com.microsoft.aad.msal4j

Interface IBroker

public interface IBroker

Interface defining the core functionality required for authentication brokers.

Authentication brokers provide a centralized way to handle authentication across multiple applications on a device or platform. They can offer benefits such as single sign-on (SSO) between applications, consistent authentication experiences, and leveraging platform security features.

All methods are marked as default so they can be referenced by MSAL Java without an implementation, and most will simply throw an exception if not overridden by an IBroker implementation.

Method Summary

Modifier and Type	Method and Description
default CompletableFuture<IAuthenticationResult>	acquireToken(PublicClientApplication application, InteractiveRequestParameters parameters) Acquires a token interactively by prompting the user to enter credentials.
default CompletableFuture<IAuthenticationResult>	acquireToken(PublicClientApplication application, SilentParameters requestParameters) Acquires a token silently without user interaction.
default CompletableFuture<IAuthenticationResult>	acquireToken(PublicClientApplication application, UserNamePasswordParameters parameters) Acquires a token silently using username and password authentication.
default boolean	isBrokerAvailable() Checks whether a broker is available and ready to use on this machine.
default IAuthenticationResult	parseBrokerAuthResult(String authority, String idToken, String accessToken, String accountId, String clientInfo, long accessTokenExpirationTime, boolean isPopAuthorization) MSAL Java's AuthenticationResult requires several package-private classes that a broker implementation can't access, so this helper method can be used to create AuthenticationResults from within the MSAL Java package
default void	removeAccount(PublicClientApplication application, IAccount account) Removes an account from the broker's token cache.

Method Detail

acquireToken

default CompletableFuture<IAuthenticationResult> acquireToken(PublicClientApplication application,
                                                              SilentParameters requestParameters)

Acquires a token silently without user interaction.

This may be accomplished by returning tokens from a token cache, using cached refresh tokens to get new tokens, or via any authentication flow where a user is not prompted to enter credentials.

Parameters:

application - The public client application requesting the token

requestParameters - Parameters for the silent token request

Returns:

A CompletableFuture containing the authentication result with tokens and account information

Throws:

MsalClientException - If no broker implementation is available

acquireToken

default CompletableFuture<IAuthenticationResult> acquireToken(PublicClientApplication application,
                                                              InteractiveRequestParameters parameters)

Acquires a token interactively by prompting the user to enter credentials.

This method presents a user interface requesting credentials from the user and handles the interactive authentication flow.

Parameters:

application - The public client application requesting the token

parameters - Parameters for the interactive token request

Returns:

A CompletableFuture containing the authentication result with tokens and account information

Throws:

MsalClientException - If no broker implementation is available

acquireToken

default CompletableFuture<IAuthenticationResult> acquireToken(PublicClientApplication application,
                                                              UserNamePasswordParameters parameters)

Acquires a token silently using username and password authentication.

This method enables resource owner password credentials (ROPC) flow through a broker. Note that this flow is not recommended for production applications as it requires handling user credentials directly.

Parameters:

application - The public client application requesting the token

parameters - Parameters containing username, password and other request details

Returns:

A CompletableFuture containing the authentication result with tokens and account information

Throws:

MsalClientException - If no broker implementation is available

removeAccount

default void removeAccount(PublicClientApplication application,
                           IAccount account)
                    throws MsalClientException

Removes an account from the broker's token cache.

This method allows applications to sign out users and remove their tokens from the broker cache.

Parameters:

application - The public client application requesting the account removal

account - The account to be removed from the token cache

Throws:

MsalClientException - If no broker implementation is available

isBrokerAvailable

default boolean isBrokerAvailable()

Checks whether a broker is available and ready to use on this machine.

Applications should call this method before attempting to use broker-specific features to determine if a broker is installed and accessible.

Returns:

true if a broker is available for authentication, false otherwise

Throws:

MsalClientException - If no broker implementation is available

parseBrokerAuthResult

default IAuthenticationResult parseBrokerAuthResult(String authority,
                                                    String idToken,
                                                    String accessToken,
                                                    String accountId,
                                                    String clientInfo,
                                                    long accessTokenExpirationTime,
                                                    boolean isPopAuthorization)

MSAL Java's AuthenticationResult requires several package-private classes that a broker implementation can't access, so this helper method can be used to create AuthenticationResults from within the MSAL Java package