Skip to content

[Bug] Missing Claims Propagation in SignedAssertionWithAssertionRequestOptions Delegate #5143

New issue
New issue
Closed
Bug
#5145
Closed
[Bug] Missing Claims Propagation in SignedAssertionWithAssertionRequestOptions Delegate#5143
Bug
#5145
Assignees
gladjohn
Labels
Feature RequestP2confidential-client
Milestone
4.68.1
@gladjohn

Description

@gladjohn
gladjohn
opened on Feb 13, 2025

Library version used

Latest

.NET version

net 8

Scenario

ConfidentialClient - service to service (AcquireTokenForClient)

Is this a new or an existing app?

This is a new app or experiment

Issue description and reproduction steps

When using the delegate-based flow (.WithClientAssertion(options => ...)) in MSAL to generate a client assertion, the Claims property from AssertionRequestOptions is not being propagated into the final assertion. Although Claims is already part of AssertionRequestOptions, it is currently not consumed or forwarded in code paths that rely on the delegate.

Relevant code snippets



Expected behavior


Claims provided in AssertionRequestOptions.Claims should be included in the client assertion that is sent to the token endpoint.


Identity provider


Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)


Regression


No response


Solution and workarounds


When building the AssertionRequestOptions, ensure that the Claims property is passed to the delegate and included in the final assertion.
Metadata
Metadata
Assignees
Labels
Feature RequestP2confidential-client
Type
Bug
Projects
MSAL Customer Trust
Status
Done
Milestone
Relationships
None yet
Development
No branches or pull requests
Issue actions