IConfidentialClientApplication.AcquireTokenOnBehalfOf Method

Definition

Acquires an access token for this application (usually a web API) from the authority configured in the application, in order to access another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow. During this operation MSAL will first search in the cache for an unexpired token before acquiring a new one from Microsoft Entra ID. See On-Behalf-Of Flow.

public Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder AcquireTokenOnBehalfOf (System.Collections.Generic.IEnumerable<string> scopes, Microsoft.Identity.Client.UserAssertion userAssertion);
abstract member AcquireTokenOnBehalfOf : seq<string> * Microsoft.Identity.Client.UserAssertion -> Microsoft.Identity.Client.AcquireTokenOnBehalfOfParameterBuilder
Public Function AcquireTokenOnBehalfOf (scopes As IEnumerable(Of String), userAssertion As UserAssertion) As AcquireTokenOnBehalfOfParameterBuilder

Parameters

scopes
IEnumerable<String>

Scopes requested to access a protected API.

userAssertion
UserAssertion

Instance of UserAssertion containing credential information about the user on behalf of whom to get a token.

Returns

A builder enabling you to add optional parameters before executing the token request.

Remarks

Pass an access token (not an ID token) which was used to access this application in the userAssertion parameter. For long-running or background processes in web API, see Long-running OBO in MSAL.NET.

Applies to