@@ -308,7 +308,7 @@ def __init__(
308308
309309 {
310310 "private_key": "...-----BEGIN PRIVATE KEY-----... in PEM format",
311- "thumbprint": "A1B2C3D4E5F6...", (Optinal, if not provided, MSAL will calculate it . Added in version 1.34.0)
311+ "thumbprint": "A1B2C3D4E5F6...", (Deprecated. Provide the public certificate instead . Added in version 1.34.0)
312312 "public_certificate": "...-----BEGIN CERTIFICATE-----...",
313313 "passphrase": "Passphrase if the private_key is encrypted (Optional. Added in version 1.6.0)",
314314 }
@@ -819,13 +819,20 @@ def _build_client(self, client_credential, authority, skip_regional_client=False
819819 headers ["x5c" ] = x5c
820820 elif (client_credential .get ("private_key" )
821821 and client_credential .get ("public_certificate" )
822- and not client_credential .get ("thumbprint" )): # in case user does not pass thumbprint but only certificate and private key
822+ and not client_credential .get ("thumbprint" )): #in case user does not pass thumbprint but only certificate and private key
823+ if passphrase_bytes : # PEM with passphrase
824+ private_key = _load_private_key_from_pem_str (
825+ client_credential ['private_key' ], passphrase_bytes )
826+ else : # PEM without passphrase
827+ private_key = client_credential ['private_key' ]
828+
823829 private_key , sha256_thumbprint , sha1_thumbprint , x5c = (
824830 _extract_cert_and_thumbprints (
825- client_credential [ ' private_key' ] ,
831+ private_key ,
826832 client_credential ['public_certificate' ]))
827833 if x5c :
828834 headers ["x5c" ] = x5c
835+
829836 elif (
830837 client_credential .get ("private_key" ) # PEM blob
831838 and client_credential .get ("thumbprint" )):
0 commit comments