Acquire tokens

Acquiring a token depends on the kind of application

There are many ways of acquiring a token. Some require user interactions through a web browser. Some don't require any user interactions. In general the way to acquire a token is different depending on if the application is a public client application (Desktop / Mobile) or a confidential client application (Web App, Web API, daemon application like a windows service)

Public client applications:

will often acquire token interactively, having the user sign-in.
It's also possible (but not recommended) to get a token with a Username and password
Finally for applications running on devices which don't have a Web browser, it's possible to acquire a token through the device code (Device Code) mechanism, which provides the user with a URL and a code. The user goes to web browser on another device, enters the code and signs-in, which has Azure AD get him/her a token back on the Web-browser-less device.

Confidential client applications:

Acquire token for the application itself (client credential), and not for a user. This can be used for synching tools, or tools which process users in general, not a particular user.
In the case of Web Apps or Web APIs calling another Web API in the name of the user, using the On Behalf Of flow (and still identifying the application itself with client credentials) to acquire a token based on some User assertion (SAML for instance, or a JWT token). This can be used for applications which need to access resources of a particular user.
For Web apps, acquire tokens by authorization code after letting the user sign-in through the authorization request URL. This is typically the mechanism used by an open id connect application, which lets the user sign-in using Open ID connect, but then wants to access Web APIs for this particular user.

ADAL4J APIs for corresponding flows

Public Client flows:

Authorization Code Flow

Returns	Method
`Future<AuthenticationResult>`	`acquireTokenByAuthorizationCode(String authorizationCode, String resource, String clientId, URI redirectUri, AuthenticationCallback callback)`

Device Code flow

Returns	Method
`Future<DeviceCode>`	`acquireDeviceCode(String clientId, String resource, AuthenticationCallback<DeviceCode> callback)`
`Future<AuthenticationResult>`	`acquireTokenByDeviceCode(DeviceCode deviceCode, AuthenticationCallback callback)`

User-Name Password flow

Returns	Method
`Future<AuthenticationResult>`	`acquireToken(String resource, String clientId, String username, String password, AuthenticationCallback callback)`

Confidential Client flows:

Authorization Code Flow

Returns	Method
`Future<AuthenticationResult>`	`acquireTokenByAuthorizationCode(String authorizationCode, URI redirectUri, AsymmetricKeyCredential credential, AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireTokenByAuthorizationCode(String authorizationCode, URI redirectUri, AsymmetricKeyCredential credential, String resource, AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireTokenByAuthorizationCode(String authorizationCode, URI redirectUri, ClientAssertion clientAssertion, AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireTokenByAuthorizationCode(String authorizationCode, URI redirectUri, ClientAssertion clientAssertion, String resource, AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireTokenByAuthorizationCode(String authorizationCode, URI redirectUri, ClientCredential credential, AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireTokenByAuthorizationCode(String authorizationCode, URI redirectUri, ClientCredential credential, String resource, AuthenticationCallback callback)`

Client Credential flow

Returns	Method
`Future<AuthenticationResult>`	`acquireToken(java.lang.String resource, com.microsoft.aad.adal4j.AsymmetricKeyCredential credential, com.microsoft.aad.adal4j.AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireToken(java.lang.String resource, com.microsoft.aad.adal4j.ClientAssertion clientAssertion, com.microsoft.aad.adal4j.AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireToken(java.lang.String resource, com.microsoft.aad.adal4j.ClientCredential credential, com.microsoft.aad.adal4j.AuthenticationCallback callback)`

On-Behalf-Of User

Returns	Method
`Future<AuthenticationResult>`	`acquireToken(String resource, UserAssertion userAssertion, ClientCredential credential, AuthenticationCallback callback)`

Acquire Token using Refresh Tokens

Returns	Method
`Future<AuthenticationResult>`	`acquireTokenByRefreshToken(String refreshToken, AsymmetricKeyCredential credential, AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireTokenByRefreshToken(String refreshToken, AsymmetricKeyCredential credential, String resource,AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireTokenByRefreshToken(String refreshToken, ClientCredential credential, AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireTokenByRefreshToken(String refreshToken, ClientCredential credential, java.lang.String resource,AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireTokenByRefreshToken(String refreshToken, String clientId, AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireTokenByRefreshToken(String refreshToken, String clientId, ClientAssertion clientAssertion, AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireTokenByRefreshToken(String refreshToken, String clientId, ClientAssertion clientAssertion, String resource, AuthenticationCallback callback)`
`Future<AuthenticationResult>`	`acquireTokenByRefreshToken(String refreshToken, String clientId, String resource, AuthenticationCallback callback)`

ADAL4J acquireToken overrides

Acquiring a token interactively with ADAL.NET requires to pass:

The resource for which you want an access token. Here you can pass either the Resource URI of a Web API, or the clientId of the target Web API. Both work, but it's important to realize that the token will contain the resource as requested (audience), and therefore the form to use is the one accepted by the Web API.
The clientId parameter is the clientId/applicationId of the public client application.
The redirectUri is the redirect Uri of the public client application. This is the address to return upon receiving a response from the STS.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Acquire tokens

Acquiring a token depends on the kind of application

Public client applications:

Confidential client applications:

ADAL4J APIs for corresponding flows

Public Client flows:

Authorization Code Flow

Device Code flow

User-Name Password flow

Confidential Client flows:

Authorization Code Flow

Client Credential flow

On-Behalf-Of User

Acquire Token using Refresh Tokens

ADAL4J acquireToken overrides

Getting started with ADAL Java

Configure, build, and test

Advanced topics

FAQ & Common Issues

News

Other resources

Clone this wiki locally