 |
VOOZH | about |
|
VOOZH | about |
dotnet add package Microsoft.Identity.Abstractions --version 12.1.0
NuGet\Install-Package Microsoft.Identity.Abstractions -Version 12.1.0
<PackageReference Include="Microsoft.Identity.Abstractions" Version="12.1.0" />
<PackageVersion Include="Microsoft.Identity.Abstractions" Version="12.1.0" />Directory.Packages.props
<PackageReference Include="Microsoft.Identity.Abstractions" />Project file
paket add Microsoft.Identity.Abstractions --version 12.1.0
#r "nuget: Microsoft.Identity.Abstractions, 12.1.0"
#:package Microsoft.Identity.Abstractions@12.1.0
#addin nuget:?package=Microsoft.Identity.Abstractions&version=12.1.0Install as a Cake Addin
#tool nuget:?package=Microsoft.Identity.Abstractions&version=12.1.0Install as a Cake Tool
Microsoft.Identity.Abstractions contain interfaces and POCO classes used in the Microsoft .NET authentication libraries (Microsoft.IdentityModel, MSAL.NET and Microsoft.Identity.Web). It exposes concepts in three domains:
See for details.
The following table lists Microsoft.Identity.Abstractions versions currently supported and receiving security fixes.
| Major Version | Last Release | Patch release date | Support phase | End of support |
|---|---|---|---|---|
| 9.x | π NuGet |
Monthly | Active | Not planned.<br/>β
Supported versions: from 9.0.0 to π NuGet <br/>β οΈUnsupported versions < 9.0.0. |
βββ src/Microsoft.Identity.Abstractions/
β βββ ApplicationOptions/ # App config, credentials, loaders
β βββ TokenAcquisition/ # Token interfaces & options
β βββ DownstreamApi/ # API calling abstractions
β βββ Results/ # OperationResult pattern
β βββ PublicAPI/ # API tracking (don't edit manually)
βββ test/ # xUnit tests
βββ docs/ # Additional documentation
βββ build/ # Build scripts, signing keys
βββ agents.md # AI agent guidelines
appsettings.jsonClone() for safe overridesICredentialSourceLoader, ICustomSignedAssertionProvider| Change Type | Files to Update |
|---|---|
| New public API | Source file + PublicAPI/$(TFM)/PublicAPI.Unshipped.txt |
| New credential source | CredentialSource.cs + CredentialDescription.cs + docs |
| New HTTP method variant | IDownstreamApi.HttpMethods.tt (template!) |
| README diagrams | Update Mermaid in README.md |
dotnet test Microsoft.Identity.Abstractions.sln
graph LR
subgraph "Configuration Layer"
A[appsettings.json] --> B[IdentityApplicationOptions]
B --> C[CredentialDescription]
end
subgraph "Token Layer"
D[ITokenAcquirerFactory] --> E[ITokenAcquirer]
E --> F[AcquireTokenResult]
end
subgraph "API Layer"
G[IAuthorizationHeaderProvider] --> H["Task<string>"]
I[IDownstreamApi] --> J[HttpResponseMessage]
end
B --> D
C --> E
E --> G
G --> I
the following diagram provides an overview of the data classes exposed by Microsoft.Identity.Abstractions
classDiagram
direction TB
namespace ApplicationOptions {
class CredentialDescription {
<<ro>> +string Id
<<rw>> +CredentialSource SourceType
<<rw>> +string KeyVaultUrl
<<rw>> +string CertificateStorePath
<<rw>> +string CertificateDistinguishedName
<<rw>> +string KeyVaultCertificateName
<<rw>> +string CertificateThumbprint
<<rw>> +string CertificateSubjectName
<<rw>> +string CertificateDiskPath
<<rw>> +string CertificatePassword
<<rw>> +string Base64EncodedValue
<<rw>> +string ClientSecret
<<rw>> +string ManagedIdentityClientId
<<rw>> +string SignedAssertionFileDiskPath
<<rw>> +AuthorizationHeaderProviderOptions DecryptKeysAuthenticationOptions
<<rw>> +string TokenExchangeAuthority
<<rw>> +X509Certificate2 Certificate
<<rw>> +object CachedValue
<<rw>> +bool Skip
<<rw>> +bool UseBoundCredential
<<ro>> +CredentialType CredentialType
<<rw>> +string TokenExchangeUrl
<<rw>> +string CustomSignedAssertionProviderName
<<rw>> +Dictionary<string, Object> CustomSignedAssertionProviderData
<<rw>> +string Algorithm
}
class CredentialSource { <<enum>>
Certificate = 0
KeyVault = 1
Base64Encoded = 2
Path = 3
StoreWithThumbprint = 4
StoreWithDistinguishedName = 5
ClientSecret = 6
SignedAssertionFromManagedIdentity = 7
SignedAssertionFilePath = 8
SignedAssertionFromVault = 9
AutoDecryptKeys = 10
CustomSignedAssertion = 11
ManagedCertificate = 12
StoreWithSubjectName = 13
}
class CredentialType { <<enum>>
Certificate = 0
Secret = 1
SignedAssertion = 2
DecryptKeys = 3
}
class IdentityApplicationOptions {
<<rw>> +string Authority
<<rw>> +string ClientId
<<rw>> +bool EnablePiiLogging
<<rw>> +IDictionary<string, string> ExtraQueryParameters
<<rw>> +IEnumerable<CredentialDescription> ClientCredentials
<<rw>> +string Audience
<<rw>> +IEnumerable<string> Audiences
<<rw>> +IEnumerable<CredentialDescription> TokenDecryptionCredentials
<<rw>> +bool AllowWebApiToBeAuthorizedByACL
}
class MicrosoftEntraApplicationOptions {
<<rw>> +string Name
<<rw>> +string Instance
<<rw>> +string TenantId
<<rw>> +string Authority
<<rw>> +string AppHomeTenantId
<<rw>> +string AzureRegion
<<rw>> +IEnumerable<string> ClientCapabilities
<<rw>> +bool SendX5C
}
class MicrosoftIdentityApplicationOptions {
<<rw>> +bool WithSpaAuthCode
<<rw>> +string Domain
<<rw>> +string EditProfilePolicyId
<<rw>> +string SignUpSignInPolicyId
<<rw>> +string ResetPasswordPolicyId
<<ro>> +string DefaultUserFlow
<<rw>> +string ResetPasswordPath
<<rw>> +string ErrorPath
}
}
namespace TokenAcquisition {
class AcquireTokenOptions {
+AcquireTokenOptions Clone()
<<rw>> +string AuthenticationOptionsName
<<rw>> +Nullable<Guid> CorrelationId
<<rw>> +IDictionary<string, string> ExtraQueryParameters
<<rw>> +IDictionary<string, Object> ExtraParameters
<<rw>> +IDictionary<string, string> ExtraHeaderParameters
<<rw>> +string Claims
<<rw>> +string FmiPath
<<rw>> +bool ForceRefresh
<<rw>> +string PopPublicKey
<<rw>> +string PopClaim
<<rw>> +ManagedIdentityOptions ManagedIdentity
<<rw>> +string LongRunningWebApiSessionKey
<<ro>> +string LongRunningWebApiSessionKeyAuto
<<rw>> +string Tenant
<<rw>> +string UserFlow
}
class AcquireTokenResult {
<<rw>> +string AccessToken
<<rw>> +DateTimeOffset ExpiresOn
<<rw>> +string TenantId
<<rw>> +string IdToken
<<rw>> +IEnumerable<string> Scopes
<<rw>> +Guid CorrelationId
<<rw>> +string TokenType
<<rw>> +IReadOnlyDictionary<string, string> AdditionalResponseParameters
<<rw>> +X509Certificate2 BindingCertificate
}
class ITokenAcquirer { <<interface>>
+Task<AcquireTokenResult> GetTokenForUserAsync(IEnumerable<string> scopes, AcquireTokenOptions tokenAcquisitionOptions, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<AcquireTokenResult> GetTokenForAppAsync(string scope, AcquireTokenOptions tokenAcquisitionOptions, CancellationToken cancellationToken)
}
class ITokenAcquirerFactory { <<interface>>
+ITokenAcquirer GetTokenAcquirer(IdentityApplicationOptions identityApplicationOptions)
+ITokenAcquirer GetTokenAcquirer(string optionName)
}
class ManagedIdentityOptions {
+ManagedIdentityOptions Clone()
<<rw>> +string UserAssignedClientId
}
}
namespace DownstreamApis {
class AuthorizationHeaderProviderOptions {
+AuthorizationHeaderProviderOptions Clone()
#AuthorizationHeaderProviderOptions CloneInternal()
+string GetApiUrl()
<<rw>> +string BaseUrl
<<rw>> +string RelativePath
<<rw>> +string HttpMethod
<<rw>> +Action<HttpRequestMessage> CustomizeHttpRequestMessage
<<rw>> +AcquireTokenOptions AcquireTokenOptions
<<rw>> +string ProtocolScheme
<<rw>> +bool RequestAppToken
}
class DownstreamApiOptions {
+DownstreamApiOptions Clone()
#AuthorizationHeaderProviderOptions CloneInternal()
<<rw>> +IEnumerable<string> Scopes
<<rw>> +Func<object?,HttpContent?> Serializer
<<rw>> +Func<HttpContent?,object?> Deserializer
<<rw>> +string AcceptHeader
<<rw>> +string ContentType
<<rw>> +IDictionary<string, string> ExtraQueryParameters
<<rw>> +IDictionary<string, string> ExtraHeaderParameters
}
class DownstreamApiOptionsReadOnlyHttpMethod {
+DownstreamApiOptionsReadOnlyHttpMethod Clone()
#AuthorizationHeaderProviderOptions CloneInternal()
<<ro>> +string HttpMethod
}
class IAuthorizationHeaderProvider { <<interface>> }
class IAuthorizationHeaderProvider_TResult_ { <<interface>> }
class IBoundAuthorizationHeaderProvider { <<interface>> }
class IDownstreamApi { <<interface>>
+CallApiAsync(...)
+CallApiForUserAsync(...)
+CallApiForAppAsync(...)
+Generic overloads() ... }
}
IdentityApplicationOptions <|-- MicrosoftEntraApplicationOptions : Inherits
MicrosoftEntraApplicationOptions <|-- MicrosoftIdentityApplicationOptions : Inherits
AuthorizationHeaderProviderOptions <|-- DownstreamApiOptions : Inherits
DownstreamApiOptions <|-- DownstreamApiOptionsReadOnlyHttpMethod : Inherits
CredentialDescription *-- "SourceType" CredentialSource : Has
CredentialDescription --> "DecryptKeysAuthenticationOptions" AuthorizationHeaderProviderOptions : Has
CredentialDescription *-- "CredentialType" CredentialType : Has
IdentityApplicationOptions --> "ClientCredentials" CredentialDescription : Has many
IdentityApplicationOptions --> "TokenDecryptionCredentials" CredentialDescription : Has many
AuthorizationHeaderProviderOptions --> "AcquireTokenOptions" AcquireTokenOptions : Has
AcquireTokenOptions --> "ManagedIdentity" ManagedIdentityOptions : Has
ITokenAcquirerFactory --> ITokenAcquirer : produces
ITokenAcquirer --> AcquireTokenOptions : parametrized by
AcquireTokenOptions --> "ManagedIdentity" ManagedIdentityOptions : Has
ITokenAcquirer --> AcquireTokenResult : returns
Note:
AuthorizationHeaderProviderOptions "Defaults: ProtocolScheme=Bearer, HttpMethod=Get"DownstreamApiOptions "Defaults: AcceptHeader=application/json, ContentType=application/jsonIdentityApplicationOptions "Effective audiences = Audience βͺ Audiences"The application options are typically the options that you find in configuration files like the appsettings.json file. They describe the authentication aspects of your application. The library offers two layer. A standard layer, and a Microsoft Identity platform specialization.
classDiagram
class CredentialDescription {
<<ro>> +string Id
<<rw>> +CredentialSource SourceType
<<rw>> +string KeyVaultUrl
<<rw>> +string CertificateStorePath
<<rw>> +string CertificateDistinguishedName
<<rw>> +string CertificateSubjectName
<<rw>> +string KeyVaultCertificateName
<<rw>> +string CertificateThumbprint
<<rw>> +string CertificateDiskPath
<<rw>> +string CertificatePassword
<<rw>> +string Base64EncodedValue
<<rw>> +string ClientSecret
<<rw>> +string ManagedIdentityClientId
<<rw>> +string SignedAssertionFileDiskPath
<<rw>> +AuthorizationHeaderProviderOptions DecryptKeysAuthenticationOptions
<<rw>> +string TokenExchangeAuthority
<<rw>> +X509Certificate2 Certificate
<<rw>> +Object CachedValue
<<rw>> +bool Skip
<<rw>> +bool UseBoundCredential
<<ro>> +CredentialType CredentialType
<<rw>> +string TokenExchangeUrl
<<rw>> +string CustomSignedAssertionProviderName
<<rw>> +Dictionary<string, Object> CustomSignedAssertionProviderData
<<rw>> +string Algorithm
}
class CredentialSource { <<enum>>
Certificate = 0
KeyVault = 1
Base64Encoded = 2
Path = 3
StoreWithThumbprint = 4
StoreWithDistinguishedName = 5
ClientSecret = 6
SignedAssertionFromManagedIdentity = 7
SignedAssertionFilePath = 8
SignedAssertionFromVault = 9
AutoDecryptKeys = 10
CustomSignedAssertion = 11
ManagedCertificate = 12
StoreWithSubjectName = 13
}
class CredentialType { <<enum>>
Certificate = 0
Secret = 1
SignedAssertion = 2
DecryptKeys = 3
}
class IdentityApplicationOptions {
<<rw>> +string Authority
<<rw>> +string ClientId
<<rw>> +bool EnablePiiLogging
<<rw>> +IDictionary<string, string> ExtraQueryParameters
<<rw>> +IEnumerable<CredentialDescription> ClientCredentials
<<rw>> +string Audience
<<rw>> +IEnumerable<string> Audiences
<<rw>> +IEnumerable<CredentialDescription> TokenDecryptionCredentials
<<rw>> +bool AllowWebApiToBeAuthorizedByACL
}
class MicrosoftEntraApplicationOptions {
<<rw>> +string Name
<<rw>> +string Instance
<<rw>> +string TenantId
<<rw>> +string Authority
<<rw>> +string AppHomeTenantId
<<rw>> +string AzureRegion
<<rw>> +IEnumerable<string> ClientCapabilities
<<rw>> +bool SendX5C
}
class MicrosoftIdentityApplicationOptions {
<<rw>> +bool WithSpaAuthCode
<<rw>> +string Domain
<<rw>> +string EditProfilePolicyId
<<rw>> +string SignUpSignInPolicyId
<<rw>> +string ResetPasswordPolicyId
<<ro>> +string DefaultUserFlow
<<rw>> +string ResetPasswordPath
<<rw>> +string ErrorPath
}
IdentityApplicationOptions <|-- MicrosoftEntraApplicationOptions : Inherits
MicrosoftEntraApplicationOptions <|-- MicrosoftIdentityApplicationOptions : Inherits
CredentialDescription *-- "SourceType" CredentialSource : Has
CredentialDescription --> "DecryptKeysAuthenticationOptions" AuthorizationHeaderProviderOptions : Has
note for AuthorizationHeaderProviderOptions "see below"
CredentialDescription *-- "CredentialType" CredentialType : Has
IdentityApplicationOptions --> "ClientCredentials" CredentialDescription : Has many
IdentityApplicationOptions --> "TokenDecryptionCredentials" CredentialDescription : Has many
For details about Credentials, see
An important part of the application options are the credentials. In addition to the credential descriptions, the library offers extensibility mechanisms so that implementers can add their own credential source loaders.
classDiagram
class CredentialSourceLoaderParameters {
<<rw>> +string ClientId
<<rw>> +string Authority
}
class ICredentialsLoader { <<interface>>
+Task LoadCredentialsIfNeededAsync(CredentialDescription credentialDescription, CredentialSourceLoaderParameters parameters)
+Task<CredentialDescription> LoadFirstValidCredentialsAsync(IEnumerable<CredentialDescription> credentialDescriptions, CredentialSourceLoaderParameters parameters)
+Void ResetCredentials(IEnumerable<CredentialDescription> credentialDescriptions)
<<ro>> +IDictionary<CredentialSource, ICredentialSourceLoader> CredentialSourceLoaders
}
class ICredentialSourceLoader { <<interface>>
+Task LoadIfNeededAsync(CredentialDescription credentialDescription, CredentialSourceLoaderParameters parameters)
<<ro>> +CredentialSource CredentialSource
}
class ICustomSignedAssertionProvider { <<interface>>
<<ro>> +string Name
}
ICredentialSourceLoader <|-- ICustomSignedAssertionProvider : Inherits
ICredentialSourceLoader *-- "CredentialSource" CredentialSource : Has
ICredentialsLoader --> ICredentialSourceLoader : Loads
ICredentialSourceLoader --> CredentialSourceLoaderParameters : Uses
note for CredentialSource "see above"
There can be several application options with different names (for instance in ASP.NET Core these would be different authentication schemes)
Once configured, an application can acquire tokens from the Identity provider. This is a low level API, in the sense that you would probably prefer to call downstream web APIs without having to be preoccupied about the authentication aspects. If you really want to use the lower level API, you should:
classDiagram
class AcquireTokenOptions {
+AcquireTokenOptions Clone()
<<rw>> +string AuthenticationOptionsName
<<rw>> +Nullable<Guid> CorrelationId
<<rw>> +IDictionary<string, string> ExtraQueryParameters
<<rw>> +IDictionary<string, Object> ExtraParameters
<<rw>> +IDictionary<string, string> ExtraHeaderParameters
<<rw>> +string Claims
<<rw>> +string FmiPath
<<rw>> +bool ForceRefresh
<<rw>> +string PopPublicKey
<<rw>> +string PopClaim
<<rw>> +ManagedIdentityOptions ManagedIdentity
<<rw>> +string LongRunningWebApiSessionKey
<<ro>> +string LongRunningWebApiSessionKeyAuto
<<rw>> +string Tenant
<<rw>> +string UserFlow
}
class AcquireTokenResult {
<<rw>> +string AccessToken
<<rw>> +DateTimeOffset ExpiresOn
<<rw>> +string TenantId
<<rw>> +string IdToken
<<rw>> +IEnumerable<string> Scopes
<<rw>> +Guid CorrelationId
<<rw>> +string TokenType
<<rw>> +IReadOnlyDictionary<string, string> AdditionalResponseParameters
<<rw>> +X509Certificate2 BindingCertificate
}
class ITokenAcquirer { <<interface>>
+Task<AcquireTokenResult> GetTokenForUserAsync(IEnumerable<string> scopes, AcquireTokenOptions tokenAcquisitionOptions, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<AcquireTokenResult> GetTokenForAppAsync(string scope, AcquireTokenOptions tokenAcquisitionOptions, CancellationToken cancellationToken)
}
class ITokenAcquirerFactory { <<interface>>
+ITokenAcquirer GetTokenAcquirer(IdentityApplicationOptions identityApplicationOptions)
+ITokenAcquirer GetTokenAcquirer(string optionName)
}
class ManagedIdentityOptions {
+ManagedIdentityOptions Clone()
<<rw>> +string UserAssignedClientId
}
ITokenAcquirerFactory ..> ITokenAcquirer : produces
ITokenAcquirer --> AcquireTokenOptions : parametrized by
AcquireTokenOptions --> "ManagedIdentity" ManagedIdentityOptions : Has
ITokenAcquirer ..> AcquireTokenResult : returns
It's also possible (and recommended) to use higher level APIs:
classDiagram
class AuthorizationHeaderProviderOptions {
+AuthorizationHeaderProviderOptions Clone()
#AuthorizationHeaderProviderOptions CloneInternal()
+string GetApiUrl()
<<rw>> +string BaseUrl
<<rw>> +string RelativePath
<<rw>> +string HttpMethod
<<rw>> +Action<HttpRequestMessage> CustomizeHttpRequestMessage
<<rw>> +AcquireTokenOptions AcquireTokenOptions
<<rw>> +string ProtocolScheme
<<rw>> +bool RequestAppToken
}
class DownstreamApiOptions {
+DownstreamApiOptions Clone()
#AuthorizationHeaderProviderOptions CloneInternal()
<<rw>> +IEnumerable<string> Scopes
<<rw>> +Func<Object, HttpContent> Serializer
<<rw>> +Func<HttpContent, Object> Deserializer
<<rw>> +string AcceptHeader
<<rw>> +string ContentType
<<rw>> +IDictionary<string, string> ExtraQueryParameters
<<rw>> +IDictionary<string, string> ExtraHeaderParameters
}
class DownstreamApiOptionsReadOnlyHttpMethod {
+DownstreamApiOptionsReadOnlyHttpMethod Clone()
#AuthorizationHeaderProviderOptions CloneInternal()
<<ro>> +string HttpMethod
}
class IAuthorizationHeaderProvider { <<interface>>
+Task<string> CreateAuthorizationHeaderForUserAsync(IEnumerable<string> scopes, AuthorizationHeaderProviderOptions authorizationHeaderProviderOptions, ClaimsPrincipal claimsPrincipal, CancellationToken cancellationToken)
+Task<string> CreateAuthorizationHeaderForAppAsync(string scopes, AuthorizationHeaderProviderOptions downstreamApiOptions, CancellationToken cancellationToken)
+Task<string> CreateAuthorizationHeaderAsync(IEnumerable<string> scopes, AuthorizationHeaderProviderOptions options, ClaimsPrincipal claimsPrincipal, CancellationToken cancellationToken)
}
class IBoundAuthorizationHeaderProvider { <<interface>>
+Task<OperationResult<AuthorizationHeaderInformation, AuthorizationHeaderError>> CreateBoundAuthorizationHeaderAsync(DownstreamApiOptions downstreamApiOptions, ClaimsPrincipal claimsPrincipal, CancellationToken cancellationToken)
}
class IDownstreamApi { <<interface>>
+Task<HttpResponseMessage> CallApiAsync(DownstreamApiOptions downstreamApiOptions, ClaimsPrincipal user, HttpContent content, CancellationToken cancellationToken)
+Task<HttpResponseMessage> CallApiAsync(string serviceName, Action<DownstreamApiOptions> downstreamApiOptionsOverride, ClaimsPrincipal user, HttpContent content, CancellationToken cancellationToken)
+Task<HttpResponseMessage> CallApiForUserAsync(string serviceName, Action<DownstreamApiOptions> downstreamApiOptionsOverride, ClaimsPrincipal user, HttpContent content, CancellationToken cancellationToken)
+Task<HttpResponseMessage> CallApiForAppAsync(string serviceName, Action<DownstreamApiOptions> downstreamApiOptionsOverride, HttpContent content, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> CallApiForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptions> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> CallApiForUserAsync(string serviceName, Action<DownstreamApiOptions> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> CallApiForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptions> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> CallApiForAppAsync(string serviceName, Action<DownstreamApiOptions> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> CallApiForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptions> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> CallApiForUserAsync(string serviceName, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptions> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> CallApiForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptions> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> CallApiForAppAsync(string serviceName, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptions> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> GetForUserAsync(string serviceName, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> GetForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> GetForAppAsync(string serviceName, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> GetForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task PostForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> PostForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task PostForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> PostForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task PutForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> PutForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task PutForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> PutForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task PatchForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> PatchForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task PatchForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> PatchForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task DeleteForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> DeleteForUserAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task DeleteForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> DeleteForAppAsync(string serviceName, IDownstreamApi.TInput input, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> GetForUserAsync(string serviceName, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> GetForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> GetForAppAsync(string serviceName, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> GetForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task PostForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> PostForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task PostForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> PostForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task PutForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> PutForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task PutForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> PutForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task PatchForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> PatchForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task PatchForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> PatchForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task DeleteForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> DeleteForUserAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, ClaimsPrincipal user, CancellationToken cancellationToken)
+Task DeleteForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
+Task<IDownstreamApi.TOutput> DeleteForAppAsync(string serviceName, IDownstreamApi.TInput input, JsonTypeInfo<IDownstreamApi.TInput> inputJsonTypeInfo, JsonTypeInfo<IDownstreamApi.TOutput> outputJsonTypeInfo, Action<DownstreamApiOptionsReadOnlyHttpMethod> downstreamApiOptionsOverride, CancellationToken cancellationToken)
}
AuthorizationHeaderProviderOptions <|-- DownstreamApiOptions : Inherits
DownstreamApiOptions <|-- DownstreamApiOptionsReadOnlyHttpMethod : Inherits
IAuthorizationHeaderProvider <|-- IAuthorizationHeaderProvider2 : Inherits
CredentialDescription --> "DecryptKeysAuthenticationOptions" AuthorizationHeaderProviderOptions : Has
AuthorizationHeaderProviderOptions --> "AcquireTokenOptions" AcquireTokenOptions : Has
AcquireTokenOptions --> "ManagedIdentity" ManagedIdentityOptions : Has
IDownstreamApi ..> DownstreamApiOptions : Uses
IAuthorizationHeaderProvider ..> AuthorizationHeaderProviderOptions : Uses
IAuthorizationHeaderProvider2 ..> AuthorizationHeaderProviderOptions : Uses
Credential loading extensibility points.
classDiagram
class CredentialSourceLoaderParameters {
+string ClientId
+string Authority
}
class ICredentialSourceLoader { <<interface>>
+Task LoadIfNeededAsync(CredentialDescription, CredentialSourceLoaderParameters?)
+CredentialSource CredentialSource
}
class ICustomSignedAssertionProvider { <<interface>>
+string Name
}
class ICredentialsLoader { <<interface>>
+IDictionary<CredentialSource, ICredentialSourceLoader> CredentialSourceLoaders
+Task LoadCredentialsIfNeededAsync(CredentialDescription, CredentialSourceLoaderParameters?)
+Task <CredentialDescription?> LoadFirstValidCredentialsAsync(IEnumerable<CredentialDescription>, CredentialSourceLoaderParameters?)
+void ResetCredentials(IEnumerable<CredentialDescription>)
}
ICredentialSourceLoader <|-- ICustomSignedAssertionProvider : Inherits
ICredentialsLoader --> ICredentialSourceLoader : Uses
ICredentialSourceLoader --> CredentialSourceLoaderParameters : Uses
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact with any additional questions or comments.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net5.0 net5.0 was computed. net5.0-windows net5.0-windows was computed. net6.0 net6.0 was computed. net6.0-android net6.0-android was computed. net6.0-ios net6.0-ios was computed. net6.0-maccatalyst net6.0-maccatalyst was computed. net6.0-macos net6.0-macos was computed. net6.0-tvos net6.0-tvos was computed. net6.0-windows net6.0-windows was computed. net7.0 net7.0 was computed. net7.0-android net7.0-android was computed. net7.0-ios net7.0-ios was computed. net7.0-maccatalyst net7.0-maccatalyst was computed. net7.0-macos net7.0-macos was computed. net7.0-tvos net7.0-tvos was computed. net7.0-windows net7.0-windows was computed. net8.0 net8.0 is compatible. net8.0-android net8.0-android was computed. net8.0-browser net8.0-browser was computed. net8.0-ios net8.0-ios was computed. net8.0-maccatalyst net8.0-maccatalyst was computed. net8.0-macos net8.0-macos was computed. net8.0-tvos net8.0-tvos was computed. net8.0-windows net8.0-windows was computed. net9.0 net9.0 is compatible. net9.0-android net9.0-android was computed. net9.0-browser net9.0-browser was computed. net9.0-ios net9.0-ios was computed. net9.0-maccatalyst net9.0-maccatalyst was computed. net9.0-macos net9.0-macos was computed. net9.0-tvos net9.0-tvos was computed. net9.0-windows net9.0-windows was computed. net10.0 net10.0 is compatible. net10.0-android net10.0-android was computed. net10.0-browser net10.0-browser was computed. net10.0-ios net10.0-ios was computed. net10.0-maccatalyst net10.0-maccatalyst was computed. net10.0-macos net10.0-macos was computed. net10.0-tvos net10.0-tvos was computed. net10.0-windows net10.0-windows was computed. |
| .NET Core | netcoreapp2.0 netcoreapp2.0 was computed. netcoreapp2.1 netcoreapp2.1 was computed. netcoreapp2.2 netcoreapp2.2 was computed. netcoreapp3.0 netcoreapp3.0 was computed. netcoreapp3.1 netcoreapp3.1 was computed. |
| .NET Standard | netstandard2.0 netstandard2.0 is compatible. netstandard2.1 netstandard2.1 is compatible. |
| .NET Framework | net461 net461 was computed. net462 net462 is compatible. net463 net463 was computed. net47 net47 was computed. net471 net471 was computed. net472 net472 was computed. net48 net48 was computed. net481 net481 was computed. |
| MonoAndroid | monoandroid monoandroid was computed. |
| MonoMac | monomac monomac was computed. |
| MonoTouch | monotouch monotouch was computed. |
| Tizen | tizen40 tizen40 was computed. tizen60 tizen60 was computed. |
| Xamarin.iOS | xamarinios xamarinios was computed. |
| Xamarin.Mac | xamarinmac xamarinmac was computed. |
| Xamarin.TVOS | xamarintvos xamarintvos was computed. |
| Xamarin.WatchOS | xamarinwatchos xamarinwatchos was computed. |
Showing the top 5 NuGet packages that depend on Microsoft.Identity.Abstractions:
| Package | Downloads |
|---|---|
|
Microsoft.Identity.Web.Certificate
This package brings certificate management for MSAL.NET. |
|
|
Microsoft.Identity.Web.TokenAcquisition
Implementation for higher level API for confidential client applications (ASP.NET Core and SDK/.NET). |
|
|
Rystem.Authentication.Social.Blazor
Rystem.Authentication.Social helps you to integrate with new .Net Identity system and social logins. |
|
|
Rystem.RepositoryFramework.Api.Client.Authentication.BlazorServer
Rystem.RepositoryFramework allows you to use correctly concepts like repository pattern, CQRS and DDD. You have interfaces for your domains, auto-generated api, auto-generated HttpClient to simplify connection "api to front-end", a functionality for auto-population in memory of your models, a functionality to simulate exceptions and waiting time from external sources to improve your implementation/business test and load test. |
|
|
WATG.Common
WATG library of commonly used and shared functionalities |
Showing the top 3 popular GitHub repositories that depend on Microsoft.Identity.Abstractions:
| Repository | Stars |
|---|---|
|
microsoft/mcp
Catalog of official Microsoft MCP (Model Context Protocol) server implementations for AI-powered data access and tool integration
|
|
|
visualHFT/VisualHFT
VisualHFT is a WPF/C# desktop GUI that shows market microstructure in real time. You can track advanced limitβorderβbook dynamics and execution quality, then use its modular plugins to shape the analysis to your workflow.
|
|
|
AzureAD/microsoft-identity-web
Helps creating protected web apps and web APIs with Microsoft identity platform and Azure AD B2C
|
The release notes are available at https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases and the roadmap at https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/wiki#roadmap