Merge branch 'main' into dharshanb/winui3Support

DharshanBJ · web-flow · commit 74f8bfb3d5a3 · 2025-08-15T11:52:47.000-07:00
diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenCommonParameters.cs b/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenCommonParameters.cs
@@ -75,7 +75,7 @@ internal async Task InitMtlsPopParametersAsync(IServiceBundle serviceBundle, Can
                     CancellationToken = ct
                 };
 
-                ClientAssertion ar = await cadc.GetAssertionAsync(opts, ct).ConfigureAwait(false);
+                ClientSignedAssertion ar = await cadc.GetAssertionAsync(opts, ct).ConfigureAwait(false);
 
                 if (ar.TokenBindingCertificate == null)
                 {
diff --git a/src/client/Microsoft.Identity.Client/AppConfig/ClientSignedAssertion.cs b/src/client/Microsoft.Identity.Client/AppConfig/ClientSignedAssertion.cs
@@ -8,12 +8,12 @@ namespace Microsoft.Identity.Client
     /// <summary>
     /// Container returned from <c>WithClientAssertion</c>.
     /// </summary>
-    public class ClientAssertion
+    public class ClientSignedAssertion
     {
         /// <summary>
         /// Represents the client assertion (JWT) and optional mutual‑TLS binding certificate returned
         /// by the <c>clientAssertionProvider</c> callback supplied to
-        /// <see cref="ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func{AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task{ClientAssertion}})"/>.
+        /// <see cref="ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func{AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task{ClientSignedAssertion}})"/>.
         /// </summary>
         /// <remarks>
         /// MSAL forwards <see cref="Assertion"/> to the token endpoint as the <c>client_assertion</c> parameter.
diff --git a/src/client/Microsoft.Identity.Client/AppConfig/ConfidentialClientApplicationBuilder.cs b/src/client/Microsoft.Identity.Client/AppConfig/ConfidentialClientApplicationBuilder.cs
@@ -230,7 +230,7 @@ public ConfidentialClientApplicationBuilder WithClientAssertion(Func<string> cli
 
             return WithClientAssertion(
                 (opts, ct) =>
-                    Task.FromResult(new ClientAssertion
+                    Task.FromResult(new ClientSignedAssertion
                     {
                         Assertion = clientAssertionDelegate()   // bearer
                     }));
@@ -255,7 +255,7 @@ public ConfidentialClientApplicationBuilder WithClientAssertion(Func<Cancellatio
                 async (opts, ct) =>
                 {
                     string jwt = await clientAssertionAsyncDelegate(ct).ConfigureAwait(false);
-                    return new ClientAssertion { Assertion = jwt };    // bearer
+                    return new ClientSignedAssertion { Assertion = jwt };    // bearer
                 });
         }
 
@@ -277,7 +277,7 @@ public ConfidentialClientApplicationBuilder WithClientAssertion(Func<AssertionRe
                 async (opts, _) =>
                 {
                     string jwt = await clientAssertionAsyncDelegate(opts).ConfigureAwait(false);
-                    return new ClientAssertion { Assertion = jwt };    // bearer
+                    return new ClientSignedAssertion { Assertion = jwt };    // bearer
                 });
         }
 
@@ -287,16 +287,16 @@ public ConfidentialClientApplicationBuilder WithClientAssertion(Func<AssertionRe
         /// <remarks>This method allows the client application to authenticate using a custom client
         /// assertion, which can be useful in scenarios where the assertion needs to be dynamically generated or
         /// retrieved.</remarks>
-        /// <param name="clientAssertionProvider">A delegate that asynchronously provides an <see cref="ClientAssertion"/> based on the given <see
+        /// <param name="clientSignedAssertionProvider">A delegate that asynchronously provides an <see cref="ClientSignedAssertion"/> based on the given <see
         /// cref="AssertionRequestOptions"/> and <see cref="CancellationToken"/>. This delegate must not be <see
         /// langword="null"/>.</param>
         /// <returns>The <see cref="ConfidentialClientApplicationBuilder"/> instance configured with the specified client
         /// assertion.</returns>
-        /// <exception cref="MsalClientException">Thrown if <paramref name="clientAssertionProvider"/> is <see langword="null"/>.</exception>
+        /// <exception cref="MsalClientException">Thrown if <paramref name="clientSignedAssertionProvider"/> is <see langword="null"/>.</exception>
         public ConfidentialClientApplicationBuilder WithClientAssertion(Func<AssertionRequestOptions,
-            CancellationToken, Task<ClientAssertion>> clientAssertionProvider)
+            CancellationToken, Task<ClientSignedAssertion>> clientSignedAssertionProvider)
         {
-            Config.ClientCredential = new ClientAssertionDelegateCredential(clientAssertionProvider);
+            Config.ClientCredential = new ClientAssertionDelegateCredential(clientSignedAssertionProvider);
             return this;
         }
 
diff --git a/src/client/Microsoft.Identity.Client/Internal/ClientCredential/ClientAssertionDelegateCredential.cs b/src/client/Microsoft.Identity.Client/Internal/ClientCredential/ClientAssertionDelegateCredential.cs
@@ -17,19 +17,19 @@ namespace Microsoft.Identity.Client.Internal.ClientCredential
 {
     /// <summary>
     /// Handles client assertions supplied via a delegate that returns an
-    /// <see cref="ClientAssertion"/> (JWT + optional certificate bound for mTLS‑PoP).
+    /// <see cref="ClientSignedAssertion"/> (JWT + optional certificate bound for mTLS‑PoP).
     /// </summary>
     internal sealed class ClientAssertionDelegateCredential : IClientCredential
     {
-        private readonly Func<AssertionRequestOptions, CancellationToken, Task<ClientAssertion>> _provider;
+        private readonly Func<AssertionRequestOptions, CancellationToken, Task<ClientSignedAssertion>> _provider;
 
-        internal Task<ClientAssertion> GetAssertionAsync(
+        internal Task<ClientSignedAssertion> GetAssertionAsync(
                 AssertionRequestOptions options,
                 CancellationToken cancellationToken) =>
             _provider(options, cancellationToken);
 
         public ClientAssertionDelegateCredential(
-            Func<AssertionRequestOptions, CancellationToken, Task<ClientAssertion>> provider)
+            Func<AssertionRequestOptions, CancellationToken, Task<ClientSignedAssertion>> provider)
         {
             _provider = provider ?? throw new ArgumentNullException(nameof(provider));
         }
@@ -56,7 +56,7 @@ public async Task AddConfidentialClientParametersAsync(
                 ClientAssertionFmiPath = p.ClientAssertionFmiPath
             };
 
-            ClientAssertion resp = await _provider(opts, ct).ConfigureAwait(false);
+            ClientSignedAssertion resp = await _provider(opts, ct).ConfigureAwait(false);
 
             if (string.IsNullOrWhiteSpace(resp?.Assertion))
             {
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt
@@ -1,9 +1,9 @@
 const Microsoft.Identity.Client.MsalError.InvalidClientAssertion = "invalid_client_assertion" -> string
-Microsoft.Identity.Client.ClientAssertion
-Microsoft.Identity.Client.ClientAssertion.Assertion.get -> string
-Microsoft.Identity.Client.ClientAssertion.Assertion.set -> void
-Microsoft.Identity.Client.ClientAssertion.ClientAssertion() -> void
-Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
-Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.set -> void
-Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientAssertion>> clientAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
+Microsoft.Identity.Client.ClientSignedAssertion
+Microsoft.Identity.Client.ClientSignedAssertion.Assertion.get -> string
+Microsoft.Identity.Client.ClientSignedAssertion.Assertion.set -> void
+Microsoft.Identity.Client.ClientSignedAssertion.ClientSignedAssertion() -> void
+Microsoft.Identity.Client.ClientSignedAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
+Microsoft.Identity.Client.ClientSignedAssertion.TokenBindingCertificate.set -> void
+Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientSignedAssertion>> clientSignedAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
 static Microsoft.Identity.Client.Extensibility.AcquireTokenForClientBuilderExtensions.WithExtraBodyParameters(this Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder builder, System.Collections.Generic.Dictionary<string, System.Func<System.Threading.CancellationToken, System.Threading.Tasks.Task<string>>> extrabodyparams) -> Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt
@@ -1,9 +1,9 @@
 const Microsoft.Identity.Client.MsalError.InvalidClientAssertion = "invalid_client_assertion" -> string
-Microsoft.Identity.Client.ClientAssertion
-Microsoft.Identity.Client.ClientAssertion.Assertion.get -> string
-Microsoft.Identity.Client.ClientAssertion.Assertion.set -> void
-Microsoft.Identity.Client.ClientAssertion.ClientAssertion() -> void
-Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
-Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.set -> void
-Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientAssertion>> clientAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
+Microsoft.Identity.Client.ClientSignedAssertion
+Microsoft.Identity.Client.ClientSignedAssertion.Assertion.get -> string
+Microsoft.Identity.Client.ClientSignedAssertion.Assertion.set -> void
+Microsoft.Identity.Client.ClientSignedAssertion.ClientSignedAssertion() -> void
+Microsoft.Identity.Client.ClientSignedAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
+Microsoft.Identity.Client.ClientSignedAssertion.TokenBindingCertificate.set -> void
+Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientSignedAssertion>> clientSignedAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
 static Microsoft.Identity.Client.Extensibility.AcquireTokenForClientBuilderExtensions.WithExtraBodyParameters(this Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder builder, System.Collections.Generic.Dictionary<string, System.Func<System.Threading.CancellationToken, System.Threading.Tasks.Task<string>>> extrabodyparams) -> Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt
@@ -1,9 +1,9 @@
 const Microsoft.Identity.Client.MsalError.InvalidClientAssertion = "invalid_client_assertion" -> string
-Microsoft.Identity.Client.ClientAssertion
-Microsoft.Identity.Client.ClientAssertion.Assertion.get -> string
-Microsoft.Identity.Client.ClientAssertion.Assertion.set -> void
-Microsoft.Identity.Client.ClientAssertion.ClientAssertion() -> void
-Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
-Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.set -> void
-Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientAssertion>> clientAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
+Microsoft.Identity.Client.ClientSignedAssertion
+Microsoft.Identity.Client.ClientSignedAssertion.Assertion.get -> string
+Microsoft.Identity.Client.ClientSignedAssertion.Assertion.set -> void
+Microsoft.Identity.Client.ClientSignedAssertion.ClientSignedAssertion() -> void
+Microsoft.Identity.Client.ClientSignedAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
+Microsoft.Identity.Client.ClientSignedAssertion.TokenBindingCertificate.set -> void
+Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientSignedAssertion>> clientSignedAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
 static Microsoft.Identity.Client.Extensibility.AcquireTokenForClientBuilderExtensions.WithExtraBodyParameters(this Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder builder, System.Collections.Generic.Dictionary<string, System.Func<System.Threading.CancellationToken, System.Threading.Tasks.Task<string>>> extrabodyparams) -> Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt
@@ -1,9 +1,9 @@
 const Microsoft.Identity.Client.MsalError.InvalidClientAssertion = "invalid_client_assertion" -> string
-Microsoft.Identity.Client.ClientAssertion
-Microsoft.Identity.Client.ClientAssertion.Assertion.get -> string
-Microsoft.Identity.Client.ClientAssertion.Assertion.set -> void
-Microsoft.Identity.Client.ClientAssertion.ClientAssertion() -> void
-Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
-Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.set -> void
-Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientAssertion>> clientAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
+Microsoft.Identity.Client.ClientSignedAssertion
+Microsoft.Identity.Client.ClientSignedAssertion.Assertion.get -> string
+Microsoft.Identity.Client.ClientSignedAssertion.Assertion.set -> void
+Microsoft.Identity.Client.ClientSignedAssertion.ClientSignedAssertion() -> void
+Microsoft.Identity.Client.ClientSignedAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
+Microsoft.Identity.Client.ClientSignedAssertion.TokenBindingCertificate.set -> void
+Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientSignedAssertion>> clientSignedAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
 static Microsoft.Identity.Client.Extensibility.AcquireTokenForClientBuilderExtensions.WithExtraBodyParameters(this Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder builder, System.Collections.Generic.Dictionary<string, System.Func<System.Threading.CancellationToken, System.Threading.Tasks.Task<string>>> extrabodyparams) -> Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt
@@ -1,9 +1,9 @@
 const Microsoft.Identity.Client.MsalError.InvalidClientAssertion = "invalid_client_assertion" -> string
-Microsoft.Identity.Client.ClientAssertion
-Microsoft.Identity.Client.ClientAssertion.Assertion.get -> string
-Microsoft.Identity.Client.ClientAssertion.Assertion.set -> void
-Microsoft.Identity.Client.ClientAssertion.ClientAssertion() -> void
-Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
-Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.set -> void
-Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientAssertion>> clientAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
+Microsoft.Identity.Client.ClientSignedAssertion
+Microsoft.Identity.Client.ClientSignedAssertion.Assertion.get -> string
+Microsoft.Identity.Client.ClientSignedAssertion.Assertion.set -> void
+Microsoft.Identity.Client.ClientSignedAssertion.ClientSignedAssertion() -> void
+Microsoft.Identity.Client.ClientSignedAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
+Microsoft.Identity.Client.ClientSignedAssertion.TokenBindingCertificate.set -> void
+Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientSignedAssertion>> clientSignedAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
 static Microsoft.Identity.Client.Extensibility.AcquireTokenForClientBuilderExtensions.WithExtraBodyParameters(this Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder builder, System.Collections.Generic.Dictionary<string, System.Func<System.Threading.CancellationToken, System.Threading.Tasks.Task<string>>> extrabodyparams) -> Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt
@@ -1,9 +1,9 @@
 const Microsoft.Identity.Client.MsalError.InvalidClientAssertion = "invalid_client_assertion" -> string
-Microsoft.Identity.Client.ClientAssertion
-Microsoft.Identity.Client.ClientAssertion.Assertion.get -> string
-Microsoft.Identity.Client.ClientAssertion.Assertion.set -> void
-Microsoft.Identity.Client.ClientAssertion.ClientAssertion() -> void
-Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
-Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.set -> void
-Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientAssertion>> clientAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
+Microsoft.Identity.Client.ClientSignedAssertion
+Microsoft.Identity.Client.ClientSignedAssertion.Assertion.get -> string
+Microsoft.Identity.Client.ClientSignedAssertion.Assertion.set -> void
+Microsoft.Identity.Client.ClientSignedAssertion.ClientSignedAssertion() -> void
+Microsoft.Identity.Client.ClientSignedAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
+Microsoft.Identity.Client.ClientSignedAssertion.TokenBindingCertificate.set -> void
+Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientSignedAssertion>> clientSignedAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
 static Microsoft.Identity.Client.Extensibility.AcquireTokenForClientBuilderExtensions.WithExtraBodyParameters(this Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder builder, System.Collections.Generic.Dictionary<string, System.Func<System.Threading.CancellationToken, System.Threading.Tasks.Task<string>>> extrabodyparams) -> Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder
diff --git a/tests/Microsoft.Identity.Test.Unit/PublicApiTests/ClientAssertionTests.cs b/tests/Microsoft.Identity.Test.Unit/PublicApiTests/ClientAssertionTests.cs
diff --git a/tests/Microsoft.Identity.Test.Unit/PublicApiTests/ConfidentialClientApplicationTests.cs b/tests/Microsoft.Identity.Test.Unit/PublicApiTests/ConfidentialClientApplicationTests.cs

Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ internal async Task InitMtlsPopParametersAsync(IServiceBundle serviceBundle, Can`
`75`	`75`	`CancellationToken = ct`
`76`	`76`	`};`
`77`	`77`
`78`		`- ClientAssertion ar = await cadc.GetAssertionAsync(opts, ct).ConfigureAwait(false);`
	`78`	`+ ClientSignedAssertion ar = await cadc.GetAssertionAsync(opts, ct).ConfigureAwait(false);`
`79`	`79`
`80`	`80`	`if (ar.TokenBindingCertificate == null)`
`81`	`81`	`{`
Original file line number	Diff line number	Diff line change
`@@ -17,19 +17,19 @@ namespace Microsoft.Identity.Client.Internal.ClientCredential`
`17`	`17`	`{`
`18`	`18`	`/// <summary>`
`19`	`19`	`/// Handles client assertions supplied via a delegate that returns an`
`20`		`- /// <see cref="ClientAssertion"/> (JWT + optional certificate bound for mTLS‑PoP).`
	`20`	`+ /// <see cref="ClientSignedAssertion"/> (JWT + optional certificate bound for mTLS‑PoP).`
`21`	`21`	`/// </summary>`
`22`	`22`	`internal sealed class ClientAssertionDelegateCredential : IClientCredential`
`23`	`23`	`{`
`24`		`- private readonly Func<AssertionRequestOptions, CancellationToken, Task<ClientAssertion>> _provider;`
	`24`	`+ private readonly Func<AssertionRequestOptions, CancellationToken, Task<ClientSignedAssertion>> _provider;`
`25`	`25`
`26`		`- internal Task<ClientAssertion> GetAssertionAsync(`
	`26`	`+ internal Task<ClientSignedAssertion> GetAssertionAsync(`
`27`	`27`	`AssertionRequestOptions options,`
`28`	`28`	`CancellationToken cancellationToken) =>`
`29`	`29`	`_provider(options, cancellationToken);`
`30`	`30`
`31`	`31`	`public ClientAssertionDelegateCredential(`
`32`		`- Func<AssertionRequestOptions, CancellationToken, Task<ClientAssertion>> provider)`
	`32`	`+ Func<AssertionRequestOptions, CancellationToken, Task<ClientSignedAssertion>> provider)`
`33`	`33`	`{`
`34`	`34`	`_provider = provider ?? throw new ArgumentNullException(nameof(provider));`
`35`	`35`	`}`
`@@ -56,7 +56,7 @@ public async Task AddConfidentialClientParametersAsync(`
`56`	`56`	`ClientAssertionFmiPath = p.ClientAssertionFmiPath`
`57`	`57`	`};`
`58`	`58`
`59`		`- ClientAssertion resp = await _provider(opts, ct).ConfigureAwait(false);`
	`59`	`+ ClientSignedAssertion resp = await _provider(opts, ct).ConfigureAwait(false);`
`60`	`60`
`61`	`61`	`if (string.IsNullOrWhiteSpace(resp?.Assertion))`
`62`	`62`	`{`