Document how to use sha256 for client credential

rayluo · rayluo · commit b3d4a0419836 · 2025-10-20T15:00:51.000-07:00
diff --git a/msal/application.py b/msal/application.py
@@ -280,6 +280,9 @@ def __init__(
 
             .. admonition:: Support using a certificate in X.509 (.pem) format
 
+                Deprecated because it uses SHA-1 thumbprint.
+                Please use the .pfx option documented later in this page.
+
                 Feed in a dict in this form::
 
                     {
@@ -302,6 +305,9 @@ def __init__(
                 <https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/60>`_
                 is an approach to allow easier certificate rotation.
 
+                Deprecated because it uses SHA-1 thumbprint.
+                Please use the .pfx option documented later in this page.
+
                 *Added in version 0.5.0*::
 
                     {
@@ -338,6 +344,8 @@ def __init__(
 
             .. admonition:: Supporting reading client certificates from PFX files
 
+                This usage will automatically use SHA-256 thumbprint of the certificate.
+
                 *Added in version 1.29.0*:
                 Feed in a dictionary containing the path to a PFX file::
 
@@ -352,6 +360,12 @@ def __init__(
 
             .. admonition:: Support Subject Name/Issuer Auth with a cert in .pfx
 
+                `Subject Name/Issuer Auth
+                <https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/60>`_
+                is an approach to allow easier certificate rotation.
+
+                This usage will automatically use SHA-256 thumbprint of the certificate.
+
                 *Added in version 1.30.0*:
                 If your .pfx file contains both the private key and public cert,
                 you can opt in for Subject Name/Issuer Auth like this::
