[FEATURE REQ] Support sendX5c in ClientCertificateCredential to allow SubjectName+issuer validation #12130
Labels
Azure.Identity
Client
This issue points to a problem in the data-plane of the library.
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
feature-request
This issue requires a new behavior in the product in order be resolved.
Milestone
Library or service name.
Azure.Identity
Is your feature request related to a problem? Please describe.
When requesting a token via
AuthenticationContext.AcquireTokenAsync
(in theMicrosoft.IdentityModel.Clients.ActiveDirectory
assembly), there are overloads that accept the sendX5c parameter:This is critical for auto rotation scenarios, where you have your cert auto-renewed in KeyVault and you want your certs to maintain their access to their AAD apps following such renewals.
There is currently no way that I can tell so specify this parameter in
Azure.Identity
'sClientCertificateCredential
, forcing users to drop to the lowerAuthenticationContext
level.The text was updated successfully, but these errors were encountered: