Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Engineering task] re-enable the use of SHA2 and PSS for creating client credentials from certificate #4695

Closed
gladjohn opened this issue Apr 2, 2024 · 0 comments · Fixed by #4740
Closed

[Engineering task] re-enable the use of SHA2 and PSS for creating client credentials from certificate #4695

gladjohn opened this issue Apr 2, 2024 · 0 comments · Fixed by #4740
Assignees
@gladjohn
Labels
internal
Milestone
4.61.0

Comments

@gladjohn
Copy link
Contributor

gladjohn commented Apr 2, 2024
edited
Loading

Task type

Development

Description

Relates to Issue #4690

Because of a bug in Azure Active Directory (AAD) related to handling JWT tokens signed with certain algorithms, we rolled back the usage of SHA2 and PSS for creating client creds.

This item will track the rollback once AAD fix has been applied

More info here on rollback steps

Solution

revert to using

internal bool IsSha2CredentialSupported =>
    AuthorityType != AuthorityType.Dsts &&
    AuthorityType != AuthorityType.Generic &&
    AuthorityType != AuthorityType.Adfs;

Summary of Changes

Removal of Hardcoded Value: The temporary fix that set IsSha2CredentialSupported to always return false will be removed. This was a workaround implemented to address a specific issue with JWT token signing algorithms not being supported under certain conditions.

Reintroduction of Conditional Logic: The original conditional logic that dynamically determines the value of IsSha2CredentialSupported based on the AuthorityType will be restored. This logic checks if the AuthorityType is not Dsts, Generic, or Adfs. If the AuthorityType is none of these, SHA2 and PSS are considered supported for creating client credentials from a certificate.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gladjohn gladjohn

Labels
internal
Projects
MSAL Customer Trust / QM
Archived in project
Milestone
4.61.0
1 participant
@gladjohn