MSAL client type

Confidential

Problem statement

For MEAV2 Phase2, we are using DSTS as identityprovider for first leg of FIC and using that token to exchange with ests in leg2 to get graph tken. All these requests on mTLS channel. We want a new capability wherein the client assertion from idp1 can be passed on to idp2 over mTLS channel.

Specifics from ests implementation to provide correct client assertion params:

ClientAssertionTypeJwtPop = "urn:ietf:params:oauth:client-assertion-type:jwt-pop";

The way it should be passed is same : client_assertion_type: client_assertion

Proposed solution

For MEAV2 Phase2, we are using DSTS as identityprovider for first leg of FIC and using that token to exchange with ests in leg2 to get graph tken. All these requests on mTLS channel. We want a new capability wherein the client assertion from idp1 can be passed on to idp2 over mTLS channel.

Specifics from ests implementation to provide correct client assertion params:

ClientAssertionTypeJwtPop = "urn:ietf:params:oauth:client-assertion-type:jwt-pop";

The way it should be passed is same : client_assertion_type: client_assertion

Alternatives

No response