x5t is base64url encoded, not base64

nickludwig · web-flow · commit 3a111b504d01 · 2022-10-05T10:58:11.000-07:00
updated the x5t claim description in accordance with (https://www.rfc-editor.org/rfc/rfc7515#section-4.1.7)[https://www.rfc-editor.org/rfc/rfc7515#section-4.1.7] which states that the x5t claim is base64url encoded (we had documented that it was base64) and it is also the SHA-1 thumbprint of the X.509 certificate's DER encoding (we excluded the fact that it's based on the DER encoding of the X.509 certificate. ------- cc: @nickludwig
diff --git a/articles/active-directory/develop/active-directory-certificate-credentials.md b/articles/active-directory/develop/active-directory-certificate-credentials.md
@@ -33,7 +33,7 @@ To compute the assertion, you can use one of the many JWT libraries in the langu
 | --- | --- |
 | `alg` | Should be **RS256** |
 | `typ` | Should be **JWT** |
-| `x5t` | Base64-encoded SHA-1 thumbprint of the X.509 certificate. For example, given an X.509 certificate hash of `84E05C1D98BCE3A5421D225B140B36E86A3D5534` (Hex), the `x5t` claim would be `hOBcHZi846VCHSJbFAs26Go9VTQ=` (Base64). |
+| `x5t` | Base64url-encoded SHA-1 thumbprint of the X.509 certificate's DER encoding. For example, given an X.509 certificate hash of `84E05C1D98BCE3A5421D225B140B36E86A3D5534` (Hex), the `x5t` claim would be `hOBcHZi846VCHSJbFAs26Go9VTQ` (Base64url). |
 
 ### Claims (payload)
 
