diff --git a/Directory.Packages.props b/Directory.Packages.props
index f8487ea2d4..845c217084 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -13,6 +13,7 @@
+
diff --git a/src/client/Microsoft.Identity.Client/AuthenticationResult.cs b/src/client/Microsoft.Identity.Client/AuthenticationResult.cs
index 570fa706b4..17a0737973 100644
--- a/src/client/Microsoft.Identity.Client/AuthenticationResult.cs
+++ b/src/client/Microsoft.Identity.Client/AuthenticationResult.cs
@@ -20,7 +20,7 @@ namespace Microsoft.Identity.Client
/// Contains the results of one token acquisition operation in
/// or ConfidentialClientApplication. For details see https://aka.ms/msal-net-authenticationresult
///
- public partial class AuthenticationResult
+ public partial class AuthenticationResult : Microsoft.Identity.Abstractions.AcquireTokenResult
{
private readonly IAuthenticationOperation _authenticationScheme;
@@ -36,13 +36,14 @@ public partial class AuthenticationResult
/// See
/// Granted scope values as returned by the service
/// Identifier for the Azure AD tenant from which the token was acquired. Can be null
- /// Unique Id of the account. It can be null. When the is not null, this is its ID, that is its ObjectId claim, or if that claim is null, the Subject claim.
+ /// Unique Id of the account. It can be null. When the IdToken is not null, this is its ID, that is its ObjectId claim, or if that claim is null, the Subject claim.
/// The correlation id of the authentication request
/// The token type, defaults to Bearer. Note: this property is experimental and may change in future versions of the library.
/// Contains metadata related to the Authentication Result.
/// Claims from the ID token
/// Auth Code returned by the Microsoft identity platform when you use AcquireTokenByAuthorizationCode.WithSpaAuthorizationCode(). This auth code is meant to be redeemed by the frontend code. See https://aka.ms/msal-net/spa-auth-code
/// Other properties from the token response.
+ [EditorBrowsable(EditorBrowsableState.Never)] // for testing purposes only
public AuthenticationResult( // for backwards compat with 4.16-
string accessToken,
bool isExtendedLifeTimeToken,
@@ -59,6 +60,14 @@ public partial class AuthenticationResult
ClaimsPrincipal claimsPrincipal = null,
string spaAuthCode = null,
IReadOnlyDictionary additionalResponseParameters = null)
+ : base(
+ accessToken,
+ expiresOn,
+ tenantId,
+ idToken,
+ scopes,
+ correlationId,
+ tokenType)
{
AccessToken = accessToken;
#pragma warning disable CS0618 // Type or member is obsolete
@@ -91,7 +100,7 @@ public partial class AuthenticationResult
/// See
/// Granted scope values as returned by the service
/// Identifier for the Azure AD tenant from which the token was acquired. Can be null
- /// Unique Id of the account. It can be null. When the is not null, this is its ID, that is its ObjectId claim, or if that claim is null, the Subject claim.
+ /// Unique Id of the account. It can be null. When the IdToken is not null, this is its ID, that is its ObjectId claim, or if that claim is null, the Subject claim.
/// The correlation id of the authentication request
/// Contains metadata related to the Authentication Result.
/// The token type, defaults to Bearer. Note: this property is experimental and may change in future versions of the library.
@@ -136,6 +145,14 @@ internal AuthenticationResult(
Account account,
string spaAuthCode,
IReadOnlyDictionary additionalResponseParameters)
+ : base(
+ msalAccessTokenCacheItem?.Secret,
+ msalAccessTokenCacheItem?.ExpiresOn ?? default,
+ msalIdTokenCacheItem?.IdToken?.TenantId,
+ msalIdTokenCacheItem?.Secret,
+ msalAccessTokenCacheItem?.ScopeSet,
+ correlationID,
+ msalAccessTokenCacheItem?.TokenType)
{
_authenticationScheme = authenticationScheme ?? throw new ArgumentNullException(nameof(authenticationScheme));
@@ -168,8 +185,8 @@ internal AuthenticationResult(
ApiEvent = apiEvent;
AuthenticationResultMetadata = new AuthenticationResultMetadata(tokenSource);
AdditionalResponseParameters = msalAccessTokenCacheItem?.PersistedCacheParameters?.Count > 0 ?
- (IReadOnlyDictionary)msalAccessTokenCacheItem.PersistedCacheParameters :
- additionalResponseParameters;
+ (IReadOnlyDictionary)msalAccessTokenCacheItem.PersistedCacheParameters :
+ additionalResponseParameters;
if (msalAccessTokenCacheItem != null)
{
ExpiresOn = msalAccessTokenCacheItem.ExpiresOn;
@@ -201,13 +218,15 @@ internal AuthenticationResult(
}
//Default constructor for testing
- internal AuthenticationResult() { }
-
- ///
- /// Access Token that can be used as a bearer token to access protected web APIs
- ///
- public string AccessToken { get; set; }
-
+ internal AuthenticationResult() : base(
+ accessToken: null,
+ expiresOn: default,
+ tenantId: null,
+ idToken: null,
+ scopes: null,
+ correlationId: default,
+ tokenType: null)
+ { }
///
/// In case when Azure AD has an outage, to be more resilient, it can return tokens with
/// an expiration time, and also with an extended expiration time.
@@ -224,7 +243,7 @@ internal AuthenticationResult() { }
public bool IsExtendedLifeTimeToken { get; }
///
- /// Gets the Unique Id of the account in this
+ /// Gets the Unique Id of the account in this TenantId />
/// It is set as the oid (ObjectId) claim, or if that claim is null, as the sub (Subject) claim which is guaranteed not-null.
///
///
@@ -236,13 +255,6 @@ internal AuthenticationResult() { }
///
public string UniqueId { get; set; }
- ///
- /// Gets the point in time in which the Access Token returned in the property ceases to be valid.
- /// This value is calculated based on current UTC time measured locally and the value expiresIn received from the
- /// service.
- ///
- public DateTimeOffset ExpiresOn { get; set; }
-
///
/// Gets the point in time in which the Access Token returned in the AccessToken property ceases to be valid in MSAL's extended LifeTime.
/// This value is calculated based on current UTC time measured locally and the value ext_expiresIn received from the service.
@@ -251,12 +263,6 @@ internal AuthenticationResult() { }
[Obsolete("This feature has been deprecated", false)]
public DateTimeOffset ExtendedExpiresOn { get; }
- ///
- /// Gets an identifier for the Azure AD tenant from which the token was acquired. This property will be null if tenant information is
- /// not returned by the service.
- ///
- public string TenantId { get; set; }
-
///
/// Gets the account information. Some elements in might be null if not returned by the
/// service. The account can be passed back in some API overloads to identify which account should be used such
@@ -265,27 +271,6 @@ internal AuthenticationResult() { }
///
public IAccount Account { get; set; }
- ///
- /// Gets the Id Token if returned by the service or null if no Id Token is returned.
- ///
- public string IdToken { get; set; }
-
- ///
- /// Gets the granted scope values returned by the service.
- ///
- public IEnumerable Scopes { get; set; }
-
- ///
- /// Gets the correlation id used for the request.
- ///
- public Guid CorrelationId { get; set; }
-
- ///
- /// Identifies the type of access token. By default tokens returned by Azure Active Directory are Bearer tokens.
- /// for getting an HTTP authorization header from an AuthenticationResult.
- ///
- public string TokenType { get; set; }
-
///
/// Gets the SPA Authorization Code, if it was requested using WithSpaAuthorizationCode method on the
/// AcquireTokenByAuthorizationCode builder. See https://aka.ms/msal-net/spa-auth-code for details.
diff --git a/src/client/Microsoft.Identity.Client/Microsoft.Identity.Client.csproj b/src/client/Microsoft.Identity.Client/Microsoft.Identity.Client.csproj
index 578bb27e45..9f03082dab 100644
--- a/src/client/Microsoft.Identity.Client/Microsoft.Identity.Client.csproj
+++ b/src/client/Microsoft.Identity.Client/Microsoft.Identity.Client.csproj
@@ -157,6 +157,7 @@
+