InteractiveBrowserCredentialProvider

Namespace: PPDS.Auth.Credentials
Assembly: PPDS.Auth
Kind: Class
Implements: ICredentialProvider, IDisposable

Summary

Provides authentication using interactive browser flow. Automatically opens the system browser for user sign-in.

Members

Constructors

InteractiveBrowserCredentialProvider(CloudEnvironment cloud, string tenantId, string username, string homeAccountId, Action<DeviceCodeInfo> deviceCodeCallback, Func<Action<DeviceCodeInfo>, PreAuthDialogResult> beforeInteractiveAuth)

InteractiveBrowserCredentialProvider(CloudEnvironment cloud, string tenantId, string username, string homeAccountId, Action<DeviceCodeInfo> deviceCodeCallback, Func<Action<DeviceCodeInfo>, PreAuthDialogResult> beforeInteractiveAuth)

Creates a new interactive browser credential provider.

Param cloud: The cloud environment.
Param tenantId: Optional tenant ID (defaults to "organizations" for multi-tenant).
Param username: Optional username for silent auth lookup.
Param homeAccountId: Optional MSAL home account identifier for precise account lookup.
Param deviceCodeCallback: Optional callback for device code display (used for device code fallback).
Param beforeInteractiveAuth: Optional callback invoked before opening browser for auth. Returns the user's choice (OpenBrowser, UseDeviceCode, or Cancel). The callback receives a device code callback to use if device code is selected.

Methods

CreateServiceClientAsync

Task<ServiceClient> CreateServiceClientAsync(string environmentUrl, CancellationToken cancellationToken, bool forceInteractive)

Creates an authenticated ServiceClient for the specified environment URL.

Param environmentUrl: The Dataverse environment URL.
Param cancellationToken: Cancellation token.
Param forceInteractive: If true, skip silent auth and prompt user directly. Use for profile creation.
Returns: An authenticated ServiceClient.

Dispose

void Dispose()

(inherited from System.IDisposable.Dispose)

FromProfile

InteractiveBrowserCredentialProvider FromProfile(AuthProfile profile, Action<DeviceCodeInfo> deviceCodeCallback, Func<Action<DeviceCodeInfo>, PreAuthDialogResult> beforeInteractiveAuth)

Creates a provider from an auth profile.

Param profile: The auth profile.
Param deviceCodeCallback: Optional callback for device code display (used for device code fallback).
Param beforeInteractiveAuth: Optional callback invoked before opening browser for auth. Returns the user's choice (OpenBrowser, UseDeviceCode, or Cancel).
Returns: A new provider instance.

GetCachedTokenInfoAsync

Task<CachedTokenInfo> GetCachedTokenInfoAsync(string environmentUrl, CancellationToken cancellationToken)

Gets cached token information without triggering interactive authentication. Queries the MSAL token cache to determine current token state.

Param environmentUrl: The Dataverse environment URL to check token for.
Param cancellationToken: Cancellation token.
Returns: Token information if a valid cached token exists, null if token is expired or not cached.

IsAvailable

bool IsAvailable()

Checks if interactive browser authentication is available. Returns false for headless environments (SSH, containers, no display).

Properties

AccessToken

string AccessToken { get; }

Gets the access token from the last authentication. Available after successful authentication. Used for extracting JWT claims.

AuthMethod

AuthMethod AuthMethod { get; }

Gets the authentication method this provider handles.

HomeAccountId

string HomeAccountId { get; }

Gets the MSAL home account identifier. Format: {objectId}.{tenantId} - uniquely identifies the account+tenant for token cache lookup. Available after successful authentication.

IdTokenClaims

ClaimsPrincipal IdTokenClaims { get; }

Gets the ID token claims from the last authentication (if available). The ID token typically contains user claims like country that aren't in the access token.

Identity

string Identity { get; }

Gets the identity string for display (e.g., username or app ID). Available after successful authentication.

ObjectId

string ObjectId { get; }

Gets the Entra Object ID (OID) from the authentication result. Available after successful authentication.

TenantId

string TenantId { get; }

Gets the tenant ID from the authentication result. Available after successful authentication.

TokenExpiresAt

Nullable<DateTimeOffset> TokenExpiresAt { get; }

Gets the token expiration time. Available after successful authentication.

Summary​

Members​

Constructors​

InteractiveBrowserCredentialProvider(CloudEnvironment cloud, string tenantId, string username, string homeAccountId, Action<DeviceCodeInfo> deviceCodeCallback, Func<Action<DeviceCodeInfo>, PreAuthDialogResult> beforeInteractiveAuth)​

Methods​

CreateServiceClientAsync​

Dispose​

FromProfile​

GetCachedTokenInfoAsync​

IsAvailable​

Properties​

AccessToken​

AuthMethod​

HomeAccountId​

IdTokenClaims​

Identity​

ObjectId​

TenantId​

TokenExpiresAt​