ConfidentialClientApplicationBuilderExtensions.WithCertificate Method

Definition

Namespace:: Microsoft.Identity.Client.Extensibility

Assembly:: Microsoft.Identity.Client.dll

Package:: Microsoft.Identity.Client v4.83.1

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Configures an async callback to provide the client credential certificate dynamically. The callback is invoked before each token acquisition request to the identity provider (including retries). This enables scenarios such as certificate rotation and dynamic certificate selection based on application context.

public static Microsoft.Identity.Client.ConfidentialClientApplicationBuilder WithCertificate(this Microsoft.Identity.Client.ConfidentialClientApplicationBuilder builder, Func<Microsoft.Identity.Client.AssertionRequestOptions,System.Threading.Tasks.Task<System.Security.Cryptography.X509Certificates.X509Certificate2>> certificateProvider, Microsoft.Identity.Client.AppConfig.CertificateOptions certificateOptions);

static member WithCertificate : Microsoft.Identity.Client.ConfidentialClientApplicationBuilder * Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.Tasks.Task<System.Security.Cryptography.X509Certificates.X509Certificate2>> * Microsoft.Identity.Client.AppConfig.CertificateOptions -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder

<Extension()>
Public Function WithCertificate (builder As ConfidentialClientApplicationBuilder, certificateProvider As Func(Of AssertionRequestOptions, Task(Of X509Certificate2)), certificateOptions As CertificateOptions) As ConfidentialClientApplicationBuilder

Parameters

builder: ConfidentialClientApplicationBuilder

The confidential client application builder.

certificateProvider: Func<AssertionRequestOptions,Task<X509Certificate2>>

An async callback that provides the certificate based on the application configuration. Called before each network request to acquire a token. Must return a valid X509Certificate2 with a private key.

certificateOptions: CertificateOptions

Configuration options for the certificate handling.

Returns

ConfidentialClientApplicationBuilder

The builder to chain additional configuration calls.

Exceptions

ArgumentNullException

Thrown when certificateProvider is null.

MsalClientException

Thrown at build time if both WithCertificate(X509Certificate2) and this method are configured.

Remarks

This method cannot be used together with WithCertificate(X509Certificate2).

The callback is not invoked when tokens are retrieved from cache, only for network calls.

The certificate returned by the callback will be used to sign the client assertion (JWT) for that token request.

The callback can perform async operations such as fetching certificates from Azure Key Vault or other secret management systems.

See https://aka.ms/msal-net-client-credentials for more details on client credentials.

Applies to

Feedback

Was this page helpful?