IsMtlsPopEnabled

GladwinJohnson · GladwinJohnson · commit cac7a776948e · 2025-08-12T06:51:57.000-07:00
diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForClientParameterBuilder.cs b/src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenForClientParameterBuilder.cs
@@ -109,7 +109,7 @@ public AcquireTokenForClientParameterBuilder WithMtlsProofOfPossession()
                 CommonParameters.AuthenticationOperation = new MtlsPopAuthenticationOperation(certificateCredential.Certificate);
                 CommonParameters.MtlsCertificate = certificateCredential.Certificate;               
             }
-            CommonParameters.IsPopEnabled = true;
+            CommonParameters.IsMtlsPopEnabled = true;
             return this;
         }
 
diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenCommonParameters.cs b/src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenCommonParameters.cs
@@ -33,6 +33,6 @@ internal class AcquireTokenCommonParameters
         public SortedList<string, string> CacheKeyComponents { get; internal set; }
         public string FmiPathSuffix { get; internal set; }
         public string ClientAssertionFmiPath { get; internal set; }
-        public bool IsPopEnabled { get; set; }
+        public bool IsMtlsPopEnabled { get; set; }
     }
 }
diff --git a/src/client/Microsoft.Identity.Client/AuthScheme/PoP/PopBindingResolver.cs b/src/client/Microsoft.Identity.Client/AuthScheme/PoP/PopBindingResolver.cs
@@ -29,7 +29,7 @@ internal static async Task ValidateAndWireAsync(IServiceBundle serviceBundle,
             AcquireTokenCommonParameters commonParameters,
             CancellationToken ct)
         {
-            if (!commonParameters.IsPopEnabled)
+            if (!commonParameters.IsMtlsPopEnabled)
             {
                 return; // PoP not requested
             }
diff --git a/src/client/Microsoft.Identity.Client/Internal/ClientCredential/ClientAssertionDelegateCredential.cs b/src/client/Microsoft.Identity.Client/Internal/ClientCredential/ClientAssertionDelegateCredential.cs
@@ -64,10 +64,10 @@ public async Task AddConfidentialClientParametersAsync(
                     MsalErrorMessage.InvalidClientAssertionEmpty);
             }
 
-            // Decide bearer vs PoP
-            bool popEnabled = p.IsPopEnabled;
+            // Decide bearer vs mTLS PoP
+            bool isMtlsPopEnabled = p.IsMtlsPopEnabled;
 
-            if (popEnabled && resp.TokenBindingCertificate != null)
+            if (isMtlsPopEnabled && resp.TokenBindingCertificate != null)
             {
                 oAuth2Client.AddBodyParameter(
                     OAuth2Parameter.ClientAssertionType,
diff --git a/src/client/Microsoft.Identity.Client/Internal/Requests/AuthenticationRequestParameters.cs b/src/client/Microsoft.Identity.Client/Internal/Requests/AuthenticationRequestParameters.cs
@@ -111,7 +111,7 @@ public AuthenticationRequestParameters(
 
         public X509Certificate2 MtlsCertificate => _commonParameters.MtlsCertificate;
 
-        public bool IsPopEnabled => _commonParameters.IsPopEnabled;
+        public bool IsMtlsPopEnabled => _commonParameters.IsMtlsPopEnabled;
 
         /// <summary>
         /// Indicates if the user configured claims via .WithClaims. Not affected by Client Capabilities

Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ public AcquireTokenForClientParameterBuilder WithMtlsProofOfPossession()`
`109`	`109`	`CommonParameters.AuthenticationOperation = new MtlsPopAuthenticationOperation(certificateCredential.Certificate);`
`110`	`110`	`CommonParameters.MtlsCertificate = certificateCredential.Certificate;`
`111`	`111`	`}`
`112`		`- CommonParameters.IsPopEnabled = true;`
	`112`	`+ CommonParameters.IsMtlsPopEnabled = true;`
`113`	`113`	`return this;`
`114`	`114`	`}`
`115`	`115`
Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,6 @@ internal class AcquireTokenCommonParameters`
`33`	`33`	`public SortedList<string, string> CacheKeyComponents { get; internal set; }`
`34`	`34`	`public string FmiPathSuffix { get; internal set; }`
`35`	`35`	`public string ClientAssertionFmiPath { get; internal set; }`
`36`		`- public bool IsPopEnabled { get; set; }`
	`36`	`+ public bool IsMtlsPopEnabled { get; set; }`
`37`	`37`	`}`
`38`	`38`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ internal static async Task ValidateAndWireAsync(IServiceBundle serviceBundle,`
`29`	`29`	`AcquireTokenCommonParameters commonParameters,`
`30`	`30`	`CancellationToken ct)`
`31`	`31`	`{`
`32`		`- if (!commonParameters.IsPopEnabled)`
	`32`	`+ if (!commonParameters.IsMtlsPopEnabled)`
`33`	`33`	`{`
`34`	`34`	`return; // PoP not requested`
`35`	`35`	`}`
Original file line number	Diff line number	Diff line change
`@@ -64,10 +64,10 @@ public async Task AddConfidentialClientParametersAsync(`
`64`	`64`	`MsalErrorMessage.InvalidClientAssertionEmpty);`
`65`	`65`	`}`
`66`	`66`
`67`		`- // Decide bearer vs PoP`
`68`		`- bool popEnabled = p.IsPopEnabled;`
	`67`	`+ // Decide bearer vs mTLS PoP`
	`68`	`+ bool isMtlsPopEnabled = p.IsMtlsPopEnabled;`
`69`	`69`
`70`		`- if (popEnabled && resp.TokenBindingCertificate != null)`
	`70`	`+ if (isMtlsPopEnabled && resp.TokenBindingCertificate != null)`
`71`	`71`	`{`
`72`	`72`	`oAuth2Client.AddBodyParameter(`
`73`	`73`	`OAuth2Parameter.ClientAssertionType,`