl <<rw>> +string CertificateStorePath <<rw>> +string CertificateDistinguishedName <<rw>> +string KeyVaultCertificateName <<rw>> +string CertificateThumbprint <<rw>> +string CertificateDiskPath <<rw>> +string CertificatePassword <<rw>> +string Base64EncodedValue <<rw>> +string ClientSecret <<rw>> +string ManagedIdentityClientId <<rw>> +string SignedAssertionFileDiskPath <<rw>> +AuthorizationHeaderProviderOptions DecryptKeysAuthenticationOptions <<rw>> +string TokenExchangeAuthority <<rw>> +X509Certificate2 Certificate <<rw>> +object CachedValue <<rw>> +bool Skip <<ro>> +CredentialType CredentialType <<rw>> +string TokenExchangeUrl <<rw>> +string CustomSignedAssertionProviderName <<rw>> +Dictionary<string, Object> CustomSignedAssertionProviderData <<rw>> +string Algorithm } class CredentialSource { <<enum>> Certificate = 0 KeyVault = 1 Base64Encoded = 2 Path = 3 StoreWithThumbprint = 4 StoreWithDistinguishedName = 5 ClientSecret = 6 SignedAssertionFromManagedIdentity = 7 SignedAssertionFilePath = 8 SignedAssertionFromVault = 9 AutoDecryptKeys = 10 CustomSignedAssertion = 11 } class CredentialType { <<enum>> Certificate = 0 Secret = 1 SignedAssertion = 2 DecryptKeys = 3 } class IdentityApplicationOptions { <<rw>> +string Authority <<rw>> +string ClientId <<rw>> +bool EnablePiiLogging <<rw>> +IDictionary<string, string> ExtraQueryParameters <<rw>> +IEnumerable<CredentialDescription> ClientCredentials <<rw>> +string Audience <<rw>> +IEnumerable<string> Audiences <<rw>> +IEnumerable<CredentialDescription> TokenDecryptionCredentials <<rw>> +bool AllowWebApiToBeAuthorizedByACL } class MicrosoftEntraApplicationOptions { <<rw>> +string Name <<rw>> +string Instance <<rw>> +string TenantId <<rw>> +string Authority <<rw>> +string AppHomeTenantId <<rw>> +string AzureRegion <<rw>> +IEnumerable<string> ClientCapabilities <<rw>> +bool SendX5C } class MicrosoftIdentityApplicationOptions { <<rw>> +bool WithSpaAuthCode <<rw>> +string Domain <<rw>> +string EditProfilePolicyId <<rw>> +string SignUpSignInPolicyId <<rw>> +string ResetPasswordPolicyId <<ro>> +string DefaultUserFlow <<rw>> +string ResetPasswordPath <<rw>> +string ErrorPath } } namespace TokenAcquisition { class AcquireTokenOptions { +AcquireTokenOptions Clone() <<rw>> +string AuthenticationOptionsName <<rw>> +Nullable<Guid> CorrelationId <<rw>> +IDictionary<string, string> ExtraQueryParameters <<rw>> +IDictionary<string, Object> ExtraParameters <<rw>> +IDictionary<string, string> ExtraHeaderParameters <<rw>> +string Claims <<rw>> +string FmiPath <<rw>> +bool ForceRefresh <<rw>> +string PopPublicKey <<rw>> +string PopClaim <<rw>> +ManagedIdentityOptions ManagedIdentity <<rw>> +string LongRunningWebApiSessionKey <<ro>> +string LongRunningWebApiSessionKeyAuto <<rw>> +string Tenant <<rw>> +string UserFlow } class AcquireTokenResult { <<rw>> +string AccessToken <<rw>> +DateTimeOffset ExpiresOn <<rw>> +string TenantId <<rw>> +string IdToken <<rw>> +IEnumerable<string> Scopes <<rw>> +Guid CorrelationId <<rw>> +string TokenType <<rw>> +IReadOnlyDictionary<string, string> AdditionalResponseParameters <<rw>> +X509Certificate2 BindingCertificate } class ITokenAcquirer { <<interface>> +Task<AcquireTokenResult> GetTokenForUserAsync(IEnumerable<string> scopes, AcquireTokenOptions tokenAcquisitionOptions, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<AcquireTokenResult> GetTokenForAppAsync(string scope, AcquireTokenOptions tokenAcquisitionOptions, CancellationToken cancellationToken) } class ITokenAcquirerFactory { <<interface>> +ITokenAcquirer GetTokenAcquirer(IdentityApplicationOptions identityApplicationOptions) +ITokenAcquirer GetTokenAcquirer(string optionName) } class ManagedIdentityOptions { +ManagedIdentityOptions Clone() <<rw>> +string UserAssignedClientId } } namespace DownstreamApis { class AuthorizationHeaderProviderOptions { +AuthorizationHeaderProviderOptions Clone() #AuthorizationHeaderProviderOptions CloneInternal() +string GetApiUrl() <<rw>> +string BaseUrl <<rw>> +string RelativePath <<rw>> +string HttpMethod <<rw>> +Action<HttpRequestMessage> CustomizeHttpRequestMessage <<rw>> +AcquireTokenOptions AcquireTokenOptions <<rw>> +string ProtocolScheme <<rw>> +bool RequestAppToken } class DownstreamApiOptions { +DownstreamApiOptions Clone() #AuthorizationHeaderProviderOptions CloneInternal() <<rw>> +IEnumerable<string> Scopes <<rw>> +Func<object?,HttpContent?> Serializer <<rw>> +Func<HttpContent?,object?> Deserializer <<rw>> +string AcceptHeader <<rw>> +string ContentType <<rw>> +IDictionary<string, string> ExtraQueryParameters <<rw>> +IDictionary<string, string> ExtraHeaderParameters } class DownstreamApiOptionsReadOnlyHttpMethod { +DownstreamApiOptionsReadOnlyHttpMethod Clone() #AuthorizationHeaderProviderOptions CloneInternal() <<ro>> +string HttpMethod } class IAuthorizationHeaderProvider { <<interface>> } class IAuthorizationHeaderProvider2 { <<interface>> } class IAuthorizationHeaderProvider_TResult_ { <<interface>> } class IDownstreamApi { <<interface>> +CallApiAsync(...) +CallApiForUserAsync(...) +CallApiForAppAsync(...) +Generic overloads() ... } } IdentityApplicationOptions <|-- MicrosoftEntraApplicationOptions : Inherits MicrosoftEntraApplicationOptions <|-- MicrosoftIdentityApplicationOptions : Inherits AuthorizationHeaderProviderOptions <|-- DownstreamApiOptions : Inherits DownstreamApiOptions <|-- DownstreamApiOptionsReadOnlyHttpMethod : Inherits CredentialDescription *-- "SourceType" CredentialSource : Has CredentialDescription --> "DecryptKeysAuthenticationOptions" AuthorizationHeaderProviderOptions : Has CredentialDescription *-- "CredentialType" CredentialType : Has IdentityApplicationOptions --> "ClientCredentials" CredentialDescription : Has many IdentityApplicationOptions --> "TokenDecryptionCredentials" CredentialDescription : Has many AuthorizationHeaderProviderOptions --> "AcquireTokenOptions" AcquireTokenOptions : Has AcquireTokenOptions --> "ManagedIdentity" ManagedIdentityOptions : Has ITokenAcquirerFactory --> ITokenAcquirer : produces ITokenAcquirer --> AcquireTokenOptions : parametrized by AcquireTokenOptions --> "ManagedIdentity" ManagedIdentityOptions : Has ITokenAcquirer --> AcquireTokenResult : returns

Note:

for AuthorizationHeaderProviderOptions "Defaults: ProtocolScheme=Bearer, HttpMethod=Get"
for DownstreamApiOptions "Defaults: AcceptHeader=application/json, ContentType=application/json
for IdentityApplicationOptions "Effective audiences = Audience ∪ Audiences"

Application options and credentials

The application options are typically the options that you find in configuration files like the appsettings.json file. They describe the authentication aspects of your application. The library offers two layer. A standard layer, and a Microsoft Identity platform specialization.

classDiagram class CredentialDescription { <<ro>> +string Id <<rw>> +CredentialSource SourceType <<rw>> +string KeyVaultUrl <<rw>> +string CertificateStorePath <<rw>> +string CertificateDistinguishedName <<rw>> +string KeyVaultCertificateName <<rw>> +string CertificateThumbprint <<rw>> +string CertificateDiskPath <<rw>> +string CertificatePassword <<rw>> +string Base64EncodedValue <<rw>> +string ClientSecret <<rw>> +string ManagedIdentityClientId <<rw>> +string SignedAssertionFileDiskPath <<rw>> +AuthorizationHeaderProviderOptions DecryptKeysAuthenticationOptions <<rw>> +string TokenExchangeAuthority <<rw>> +X509Certificate2 Certificate <<rw>> +Object CachedValue <<rw>> +bool Skip <<ro>> +CredentialType CredentialType <<rw>> +string TokenExchangeUrl <<rw>> +string CustomSignedAssertionProviderName <<rw>> +Dictionary<string, Object> CustomSignedAssertionProviderData <<rw>> +string Algorithm } class CredentialSource { <<enum>> Certificate = 0 KeyVault = 1 Base64Encoded = 2 Path = 3 StoreWithThumbprint = 4 StoreWithDistinguishedName = 5 ClientSecret = 6 SignedAssertionFromManagedIdentity = 7 SignedAssertionFilePath = 8 SignedAssertionFromVault = 9 AutoDecryptKeys = 10 CustomSignedAssertion = 11 } class CredentialType { <<enum>> Certificate = 0 Secret = 1 SignedAssertion = 2 DecryptKeys = 3 } class IdentityApplicationOptions { <<rw>> +string Authority <<rw>> +string ClientId <<rw>> +bool EnablePiiLogging <<rw>> +IDictionary<string, string> ExtraQueryParameters <<rw>> +IEnumerable<CredentialDescription> ClientCredentials <<rw>> +string Audience <<rw>> +IEnumerable<string> Audiences <<rw>> +IEnumerable<CredentialDescription> TokenDecryptionCredentials <<rw>> +bool AllowWebApiToBeAuthorizedByACL } class MicrosoftEntraApplicationOptions { <<rw>> +string Name <<rw>> +string Instance <<rw>> +string TenantId <<rw>> +string Authority <<rw>> +string AppHomeTenantId <<rw>> +string AzureRegion <<rw>> +IEnumerable<string> ClientCapabilities <<rw>> +bool SendX5C } class MicrosoftIdentityApplicationOptions { <<rw>> +bool WithSpaAuthCode <<rw>> +string Domain <<rw>> +string EditProfilePolicyId <<rw>> +string SignUpSignInPolicyId <<rw>> +string ResetPasswordPolicyId <<ro>> +string DefaultUserFlow <<rw>> +string ResetPasswordPath <<rw>> +string ErrorPath } IdentityApplicationOptions <|-- MicrosoftEntraApplicationOptions : Inherits MicrosoftEntraApplicationOptions <|-- MicrosoftIdentityApplicationOptions : Inherits CredentialDescription *-- "SourceType" CredentialSource : Has CredentialDescription --> "DecryptKeysAuthenticationOptions" AuthorizationHeaderProviderOptions : Has note for AuthorizationHeaderProviderOptions "see below" CredentialDescription *-- "CredentialType" CredentialType : Has IdentityApplicationOptions --> "ClientCredentials" CredentialDescription : Has many IdentityApplicationOptions --> "TokenDecryptionCredentials" CredentialDescription : Has many

For details about Credentials, see CredentialDecription

Credential loaders

An important part of the application options are the credentials. In addition to the credential descriptions, the library offers extensibility mechanisms so that implementers can add their own credential source loaders.

classDiagram class CredentialSourceLoaderParameters { <<rw>> +string ClientId <<rw>> +string Authority } class ICredentialsLoader { <<interface>> +Task LoadCredentialsIfNeededAsync(CredentialDescription credentialDescription, CredentialSourceLoaderParameters parameters) +Task<CredentialDescription> LoadFirstValidCredentialsAsync(IEnumerable<CredentialDescription> credentialDescriptions, CredentialSourceLoaderParameters parameters) +Void ResetCredentials(IEnumerable<CredentialDescription> credentialDescriptions) <<ro>> +IDictionary<CredentialSource, ICredentialSourceLoader> CredentialSourceLoaders } class ICredentialSourceLoader { <<interface>> +Task LoadIfNeededAsync(CredentialDescription credentialDescription, CredentialSourceLoaderParameters parameters) <<ro>> +CredentialSource CredentialSource } class ICustomSignedAssertionProvider { <<interface>> <<ro>> +string Name } ICredentialSourceLoader <|-- ICustomSignedAssertionProvider : Inherits ICredentialSourceLoader *-- "CredentialSource" CredentialSource : Has ICredentialsLoader --> ICredentialSourceLoader : Loads ICredentialSourceLoader --> CredentialSourceLoaderParameters : Uses note for CredentialSource "see above"

There can be several application options with different names (for instance in ASP.NET Core these would be different authentication schemes)

Token acquisition

Once configured, an application can acquire tokens from the Identity provider. This is a low level API, in the sense that you would probably prefer to call downstream web APIs without having to be preoccupied about the authentication aspects. If you really want to use the lower level API, you should:

get hold of a ITokenAcquirerFactory. Implementations can provide a TokenAcquirerFactory for instance, with a singleton.
get a ITokenAcquirer (by its name, for instance). This corresponds to the application options
From the token acquirer get a token for on behalf of the user, or the app. If you don't specify any AcquireTokenOptions, the implementation should do its best effort. The AcquireTokenOptions enable you to override the defaults.

classDiagram class AcquireTokenOptions { +AcquireTokenOptions Clone() <<rw>> +string AuthenticationOptionsName <<rw>> +Nullable<Guid> CorrelationId <<rw>> +IDictionary<string, string> ExtraQueryParameters <<rw>> +IDictionary<string, Object> ExtraParameters <<rw>> +IDictionary<string, string> ExtraHeaderParameters <<rw>> +string Claims <<rw>> +string FmiPath <<rw>> +bool ForceRefresh <<rw>> +string PopPublicKey <<rw>> +string PopClaim <<rw>> +ManagedIdentityOptions ManagedIdentity <<rw>> +string LongRunningWebApiSessionKey <<ro>> +string LongRunningWebApiSessionKeyAuto <<rw>> +string Tenant <<rw>> +string UserFlow } class AcquireTokenResult { <<rw>> +string AccessToken <<rw>> +DateTimeOffset ExpiresOn <<rw>> +string TenantId <<rw>> +string IdToken <<rw>> +IEnumerable<string> Scopes <<rw>> +Guid CorrelationId <<rw>> +string TokenType <<rw>> +IReadOnlyDictionary<string, string> AdditionalResponseParameters <<rw>> +X509Certificate2 BindingCertificate } class ITokenAcquirer { <<interface>> +Task<AcquireTokenResult> GetTokenForUserAsync(IEnumerable<string> scopes, AcquireTokenOptions tokenAcquisitionOptions, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<AcquireTokenResult> GetTokenForAppAsync(string scope, AcquireTokenOptions tokenAcquisitionOptions, CancellationToken cancellationToken) } class ITokenAcquirerFactory { <<interface>> +ITokenAcquirer GetTokenAcquirer(IdentityApplicationOptions identityApplicationOptions) +ITokenAcquirer GetTokenAcquirer(string optionName) } class ManagedIdentityOptions { +ManagedIdentityOptions Clone() <<rw>> +string UserAssignedClientId } ITokenAcquirerFactory ..> ITokenAcquirer : produces ITokenAcquirer --> AcquireTokenOptions : parametrized by AcquireTokenOptions --> "ManagedIdentity" ManagedIdentityOptions : Has ITokenAcquirer ..> AcquireTokenResult : returns

Call downstream APIs

It's also possible (and recommended) to use higher level APIs:

IDownstreamApi enables you to call a downstream web API and let the implementation handle the serialization of the input parameter (if any), handling the getting the authorization header and attaching it to the HttpClient, call the downstream web API, handle errors, deserialize the answer and return it as a strongly typed object. You can use customize all these steps, for instance by providing your own serializer / deserializer.
IAuthorizationHeaderProvider is the component that provides the authorization header, delegating to the ITokenAcquirer. Whereas ITokenAcquirer only knows about tokens, IAuthorizationHeaderProvider knows about protocols (for instance bearer, Pop, etc ...)
IAuthorizationHeaderProvider2 extends IAuthorizationHeaderProvider to provide authorization headers along with bound certificate information, useful for scenarios requiring certificate binding details.

classDiagram class AuthorizationHeaderProviderOptions { +AuthorizationHeaderProviderOptions Clone() #AuthorizationHeaderProviderOptions CloneInternal() +string GetApiUrl() <<rw>> +string BaseUrl <<rw>> +string RelativePath <<rw>> +string HttpMethod <<rw>> +Action<HttpRequestMessage> CustomizeHttpRequestMessage <<rw>> +AcquireTokenOptions AcquireTokenOptions <<rw>> +string ProtocolScheme <<rw>> +bool RequestAppToken } class DownstreamApiOptions { +DownstreamApiOptions Clone() #AuthorizationHeaderProviderOptions CloneInternal() <<rw>> +IEnumerable<string> Scopes <<rw>> +Func<Object, HttpContent> Serializer <<rw>> +Func<HttpContent, Object> Deserializer <<rw>> +string AcceptHeader <<rw>> +string ContentType <<rw>> +IDictionary<string, string> ExtraQueryParameters <<rw>> +IDictionary<string, string> ExtraHeaderParameters } class DownstreamApiOptionsReadOnlyHttpMethod { +DownstreamApiOptionsReadOnlyHttpMethod Clone() #AuthorizationHeaderProviderOptions CloneInternal() <<ro>> +string HttpMethod } class IAuthorizationHeaderProvider { <<interface>> +Task<string> CreateAuthorizationHeaderForUserAsync(IEnumerable<string> scopes, AuthorizationHeaderProviderOptions authorizationHeaderProviderOptions, ClaimsPrincipal claimsPrincipal, CancellationToken cancellationToken) +Task<string> CreateAuthorizationHeaderForAppAsync(string scopes, AuthorizationHeaderProviderOptions downstreamApiOptions, CancellationToken cancellationToken) +Task<string> CreateAuthorizationHeaderAsync(IEnumerable<string> scopes, AuthorizationHeaderProviderOptions options, ClaimsPrincipal claimsPrincipal, CancellationToken cancellationToken) } class IAuthorizationHeaderProvider2 { <<interface>> +Task<AuthorizationHeaderInformation> CreateAuthorizationHeaderBoundForUserAsync(IEnumerable<string> scopes, AuthorizationHeaderProviderOptions authorizationHeaderProviderOptions, ClaimsPrincipal claimsPrincipal, CancellationToken cancellationToken) +Task<AuthorizationHeaderInformation> CreateAuthorizationHeaderBoundForAppAsync(string scopes, AuthorizationHeaderProviderOptions downstreamApiOptions, CancellationToken cancellationToken) +Task<AuthorizationHeaderInformation> CreateAuthorizationHeaderBoundAsync(IEnumerable<string> scopes, AuthorizationHeaderProviderOptions options, ClaimsPrincipal claimsPrincipal, CancellationToken cancellationToken) } class IDownstreamApi { <<interface>> +Task<HttpResponseMessage> CallApiAsync(DownstreamApiOptions downstreamApiOptions, ClaimsPrincipal user, HttpContent content, CancellationToken cancellationToken) +Task<HttpResponseMessage> CallApiAsync(string serviceName, Action<DownstreamApiOptions> downstreamApiOptionsOverride, ClaimsPrincipal user, HttpContent content, CancellationToken cancellationToken) +Task<HttpResponseMessage> CallApiForUserAsync(string serviceName, Action<DownstreamApiOptions> downstreamApiOptionsOverride, ClaimsPrincipal user, HttpContent content, CancellationToken cancellationToken) +Task<HttpResponseMessage> CallApiForAppAsync(string serviceName, Action<DownstreamApiOptions> downstreamApiOptionsOverride, HttpContent content, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> CallApiForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptions> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> CallApiForUserAsync(string serviceName, Action<DownstreamApiOptions> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> CallApiForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptions> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> CallApiForAppAsync(string serviceName, Action<DownstreamApiOptions> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> CallApiForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptions> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> CallApiForUserAsync(string serviceName, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptions> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> CallApiForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptions> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> CallApiForAppAsync(string serviceName, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptions> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> GetForUserAsync(string serviceName, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> GetForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> GetForAppAsync(string serviceName, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> GetForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task PostForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> PostForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task PostForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> PostForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task PutForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> PutForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task PutForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> PutForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task PatchForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> PatchForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task PatchForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> PatchForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task DeleteForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> DeleteForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task DeleteForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> DeleteForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> GetForUserAsync(string serviceName, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> GetForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> GetForAppAsync(string serviceName, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> GetForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task PostForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> PostForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task PostForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> PostForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task PutForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> PutForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task PutForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> PutForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task PatchForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> PatchForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task PatchForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> PatchForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task DeleteForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> DeleteForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken) +Task DeleteForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) +Task<IDownstreamApi.TOutput> DeleteForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken) } AuthorizationHeaderProviderOptions <|-- DownstreamApiOptions : Inherits DownstreamApiOptions <|-- DownstreamApiOptionsReadOnlyHttpMethod : Inherits IAuthorizationHeaderProvider <|-- IAuthorizationHeaderProvider2 : Inherits CredentialDescription --> "DecryptKeysAuthenticationOptions" AuthorizationHeaderProviderOptions : Has AuthorizationHeaderProviderOptions --> "AcquireTokenOptions" AcquireTokenOptions : Has AcquireTokenOptions --> "ManagedIdentity" ManagedIdentityOptions : Has IDownstreamApi ..> DownstreamApiOptions : Uses IAuthorizationHeaderProvider ..> AuthorizationHeaderProviderOptions : Uses IAuthorizationHeaderProvider2 ..> AuthorizationHeaderProviderOptions : Uses

Extensibility

Credential loading extensibility points.

classDiagram class CredentialSourceLoaderParameters { +string ClientId +string Authority } class ICredentialSourceLoader { <<interface>> +Task LoadIfNeededAsync(CredentialDescription, CredentialSourceLoaderParameters?) +CredentialSource CredentialSource } class ICustomSignedAssertionProvider { <<interface>> +string Name } class ICredentialsLoader { <<interface>> +IDictionary<CredentialSource, ICredentialSourceLoader> CredentialSourceLoaders +Task LoadCredentialsIfNeededAsync(CredentialDescription, CredentialSourceLoaderParameters?) +Task <CredentialDescription?> LoadFirstValidCredentialsAsync(IEnumerable<CredentialDescription>, CredentialSourceLoaderParameters?) +void ResetCredentials(IEnumerable<CredentialDescription>) } ICredentialSourceLoader <|-- ICustomSignedAssertionProvider : Inherits ICredentialsLoader --> ICredentialSourceLoader : Uses ICredentialSourceLoader --> CredentialSourceLoaderParameters : Uses

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

The release notes are available at https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases and the roadmap at https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/wiki#roadmap

.NETFramework 4.6.2
.NETStandard 2.0
.NETStandard 2.1

.NETFramework 4.6.2: 4.6.2.0
.NETStandard 2.0: 2.0.0.0
.NETStandard 2.1: 2.1.0.0

Signature validation information

Informational

Signature Hash Algorithm: SHA256

Timestamp: 9/19/2023 12:14:37 AM

Verifying author primary signature's timestamp with timestamping service certificate: 
  Subject Name: CN=DigiCert Timestamp 2023, O="DigiCert, Inc.", C=US
  SHA1 hash: 66F02B32C2C2C90F825DCEAA8AC9C64F199CCF40
  SHA256 hash: D2F6E46DED7422CCD1D440576841366F828ADA559AAE3316AF4D1A9AD40C7828
  Issued by: CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA, O="DigiCert, Inc.", C=US
  Valid from: 7/14/2023 12:00:00 AM to 10/13/2034 11:59:59 PM

Signature type: Author

Verifying the author primary signature with certificate: 
  Subject Name: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  SHA1 hash: F25C45D17C53D4E0D1DC9FB9DFD0731FCF904B77
  SHA256 hash: 566A31882BE208BE4422F7CFD66ED09F5D4524A5994F50CCC8B05EC0528C1353
  Issued by: CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
  Valid from: 7/27/2023 12:00:00 AM to 10/17/2026 11:59:59 PM

Owners

Azure Active Directory

Authors

Microsoft

Project URL

https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet

License

Unknown

Signature

Validation: Valid

Info

0 total downloads

0 downloads for version 5.0.0-preview

Download (115.16 KB)

Found on the current feed only

Package history

Version	Size	Last updated
5.0.0-preview	115.16 KB	Tue, 19 Sep 2023 00:18:34 GMT
4.1.0	115.01 KB	Mon, 18 Sep 2023 23:47:23 GMT
4.0.1	114.84 KB	Thu, 07 Sep 2023 15:49:33 GMT
4.0.0	113.02 KB	Tue, 11 Jul 2023 20:57:11 GMT
3.2.2-preview	113.15 KB	Tue, 11 Jul 2023 04:28:36 GMT
3.2.1	113.01 KB	Mon, 29 May 2023 20:56:30 GMT
3.2.0	100.04 KB	Thu, 11 May 2023 18:33:03 GMT
3.1.0	100.04 KB	Wed, 12 Apr 2023 00:33:32 GMT
3.0.1	99.73 KB	Wed, 05 Apr 2023 16:19:33 GMT
3.0.0	71.32 KB	Tue, 04 Apr 2023 03:43:40 GMT
2.1.0	99.78 KB	Wed, 15 Mar 2023 05:05:08 GMT
2.0.1	98.26 KB	Fri, 20 Jan 2023 01:47:25 GMT
2.0.0	98.39 KB	Thu, 19 Jan 2023 02:04:51 GMT
1.2.0	98.58 KB	Wed, 11 Jan 2023 04:32:30 GMT
1.1.0	98.52 KB	Thu, 05 Jan 2023 21:43:12 GMT
1.0.6-preview	98.65 KB	Thu, 29 Dec 2022 20:15:06 GMT
1.0.5-preview	42.13 KB	Mon, 12 Dec 2022 18:51:32 GMT
1.0.4-preview	39.31 KB	Wed, 16 Nov 2022 03:48:59 GMT
1.0.3-preview	38.92 KB	Sat, 05 Nov 2022 21:29:10 GMT
1.0.2-preview	39 KB	Thu, 03 Nov 2022 03:51:45 GMT
1.0.1-preview	36.34 KB	Tue, 18 Oct 2022 17:04:13 GMT
1.0.0	36.3 KB	Fri, 07 Oct 2022 05:11:13 GMT
1.0.0-preview	36.35 KB	Mon, 17 Oct 2022 16:42:25 GMT
0.1.0-preview20230721.1codeCoverage	113.23 KB	Fri, 21 Jul 2023 16:35:57 GMT

azureadwebstacknightly - Microsoft.Identity.Abstractions 5.0.0-preview

Microsoft.Identity.Abstractions

NuGet Package

Version Lifecycle and Support Matrix

Concepts

Overview of the data classes

Application options and credentials

Credential loaders

Token acquisition

Call downstream APIs

Extensibility

Contributing

Trademarks

Signature validation information

Informational

Owners

Authors

Project URL

License

Tags

Signature

Info

Package history