Merge pull request #96 from MicrosoftDocs/main

Sync changes

Author: localden

python/docs-ref-autogen/msal/msal.application.ClientApplication.yml

@@ -26,52 +26,71 @@ constructor:
     - <xref:str>
   - name: client_credential
     description: "For <xref:msal.application.PublicClientApplication>, you use *None*\
-      \ here.\nFor <xref:msal.application.ConfidentialClientApplication>,\nit can\
-      \ be a string containing client secret,\nor an X509 certificate container in\
+      \ here.\n\nFor <xref:msal.application.ConfidentialClientApplication>,\nit supports\
+      \ many different input formats for different scenarios.\n\n\n\n## Support using\
+      \ a client secret.Just feed in a string, such as `\"your client secret\"`.\n\
+      \n\n\n## Support using a certificate in X.509 (.pem) formatFeed in a dict in\
       \ this form:\n\n<!-- literal_block {\"ids\": [], \"classes\": [], \"names\"\
       : [], \"dupnames\": [], \"backrefs\": [], \"xml:space\": \"preserve\", \"language\"\
       : \"default\", \"force\": false, \"linenos\": false} -->\n\n````default\n\n\
       \   {\n       \"private_key\": \"...-----BEGIN PRIVATE KEY-----... in PEM format\"\
-      ,\n       \"thumbprint\": \"A1B2C3D4E5F6...\",\n       \"public_certificate\"\
-      : \"...-----BEGIN CERTIFICATE-----... (Optional. See below.)\",\n       \"passphrase\"\
-      : \"Passphrase if the private_key is encrypted (Optional. Added in version 1.6.0)\"\
-      ,\n   }\n   ````\n\nMSAL Python requires a \"private_key\" in PEM format.\n\
-      If your cert is in a PKCS12 (.pfx) format, you can also\n[convert it to PEM\
-      \ and get the thumbprint](https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L101-L123).\n\
-      \nThe thumbprint is available in your app's registration in Azure Portal.\n\
-      Alternatively, you can [calculate the thumbprint](https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L94-L97).\n\
-      \n*Added in version 0.5.0*:\npublic_certificate (optional) is public key certificate\n\
-      which will be sent through 'x5c' JWT header only for\nsubject name and issuer\
-      \ authentication to support cert auto rolls.\n\nPer [specs](https://tools.ietf.org/html/rfc7515#section-4.1.6),\n\
-      \"the certificate containing\nthe public key corresponding to the key used to\
+      ,\n       \"thumbprint\": \"A1B2C3D4E5F6...\",\n       \"passphrase\": \"Passphrase\
+      \ if the private_key is encrypted (Optional. Added in version 1.6.0)\",\n  \
+      \ }\n   ````\n\nMSAL Python requires a \"private_key\" in PEM format.\nIf your\
+      \ cert is in PKCS12 (.pfx) format,\nyou can convert it to X.509 (.pem) format,\n\
+      by `openssl pkcs12 -in file.pfx -out file.pem -nodes`.The thumbprint is available\
+      \ in your app's registration in Azure Portal.\nAlternatively, you can [calculate\
+      \ the thumbprint](https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L94-L97).\n\
+      \n\n\n## Support Subject Name/Issuer Auth with a cert in .pem[Subject Name/Issuer\
+      \ Auth](https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/60)\n\
+      is an approach to allow easier certificate rotation.*Added in version 0.5.0*:\n\
+      \n<!-- literal_block {\"ids\": [], \"classes\": [], \"names\": [], \"dupnames\"\
+      : [], \"backrefs\": [], \"xml:space\": \"preserve\", \"language\": \"default\"\
+      , \"force\": false, \"linenos\": false} -->\n\n````default\n\n   {\n       \"\
+      private_key\": \"...-----BEGIN PRIVATE KEY-----... in PEM format\",\n      \
+      \ \"thumbprint\": \"A1B2C3D4E5F6...\",\n       \"public_certificate\": \"...-----BEGIN\
+      \ CERTIFICATE-----...\",\n       \"passphrase\": \"Passphrase if the private_key\
+      \ is encrypted (Optional. Added in version 1.6.0)\",\n   }\n   ````\n\n`public_certificate`\
+      \ (optional) is public key certificate\nwhich will be sent through 'x5c' JWT\
+      \ header only for\nsubject name and issuer authentication to support cert auto\
+      \ rolls.Per [specs](https://tools.ietf.org/html/rfc7515#section-4.1.6),\n\"\
+      the certificate containing\nthe public key corresponding to the key used to\
       \ digitally sign the\nJWS MUST be the first certificate.  This MAY be followed\
       \ by\nadditional certificates, with each subsequent certificate being the\n\
       one used to certify the previous one.\"\nHowever, your certificate's issuer\
       \ may use a different order.\nSo, if your attempt ends up with an error AADSTS700027\
       \ -\n\"The provided signature value did not match the expected signature value\"\
-      ,\nyou may try use only the leaf cert (in PEM/str format) instead.\n\n*Added\
-      \ in version 1.13.0*:\nIt can also be a completely pre-signed assertion that\
-      \ you've assembled yourself.\nSimply pass a container containing only the key\
-      \ \"client_assertion\", like this:\n\n<!-- literal_block {\"ids\": [], \"classes\"\
+      ,\nyou may try use only the leaf cert (in PEM/str format) instead.\n\n\n\n##\
+      \ Supporting raw assertion obtained from elsewhere*Added in version 1.13.0*:\n\
+      It can also be a completely pre-signed assertion that you've assembled yourself.\n\
+      Simply pass a container containing only the key \"client_assertion\", like this:\n\
+      \n<!-- literal_block {\"ids\": [], \"classes\": [], \"names\": [], \"dupnames\"\
+      : [], \"backrefs\": [], \"xml:space\": \"preserve\", \"language\": \"default\"\
+      , \"force\": false, \"linenos\": false} -->\n\n````default\n\n   {\n       \"\
+      client_assertion\": \"...a JWT with claims aud, exp, iss, jti, nbf, and sub...\"\
+      \n   }\n   ````\n\n\n\n## Supporting reading client cerficates from PFX files*Added\
+      \ in version 1.29.0*:\nFeed in a dictionary containing the path to a PFX file:\n\
+      \n<!-- literal_block {\"ids\": [], \"classes\": [], \"names\": [], \"dupnames\"\
+      : [], \"backrefs\": [], \"xml:space\": \"preserve\", \"language\": \"default\"\
+      , \"force\": false, \"linenos\": false} -->\n\n````default\n\n   {\n       \"\
+      private_key_pfx_path\": \"/path/to/your.pfx\",\n       \"passphrase\": \"Passphrase\
+      \ if the private_key is encrypted (Optional)\",\n   }\n   ````\n\nThe following\
+      \ command will generate a .pfx file from your .key and .pem file:\n\n<!-- literal_block\
+      \ {\"ids\": [], \"classes\": [], \"names\": [], \"dupnames\": [], \"backrefs\"\
+      : [], \"xml:space\": \"preserve\", \"language\": \"default\", \"force\": false,\
+      \ \"linenos\": false} -->\n\n````default\n\n   openssl pkcs12 -export -out certificate.pfx\
+      \ -inkey privateKey.key -in certificate.pem\n   ````\n\n\n\n## Support Subject\
+      \ Name/Issuer Auth with a cert in .pfx*Added in version 1.30.0*:\nIf your .pfx\
+      \ file contains both the private key and public cert,\nyou can opt in for Subject\
+      \ Name/Issuer Auth like this:\n\n<!-- literal_block {\"ids\": [], \"classes\"\
       : [], \"names\": [], \"dupnames\": [], \"backrefs\": [], \"xml:space\": \"preserve\"\
       , \"language\": \"default\", \"force\": false, \"linenos\": false} -->\n\n````default\n\
-      \n   {\n       \"client_assertion\": \"...a JWT with claims aud, exp, iss, jti,\
-      \ nbf, and sub...\"\n   }\n   ````\n\n\n\n## Supporting reading client cerficates\
-      \ from PFX files*Added in version 1.29.0*:\nFeed in a dictionary containing\
-      \ the path to a PFX file:\n\n<!-- literal_block {\"ids\": [], \"classes\": [],\
-      \ \"names\": [], \"dupnames\": [], \"backrefs\": [], \"xml:space\": \"preserve\"\
-      , \"language\": \"default\", \"force\": false, \"linenos\": false} -->\n\n````default\n\
-      \n   {\n       \"private_key_pfx_path\": \"/path/to/your.pfx\",\n       \"passphrase\"\
-      : \"Passphrase if the private_key is encrypted (Optional. Added in version 1.6.0)\"\
-      ,\n   }\n   ````\n\nThe following command will generate a .pfx file from your\
-      \ .key and .pem file:\n\n<!-- literal_block {\"ids\": [], \"classes\": [], \"\
-      names\": [], \"dupnames\": [], \"backrefs\": [], \"xml:space\": \"preserve\"\
-      , \"language\": \"default\", \"force\": false, \"linenos\": false} -->\n\n````default\n\
-      \n   openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.pem\n\
-      \   ````"
+      \n   {\n       \"private_key_pfx_path\": \"/path/to/your.pfx\",\n       \"public_certificate\"\
+      : True,\n       \"passphrase\": \"Passphrase if the private_key is encrypted\
+      \ (Optional)\",\n   }\n   ````"
     defaultValue: None
     types:
-    - <xref:typing.Union>[<xref:dict>, <xref:str>]
+    - <xref:typing.Union>[<xref:dict>, <xref:str>, <xref:None>]
   - name: client_claims
     description: "*Added in version 0.5.0*:\nIt is a dictionary of extra claims that\
       \ would be signed by\nby this <xref:msal.application.ConfidentialClientApplication>\

python/docs-ref-autogen/msal/msal.application.ConfidentialClientApplication.yml

@@ -26,52 +26,71 @@ constructor:
     - <xref:str>
   - name: client_credential
     description: "For <xref:msal.application.PublicClientApplication>, you use *None*\
-      \ here.\nFor <xref:msal.application.ConfidentialClientApplication>,\nit can\
-      \ be a string containing client secret,\nor an X509 certificate container in\
+      \ here.\n\nFor <xref:msal.application.ConfidentialClientApplication>,\nit supports\
+      \ many different input formats for different scenarios.\n\n\n\n## Support using\
+      \ a client secret.Just feed in a string, such as `\"your client secret\"`.\n\
+      \n\n\n## Support using a certificate in X.509 (.pem) formatFeed in a dict in\
       \ this form:\n\n<!-- literal_block {\"ids\": [], \"classes\": [], \"names\"\
       : [], \"dupnames\": [], \"backrefs\": [], \"xml:space\": \"preserve\", \"language\"\
       : \"default\", \"force\": false, \"linenos\": false} -->\n\n````default\n\n\
       \   {\n       \"private_key\": \"...-----BEGIN PRIVATE KEY-----... in PEM format\"\
-      ,\n       \"thumbprint\": \"A1B2C3D4E5F6...\",\n       \"public_certificate\"\
-      : \"...-----BEGIN CERTIFICATE-----... (Optional. See below.)\",\n       \"passphrase\"\
-      : \"Passphrase if the private_key is encrypted (Optional. Added in version 1.6.0)\"\
-      ,\n   }\n   ````\n\nMSAL Python requires a \"private_key\" in PEM format.\n\
-      If your cert is in a PKCS12 (.pfx) format, you can also\n[convert it to PEM\
-      \ and get the thumbprint](https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L101-L123).\n\
-      \nThe thumbprint is available in your app's registration in Azure Portal.\n\
-      Alternatively, you can [calculate the thumbprint](https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L94-L97).\n\
-      \n*Added in version 0.5.0*:\npublic_certificate (optional) is public key certificate\n\
-      which will be sent through 'x5c' JWT header only for\nsubject name and issuer\
-      \ authentication to support cert auto rolls.\n\nPer [specs](https://tools.ietf.org/html/rfc7515#section-4.1.6),\n\
-      \"the certificate containing\nthe public key corresponding to the key used to\
+      ,\n       \"thumbprint\": \"A1B2C3D4E5F6...\",\n       \"passphrase\": \"Passphrase\
+      \ if the private_key is encrypted (Optional. Added in version 1.6.0)\",\n  \
+      \ }\n   ````\n\nMSAL Python requires a \"private_key\" in PEM format.\nIf your\
+      \ cert is in PKCS12 (.pfx) format,\nyou can convert it to X.509 (.pem) format,\n\
+      by `openssl pkcs12 -in file.pfx -out file.pem -nodes`.The thumbprint is available\
+      \ in your app's registration in Azure Portal.\nAlternatively, you can [calculate\
+      \ the thumbprint](https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L94-L97).\n\
+      \n\n\n## Support Subject Name/Issuer Auth with a cert in .pem[Subject Name/Issuer\
+      \ Auth](https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/60)\n\
+      is an approach to allow easier certificate rotation.*Added in version 0.5.0*:\n\
+      \n<!-- literal_block {\"ids\": [], \"classes\": [], \"names\": [], \"dupnames\"\
+      : [], \"backrefs\": [], \"xml:space\": \"preserve\", \"language\": \"default\"\
+      , \"force\": false, \"linenos\": false} -->\n\n````default\n\n   {\n       \"\
+      private_key\": \"...-----BEGIN PRIVATE KEY-----... in PEM format\",\n      \
+      \ \"thumbprint\": \"A1B2C3D4E5F6...\",\n       \"public_certificate\": \"...-----BEGIN\
+      \ CERTIFICATE-----...\",\n       \"passphrase\": \"Passphrase if the private_key\
+      \ is encrypted (Optional. Added in version 1.6.0)\",\n   }\n   ````\n\n`public_certificate`\
+      \ (optional) is public key certificate\nwhich will be sent through 'x5c' JWT\
+      \ header only for\nsubject name and issuer authentication to support cert auto\
+      \ rolls.Per [specs](https://tools.ietf.org/html/rfc7515#section-4.1.6),\n\"\
+      the certificate containing\nthe public key corresponding to the key used to\
       \ digitally sign the\nJWS MUST be the first certificate.  This MAY be followed\
       \ by\nadditional certificates, with each subsequent certificate being the\n\
       one used to certify the previous one.\"\nHowever, your certificate's issuer\
       \ may use a different order.\nSo, if your attempt ends up with an error AADSTS700027\
       \ -\n\"The provided signature value did not match the expected signature value\"\
-      ,\nyou may try use only the leaf cert (in PEM/str format) instead.\n\n*Added\
-      \ in version 1.13.0*:\nIt can also be a completely pre-signed assertion that\
-      \ you've assembled yourself.\nSimply pass a container containing only the key\
-      \ \"client_assertion\", like this:\n\n<!-- literal_block {\"ids\": [], \"classes\"\
+      ,\nyou may try use only the leaf cert (in PEM/str format) instead.\n\n\n\n##\
+      \ Supporting raw assertion obtained from elsewhere*Added in version 1.13.0*:\n\
+      It can also be a completely pre-signed assertion that you've assembled yourself.\n\
+      Simply pass a container containing only the key \"client_assertion\", like this:\n\
+      \n<!-- literal_block {\"ids\": [], \"classes\": [], \"names\": [], \"dupnames\"\
+      : [], \"backrefs\": [], \"xml:space\": \"preserve\", \"language\": \"default\"\
+      , \"force\": false, \"linenos\": false} -->\n\n````default\n\n   {\n       \"\
+      client_assertion\": \"...a JWT with claims aud, exp, iss, jti, nbf, and sub...\"\
+      \n   }\n   ````\n\n\n\n## Supporting reading client cerficates from PFX files*Added\
+      \ in version 1.29.0*:\nFeed in a dictionary containing the path to a PFX file:\n\
+      \n<!-- literal_block {\"ids\": [], \"classes\": [], \"names\": [], \"dupnames\"\
+      : [], \"backrefs\": [], \"xml:space\": \"preserve\", \"language\": \"default\"\
+      , \"force\": false, \"linenos\": false} -->\n\n````default\n\n   {\n       \"\
+      private_key_pfx_path\": \"/path/to/your.pfx\",\n       \"passphrase\": \"Passphrase\
+      \ if the private_key is encrypted (Optional)\",\n   }\n   ````\n\nThe following\
+      \ command will generate a .pfx file from your .key and .pem file:\n\n<!-- literal_block\
+      \ {\"ids\": [], \"classes\": [], \"names\": [], \"dupnames\": [], \"backrefs\"\
+      : [], \"xml:space\": \"preserve\", \"language\": \"default\", \"force\": false,\
+      \ \"linenos\": false} -->\n\n````default\n\n   openssl pkcs12 -export -out certificate.pfx\
+      \ -inkey privateKey.key -in certificate.pem\n   ````\n\n\n\n## Support Subject\
+      \ Name/Issuer Auth with a cert in .pfx*Added in version 1.30.0*:\nIf your .pfx\
+      \ file contains both the private key and public cert,\nyou can opt in for Subject\
+      \ Name/Issuer Auth like this:\n\n<!-- literal_block {\"ids\": [], \"classes\"\
       : [], \"names\": [], \"dupnames\": [], \"backrefs\": [], \"xml:space\": \"preserve\"\
       , \"language\": \"default\", \"force\": false, \"linenos\": false} -->\n\n````default\n\
-      \n   {\n       \"client_assertion\": \"...a JWT with claims aud, exp, iss, jti,\
-      \ nbf, and sub...\"\n   }\n   ````\n\n\n\n## Supporting reading client cerficates\
-      \ from PFX files*Added in version 1.29.0*:\nFeed in a dictionary containing\
-      \ the path to a PFX file:\n\n<!-- literal_block {\"ids\": [], \"classes\": [],\
-      \ \"names\": [], \"dupnames\": [], \"backrefs\": [], \"xml:space\": \"preserve\"\
-      , \"language\": \"default\", \"force\": false, \"linenos\": false} -->\n\n````default\n\
-      \n   {\n       \"private_key_pfx_path\": \"/path/to/your.pfx\",\n       \"passphrase\"\
-      : \"Passphrase if the private_key is encrypted (Optional. Added in version 1.6.0)\"\
-      ,\n   }\n   ````\n\nThe following command will generate a .pfx file from your\
-      \ .key and .pem file:\n\n<!-- literal_block {\"ids\": [], \"classes\": [], \"\
-      names\": [], \"dupnames\": [], \"backrefs\": [], \"xml:space\": \"preserve\"\
-      , \"language\": \"default\", \"force\": false, \"linenos\": false} -->\n\n````default\n\
-      \n   openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.pem\n\
-      \   ````"
+      \n   {\n       \"private_key_pfx_path\": \"/path/to/your.pfx\",\n       \"public_certificate\"\
+      : True,\n       \"passphrase\": \"Passphrase if the private_key is encrypted\
+      \ (Optional)\",\n   }\n   ````"
     defaultValue: None
     types:
-    - <xref:typing.Union>[<xref:dict>, <xref:str>]
+    - <xref:typing.Union>[<xref:dict>, <xref:str>, <xref:None>]
   - name: client_claims
     description: "*Added in version 0.5.0*:\nIt is a dictionary of extra claims that\
       \ would be signed by\nby this <xref:msal.application.ConfidentialClientApplication>\