Skip to content

[Feature Request] (RP only) Provide an option to associate tokens with the certificate serial number #5150

New issue
New issue
Closed
#5151
Closed
[Feature Request] (RP only) Provide an option to associate tokens with the certificate serial number#5150
#5151
Assignees
trwalke
Labels
Feature RequestICMThis issue has a corresponding ICM, either for our team or another.confidential-client
@bgavrilMS

Description

@bgavrilMS
bgavrilMS
opened on Feb 19, 2025

MSAL client type

Confidential

Problem statement

Resource Providers need to associate tokens with the certificate. There are multiple certificates on each host, depending on attributes like the arm resource id etc., and for each combination of attributes there will be a different certificate being made available to them.

Today, Resource Provider need to partition the cache on their own, but this is error prone and it's not future proof, as they need to update their code every time a new attribute is defined.

Proposed solution

Add an overload of WithCertificate:

WithCertificate (X509Certificate2 certificate, bool sendX5C, bool associateTokensWithCertificateSerialNumber)

Internally, this uses the (internal) cache extensibility logic in MSAL to add an extra cache key component like ["certsn" : certificate.SerialNumber]

Note: this method should be placed in a new namespace called Microsoft.Identity.Client.RP

Note

Note: this is not a feature for MISE, as RPs should continue to use MSAL to get tokens. There is no scenario where they need to get auth headers or to call downstream APIs.

Metadata

Metadata

Assignees

Labels

Feature RequestICMThis issue has a corresponding ICM, either for our team or another.confidential-client

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions