Skip to content

Commit b84be19

Browse files
GladwinJohnsonGladwinJohnson
committed
build break for public api change
1 parent 1703b49 commit b84be19

File tree

15 files changed

+254
-129
lines changed

15 files changed

+254
-129
lines changed

src/client/Microsoft.Identity.Client/AppConfig/AssertionResponse.cs

Lines changed: 0 additions & 22 deletions
This file was deleted.

src/client/Microsoft.Identity.Client/AppConfig/ClientAssertion.cs

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
// Copyright (c) Microsoft Corporation. All rights reserved.
2+
// Licensed under the MIT License.
3+
4+
using System.Security.Cryptography.X509Certificates;
5+
6+
namespace Microsoft.Identity.Client
7+
{
8+
/// <summary>
9+
/// Container returned from <c>WithClientAssertion</c>.
10+
/// </summary>
11+
public class ClientAssertion
12+
{
13+
/// <summary>
14+
/// Represents the client assertion (JWT) and optional mutual‑TLS binding certificate returned
15+
/// by the <c>clientAssertionProvider</c> callback supplied to
16+
/// <see cref="ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func{AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task{ClientAssertion}})"/>.
17+
/// </summary>
18+
/// <remarks>
19+
/// MSAL forwards <see cref="Assertion"/> to the token endpoint as the <c>client_assertion</c> parameter.
20+
/// When mutual‑TLS Proof‑of‑Possession (PoP) is enabled on the application and a
21+
/// <see cref="TokenBindingCertificate"/> is provided, MSAL sets <c>client_assertion_type</c> to
22+
/// <c>urn:ietf:params:oauth:client-assertion-type:jwt-pop</c>; otherwise it uses <c>jwt-bearer</c>.
23+
/// <br/><br/>
24+
/// Guidance on constructing the client assertion (required claims, audience, and lifetime) is available at
25+
/// <see href="https://aka.ms/msal-net-client-assertion">aka.ms/msal-net-client-assertion</see>.
26+
/// The assertion is created by your callback; MSAL does not modify or re‑sign it.
27+
/// </remarks>
28+
public string Assertion { get; set; }
29+
30+
/// <summary>
31+
/// Optional. Certificate used to bind the client assertion for mutual‑TLS Proof‑of‑Possession (PoP).
32+
/// </summary>
33+
/// <remarks>
34+
/// Provide a value only when PoP is enabled on the application. The certificate should include an
35+
/// accessible private key. If <c>null</c>, MSAL treats the assertion as a bearer assertion and uses
36+
/// <c>client_assertion_type=jwt-bearer</c>.
37+
/// </remarks>
38+
public X509Certificate2 TokenBindingCertificate { get; set; }
39+
}
40+
}

src/client/Microsoft.Identity.Client/AppConfig/ConfidentialClientApplicationBuilder.cs

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -230,7 +230,7 @@ public ConfidentialClientApplicationBuilder WithClientAssertion(Func<string> cli
230230

231231
return WithClientAssertion(
232232
(opts, ct) =>
233-
Task.FromResult(new AssertionResponse
233+
Task.FromResult(new ClientAssertion
234234
{
235235
Assertion = clientAssertionDelegate() // bearer
236236
}));
@@ -255,7 +255,7 @@ public ConfidentialClientApplicationBuilder WithClientAssertion(Func<Cancellatio
255255
async (opts, ct) =>
256256
{
257257
string jwt = await clientAssertionAsyncDelegate(ct).ConfigureAwait(false);
258-
return new AssertionResponse { Assertion = jwt }; // bearer
258+
return new ClientAssertion { Assertion = jwt }; // bearer
259259
});
260260
}
261261

@@ -277,7 +277,7 @@ public ConfidentialClientApplicationBuilder WithClientAssertion(Func<AssertionRe
277277
async (opts, _) =>
278278
{
279279
string jwt = await clientAssertionAsyncDelegate(opts).ConfigureAwait(false);
280-
return new AssertionResponse { Assertion = jwt }; // bearer
280+
return new ClientAssertion { Assertion = jwt }; // bearer
281281
});
282282
}
283283

@@ -287,14 +287,14 @@ public ConfidentialClientApplicationBuilder WithClientAssertion(Func<AssertionRe
287287
/// <remarks>This method allows the client application to authenticate using a custom client
288288
/// assertion, which can be useful in scenarios where the assertion needs to be dynamically generated or
289289
/// retrieved.</remarks>
290-
/// <param name="clientAssertionProvider">A delegate that asynchronously provides an <see cref="AssertionResponse"/> based on the given <see
290+
/// <param name="clientAssertionProvider">A delegate that asynchronously provides an <see cref="ClientAssertion"/> based on the given <see
291291
/// cref="AssertionRequestOptions"/> and <see cref="CancellationToken"/>. This delegate must not be <see
292292
/// langword="null"/>.</param>
293293
/// <returns>The <see cref="ConfidentialClientApplicationBuilder"/> instance configured with the specified client
294294
/// assertion.</returns>
295-
/// <exception cref="ArgumentNullException">Thrown if <paramref name="clientAssertionProvider"/> is <see langword="null"/>.</exception>
295+
/// <exception cref="MsalClientException">Thrown if <paramref name="clientAssertionProvider"/> is <see langword="null"/>.</exception>
296296
public ConfidentialClientApplicationBuilder WithClientAssertion(Func<AssertionRequestOptions,
297-
CancellationToken, Task<AssertionResponse>> clientAssertionProvider)
297+
CancellationToken, Task<ClientAssertion>> clientAssertionProvider)
298298
{
299299
Config.ClientCredential = new ClientAssertionDelegateCredential(clientAssertionProvider);
300300
return this;

src/client/Microsoft.Identity.Client/AuthScheme/PoP/PopBindingResolver.cs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ internal static async Task ValidateAndWireAsync(IServiceBundle serviceBundle,
6262
CancellationToken = ct
6363
};
6464

65-
AssertionResponse ar = await cadc.GetAssertionAsync(opts, ct).ConfigureAwait(false);
65+
ClientAssertion ar = await cadc.GetAssertionAsync(opts, ct).ConfigureAwait(false);
6666

6767
if (ar.TokenBindingCertificate == null)
6868
{

src/client/Microsoft.Identity.Client/Internal/ClientCredential/ClientAssertionDelegateCredential.cs

Lines changed: 5 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -17,31 +17,25 @@ namespace Microsoft.Identity.Client.Internal.ClientCredential
1717
{
1818
/// <summary>
1919
/// Handles client assertions supplied via a delegate that returns an
20-
/// <see cref="AssertionResponse"/> (JWT + optional certificate bound for mTLS‑PoP).
20+
/// <see cref="ClientAssertion"/> (JWT + optional certificate bound for mTLS‑PoP).
2121
/// </summary>
2222
internal sealed class ClientAssertionDelegateCredential : IClientCredential
2323
{
24-
private readonly Func<AssertionRequestOptions, CancellationToken, Task<AssertionResponse>> _provider;
24+
private readonly Func<AssertionRequestOptions, CancellationToken, Task<ClientAssertion>> _provider;
2525

26-
internal Task<AssertionResponse> GetAssertionAsync(
26+
internal Task<ClientAssertion> GetAssertionAsync(
2727
AssertionRequestOptions options,
2828
CancellationToken cancellationToken) =>
2929
_provider(options, cancellationToken);
3030

3131
public ClientAssertionDelegateCredential(
32-
Func<AssertionRequestOptions, CancellationToken, Task<AssertionResponse>> provider)
32+
Func<AssertionRequestOptions, CancellationToken, Task<ClientAssertion>> provider)
3333
{
3434
_provider = provider ?? throw new ArgumentNullException(nameof(provider));
3535
}
3636

3737
public AssertionType AssertionType => AssertionType.ClientAssertion;
3838

39-
// ──────────────────────────────────
40-
// Expose the certificate we used in the *last* call
41-
// ──────────────────────────────────
42-
private X509Certificate2 _lastCertificate;
43-
internal X509Certificate2 LastCertificate => _lastCertificate;
44-
4539
// ──────────────────────────────────
4640
// Main hook for token requests
4741
// ──────────────────────────────────
@@ -62,7 +56,7 @@ public async Task AddConfidentialClientParametersAsync(
6256
ClientAssertionFmiPath = p.ClientAssertionFmiPath
6357
};
6458

65-
AssertionResponse resp = await _provider(opts, ct).ConfigureAwait(false);
59+
ClientAssertion resp = await _provider(opts, ct).ConfigureAwait(false);
6660

6761
if (string.IsNullOrWhiteSpace(resp?.Assertion))
6862
{
@@ -78,16 +72,12 @@ public async Task AddConfidentialClientParametersAsync(
7872
oAuth2Client.AddBodyParameter(
7973
OAuth2Parameter.ClientAssertionType,
8074
OAuth2AssertionType.JwtPop /* constant added in OAuth2AssertionType */);
81-
82-
_lastCertificate = resp.TokenBindingCertificate;
8375
}
8476
else
8577
{
8678
oAuth2Client.AddBodyParameter(
8779
OAuth2Parameter.ClientAssertionType,
8880
OAuth2AssertionType.JwtBearer);
89-
90-
_lastCertificate = null;
9181
}
9282

9383
oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, resp.Assertion);

src/client/Microsoft.Identity.Client/IsExternalInit.cs

Lines changed: 0 additions & 11 deletions
This file was deleted.

src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
const Microsoft.Identity.Client.MsalError.InvalidClientAssertion = "invalid_client_assertion" -> string
2-
Microsoft.Identity.Client.AssertionResponse
3-
Microsoft.Identity.Client.AssertionResponse.Assertion.get -> string
4-
Microsoft.Identity.Client.AssertionResponse.Assertion.init -> void
5-
Microsoft.Identity.Client.AssertionResponse.AssertionResponse() -> void
6-
Microsoft.Identity.Client.AssertionResponse.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
7-
Microsoft.Identity.Client.AssertionResponse.TokenBindingCertificate.init -> void
8-
Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.AssertionResponse>> clientAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
2+
Microsoft.Identity.Client.ClientAssertion
3+
Microsoft.Identity.Client.ClientAssertion.Assertion.get -> string
4+
Microsoft.Identity.Client.ClientAssertion.Assertion.set -> void
5+
Microsoft.Identity.Client.ClientAssertion.ClientAssertion() -> void
6+
Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
7+
Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.set -> void
8+
Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientAssertion>> clientAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder

src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
const Microsoft.Identity.Client.MsalError.InvalidClientAssertion = "invalid_client_assertion" -> string
2-
Microsoft.Identity.Client.AssertionResponse
3-
Microsoft.Identity.Client.AssertionResponse.Assertion.get -> string
4-
Microsoft.Identity.Client.AssertionResponse.Assertion.init -> void
5-
Microsoft.Identity.Client.AssertionResponse.AssertionResponse() -> void
6-
Microsoft.Identity.Client.AssertionResponse.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
7-
Microsoft.Identity.Client.AssertionResponse.TokenBindingCertificate.init -> void
8-
Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.AssertionResponse>> clientAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
2+
Microsoft.Identity.Client.ClientAssertion
3+
Microsoft.Identity.Client.ClientAssertion.Assertion.get -> string
4+
Microsoft.Identity.Client.ClientAssertion.Assertion.set -> void
5+
Microsoft.Identity.Client.ClientAssertion.ClientAssertion() -> void
6+
Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
7+
Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.set -> void
8+
Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientAssertion>> clientAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder

src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
const Microsoft.Identity.Client.MsalError.InvalidClientAssertion = "invalid_client_assertion" -> string
2-
Microsoft.Identity.Client.AssertionResponse
3-
Microsoft.Identity.Client.AssertionResponse.Assertion.get -> string
4-
Microsoft.Identity.Client.AssertionResponse.Assertion.init -> void
5-
Microsoft.Identity.Client.AssertionResponse.AssertionResponse() -> void
6-
Microsoft.Identity.Client.AssertionResponse.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
7-
Microsoft.Identity.Client.AssertionResponse.TokenBindingCertificate.init -> void
8-
Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.AssertionResponse>> boundAssertionAsync) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
2+
Microsoft.Identity.Client.ClientAssertion
3+
Microsoft.Identity.Client.ClientAssertion.Assertion.get -> string
4+
Microsoft.Identity.Client.ClientAssertion.Assertion.set -> void
5+
Microsoft.Identity.Client.ClientAssertion.ClientAssertion() -> void
6+
Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
7+
Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.set -> void
8+
Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientAssertion>> clientAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder

src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
const Microsoft.Identity.Client.MsalError.InvalidClientAssertion = "invalid_client_assertion" -> string
2-
Microsoft.Identity.Client.AssertionResponse
3-
Microsoft.Identity.Client.AssertionResponse.Assertion.get -> string
4-
Microsoft.Identity.Client.AssertionResponse.Assertion.init -> void
5-
Microsoft.Identity.Client.AssertionResponse.AssertionResponse() -> void
6-
Microsoft.Identity.Client.AssertionResponse.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
7-
Microsoft.Identity.Client.AssertionResponse.TokenBindingCertificate.init -> void
8-
Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.AssertionResponse>> clientAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder
2+
Microsoft.Identity.Client.ClientAssertion
3+
Microsoft.Identity.Client.ClientAssertion.Assertion.get -> string
4+
Microsoft.Identity.Client.ClientAssertion.Assertion.set -> void
5+
Microsoft.Identity.Client.ClientAssertion.ClientAssertion() -> void
6+
Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.get -> System.Security.Cryptography.X509Certificates.X509Certificate2
7+
Microsoft.Identity.Client.ClientAssertion.TokenBindingCertificate.set -> void
8+
Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.WithClientAssertion(System.Func<Microsoft.Identity.Client.AssertionRequestOptions, System.Threading.CancellationToken, System.Threading.Tasks.Task<Microsoft.Identity.Client.ClientAssertion>> clientAssertionProvider) -> Microsoft.Identity.Client.ConfidentialClientApplicationBuilder

0 commit comments

Comments
 (0)