Skip to content

[Feature Request] AAD client assertions should be computed using SHA 256 and an approved padding scheme #760

New issue
New issue
Closed
Closed
[Feature Request] AAD client assertions should be computed using SHA 256 and an approved padding scheme#760
Labels
EnhancementA request or suggestion to improve some aspect of the libraryFeature RequestRequest for new functionalityconfidential-clientFor issues related to confidential client apps
@bgavrilMS

Description

@bgavrilMS
bgavrilMS
opened on Dec 14, 2023

MSAL client type

Confidential

Problem Statement

When MSAL creates the client assertion, it uses PKCS1 padding for digital signature and SHA1 as x5t claim. These are old crypto algorithms and we need to move to newer versions. The STS is building support.

See ESTS work items :

https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2655345
https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2704466

Proposed solution

Use x5t#s256 and PSS padding when talking to ESTS, CIAM, B2C(?) but not with ADFS.

Original issue: AzureAD/microsoft-authentication-library-for-dotnet#4428

Metadata

Metadata

Assignees

No one assigned

    Labels

    EnhancementA request or suggestion to improve some aspect of the libraryFeature RequestRequest for new functionalityconfidential-clientFor issues related to confidential client apps

    Type

    No type

    Projects

    MSAL Java Customer Trust

    Status

    Done (in PR or next release)

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions