Skip to main content

ClientSecretCredentialProvider

  • Namespace: PPDS.Auth.Credentials
  • Assembly: PPDS.Auth
  • Kind: Class
  • Implements: ICredentialProvider, IDisposable

Summary

Provides authentication using client ID and client secret (Service Principal).

Members

Constructors

ClientSecretCredentialProvider(string applicationId, string clientSecret, string tenantId, CloudEnvironment cloud)

ClientSecretCredentialProvider(string applicationId, string clientSecret, string tenantId, CloudEnvironment cloud)

Creates a new client secret credential provider.

  • Param applicationId: The application (client) ID.

  • Param clientSecret: The client secret.

  • Param tenantId: The tenant ID.

  • Param cloud: The cloud environment.

Methods

CreateServiceClientAsync

Task<ServiceClient> CreateServiceClientAsync(string environmentUrl, CancellationToken cancellationToken, bool forceInteractive)

Creates an authenticated ServiceClient for the specified environment URL.

  • Param environmentUrl: The Dataverse environment URL.

  • Param cancellationToken: Cancellation token.

  • Param forceInteractive: If true, skip silent auth and prompt user directly. Use for profile creation.

  • Returns: An authenticated ServiceClient.

Dispose

void Dispose()

(inherited from System.IDisposable.Dispose)

FromProfile

ClientSecretCredentialProvider FromProfile(AuthProfile profile, StoredCredential credential)

Creates a provider from an auth profile and credential from secure store.

  • Param profile: The auth profile.

  • Param credential: The credential containing the client secret.

  • Returns: A new provider instance.

FromProfileWithSecret

ClientSecretCredentialProvider FromProfileWithSecret(AuthProfile profile, string clientSecret)

Creates a provider from an auth profile using an environment variable secret.

  • Param profile: The auth profile.

  • Param clientSecret: The client secret (e.g., from PPDS_SPN_SECRET env var).

  • Returns: A new provider instance.

GetCachedTokenInfoAsync

Task<CachedTokenInfo> GetCachedTokenInfoAsync(string environmentUrl, CancellationToken cancellationToken)

Gets cached token information without triggering interactive authentication. Queries the MSAL token cache to determine current token state.

  • Param environmentUrl: The Dataverse environment URL to check token for.

  • Param cancellationToken: Cancellation token.

  • Returns: Token information if a valid cached token exists, null if token is expired or not cached.

Properties

AccessToken

string AccessToken { get; }

Gets the access token from the last authentication. Available after successful authentication. Used for extracting JWT claims.

AuthMethod

AuthMethod AuthMethod { get; }

Gets the authentication method this provider handles.

HomeAccountId

string HomeAccountId { get; }

Gets the MSAL home account identifier. Format: {objectId}.{tenantId} - uniquely identifies the account+tenant for token cache lookup. Available after successful authentication.

IdTokenClaims

ClaimsPrincipal IdTokenClaims { get; }

Gets the ID token claims from the last authentication (if available). The ID token typically contains user claims like country that aren't in the access token.

Identity

string Identity { get; }

Gets the identity string for display (e.g., username or app ID). Available after successful authentication.

ObjectId

string ObjectId { get; }

Gets the Entra Object ID (OID) from the authentication result. Available after successful authentication.

TenantId

string TenantId { get; }

Gets the tenant ID from the authentication result. Available after successful authentication.

TokenExpiresAt

Nullable<DateTimeOffset> TokenExpiresAt { get; }

Gets the token expiration time. Available after successful authentication.