-
Notifications
You must be signed in to change notification settings - Fork 341
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add descriptive x5c comment to WithCertificate #3075
Conversation
@@ -94,9 +94,15 @@ public ConfidentialClientApplicationBuilder WithCertificate(X509Certificate2 cer | |||
|
|||
/// <summary> | |||
/// Sets the certificate associated with the application. | |||
/// This method allows to specify if the x5c claim (public key of the certificate) should be sent to Azure AD. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- It's not the public key of the cert that's being sent, it's the certificate chain. Please reference https://datatracker.ietf.org/doc/html/rfc7517#section-4.7
- As far as I know, this is only available for 1st parties. This should be highlighted
- The URL is internal and we'll get flagged for posting internal stuff. Can you add or modify a page in our wiki instead where it just states "This is for 1st party Microsoft apps only. For details please see ..."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- What's going to flag us? Even if it's aka.ms link, and not a direct link?
So update aka.ms link to point to a new SNI wiki page which has a link to internal SNI doc?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An aka.ms link is fine, but not if it points to an internal doc. All aka.ms link that go onto the public docs must point to public pages. We started getting docs bugs because of this.
You can also point to AzureAD/microsoft-authentication-library-for-python#60
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved with comments. Main thing is to highlight that X5C is for 1st party only (despite the misleading internal docs) |
5d25418
to
a5c5115
Compare
Fixes #
Changes proposed in this request
Update X5C related comments in WithSendX5C and WithCertificate.
Testing
Performance impact