Skip to content

Client credential certificate#2

Merged
rayluo merged 2 commits into
devfrom
client-credential-certificate
Sep 22, 2016
Merged

Client credential certificate#2
rayluo merged 2 commits into
devfrom
client-credential-certificate

Conversation

@rayluo

@rayluo rayluo commented Sep 22, 2016

Copy link
Copy Markdown
Contributor

This PoC (Proof-of-Concept) of client credential grant implements a lightweight JWT signer.

@rayluo rayluo merged commit 4f00884 into dev Sep 22, 2016
@rayluo rayluo deleted the client-credential-certificate branch November 30, 2018 21:55
Robbie-Microsoft added a commit that referenced this pull request Jul 1, 2026
Restore _compute_ext_cache_key to MSAL .NET's ComputeAccessTokenExtCacheKey
encoding: sorted, separator-less key+value concatenation -> SHA-256 -> base64url.
This makes the ext cache key byte-identical to MSAL .NET again.

The earlier hardening commit (4fc3639) had switched to Go's post-#629
length-prefixed encoding to make the key injective. Per maintainer decision,
msal-python should match MSAL .NET, not current Go, so that change is reverted:

- token_cache.py: restore plain key+value concatenation; docstring now notes the
  .NET match and the deliberate divergence from Go's #629 length-prefixed form.
- test_token_cache.py: restore the .NET parity hashes (bns2ytmx..., 3-rg6_wy...,
  rn_gkpxx...) and rename the parity tests to *_matches_dotnet; remove the two
  length-prefix boundary-collision regression tests (they asserted the injective
  property that .NET's encoding does not provide).

Hardening fixes #2-#6 (MI allow-list removal, MI source pre-validation, merge
conflict-precedence tests, generic docs, send-on-every-request docs) are
unchanged. 202 tests pass across test_token_cache.py, test_mi.py,
test_application.py.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant