Skip to content

[Bug] SHA2 changes break custom claims #4868

New issue
New issue
Closed
Closed
[Bug] SHA2 changes break custom claims#4868
Assignees
trwalke
Labels
P1QMbugconfidential-clientregressionBehavior that worked in a previous release that no longer works in a newer releaserequires more info
Milestone
4.64.0
@localden

Description

@localden
localden
opened on Aug 1, 2024

Library version used

4.62.0

.NET version

Cross-framework.

Scenario

ConfidentialClient - service to service (AcquireTokenForClient)

Is this a new or an existing app?

The app is in production, and I have upgraded to a new version of MSAL

Issue description and reproduction steps

In this PR (Use SHA2 and PSS for client assertion (#4616)), MSAL totally revamps how it processes client claims and encodes them into the request token. For the Network Security Perimeter feature team, they use a client claim called "custom_claims" that can look like this:

 “customClaims”: { 
     “xms_az_nwperimid”: ["GUID", "GUID2", "GUID3"]}

The new code explicitly removes handling the client claim values as JSON and instead treats them as strings, putting double quotes around whatever is passed.

Relevant code snippets

No response

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response

Metadata

Metadata

Assignees

Labels

P1QMbugconfidential-clientregressionBehavior that worked in a previous release that no longer works in a newer releaserequires more info

Type

No type

Projects

MSAL Customer Trust

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions