Skip to content
This repository has been archived by the owner on Jul 5, 2023. It is now read-only.

AuthenticationContext

Navya Canumalla edited this page May 19, 2018 · 2 revisions

ADAL4J has one class representing a connection to Azure AD: AuthenticationContext.

What is AuthenticationContext:

An AuthenticationContext represents the authority you want to use for gaining access to resources (ie the authority you refer to when you need tokens). The AuthenticationContext is:

  • a connection to the Security Token Service (STS) or authorization server , through the Authority.

AuthenticationContext constructor has three parameters:

  1. authority: The URL of the STS that ADAL goes to for acquiring token for resources. You can think of the authority as the directory issuing the identities/tokens. The URL is composed of https://<instance>/<tenant>, where 'instance' is the Azure AD host(such as https://login.microsoftonline.com) and 'tenant' is the domain name (such as contoso.onmicrosoft.com) or tenant ID of the directory.
  2. validateAuthority: A boolean flag which specifies whether to validate the authority before sending requests to it. By default, this is set to true. It is recommended to validate authority when dynamically setting an authority value for requests.
  3. service: is a construct that allows you to pass a task to be executed by a thread asynchronously. The executor service creates and maintains a reusable pool of threads for executing submitted tasks. In the case of ADAL, it will be asynchronous calls to acquire tokens.

Authority values:

The authority needs to be set to the URL of the STS. Examples of authority URL are:

  • https://login.microsoftonline.com/f31e6716-26e8-4651-b323-2563936b4163 for a single tenant application defined in the tenant which TenantId is f31e6716-26e8-4651-b323-2563936b4163
  • https://login.microsoftonline.com/contoso.onmicrosoft.com. This representation is like the previous one, but uses the tenant domain name instead of the tenant Id.
  • https://login.microsoftonline.de/contoso.de also uses a domain name, but in this case the Azure AD tenant admins have set a custom domain for their tenant. And the instance URL here is for the German national cloud.
  • https://login.microsoftonline.com/common in the case of a multi-tenant application, that is an application available in several Azure AD tenants.
  • It can finally be an Active Directory Federation Services (ADFS) URL, which is recognized with the convention that the URL should contain adfs like https://contoso.com/adfs.

Note that the authority might also be an Azure AD B2C tenant, but ADAL does not support B2C.