[Feature Request] Add support for SHA256 certificate thumbprint similar to SHA1

[bgavrilMS]

MSAL client type

Confidential

Problem Statement

{
    "private_key": "<private_key_pem_bytes>",
    "thumbprint": "<sha1_thumbprint_hex_string>"
+    "thumbprint_sha256": "<sha2_thumbprint_hex_string>"    
}

Spec is:

But anyway, so the spec would be

if only thumbprint is defined - use it
if only thumbprint_sha256 is defined - use it
if both are defined - use sha2 for AAD authorities (including b2c, ciam), use sha1 for ADFS and generic authorities

Proposed solution

No response

[github-actions]

Here are some similar issues that might help you. Please check if they can solve your problem.

• [Feature Request] AAD client assertions should be computed using SHA 256 and an approved padding scheme #639

---

Possible solution (Extracted from existing issue, might be incorrect; please verify carefully)

Should be in prod by end of Jan. I'm still following up with ADFS, B2C etc.

No, client credentials will not be replaced by Managed Identity. We do not force ppl to use Azure to benefit from Entra ID.

Reference:

• [Feature Request] AAD client assertions should be computed using SHA 256 and an approved padding scheme #639 (comment)

Powered by issue-sentinel