Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] SHA2 changes break custom claims #4868

Closed
localden opened this issue Aug 1, 2024 · 2 comments
Closed

[Bug] SHA2 changes break custom claims #4868

localden opened this issue Aug 1, 2024 · 2 comments
Assignees
@trwalke
Labels
bug confidential-client P1 QM regression Behavior that worked in a previous release that no longer works in a newer release requires more info

Comments

@localden
Copy link
Collaborator

localden commented Aug 1, 2024
edited
Loading

Library version used

4.62.0

.NET version

Cross-framework.

Scenario

ConfidentialClient - service to service (AcquireTokenForClient)

Is this a new or an existing app?

The app is in production, and I have upgraded to a new version of MSAL

Issue description and reproduction steps

In this PR (Use SHA2 and PSS for client assertion (#4616)), MSAL totally revamps how it processes client claims and encodes them into the request token. For the Network Security Perimeter feature team, they use a client claim called "custom_claims" that can look like this:

 “customClaims”: { 
     “xms_az_nwperimid”: ["GUID", "GUID2", "GUID3"]}

The new code explicitly removes handling the client claim values as JSON and instead treats them as strings, putting double quotes around whatever is passed.

Relevant code snippets

No response

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response
@localden localden added untriaged Do not delete. Needed for Automation needs attention Delete label after triage labels Aug 1, 2024
@localden localden changed the title [Bug] [Bug] SHA2 changes break custom claims Aug 1, 2024
@localden localden added the P1 label Aug 1, 2024
@localden localden assigned localden and trwalke and unassigned localden Aug 2, 2024
@bgavrilMS
Copy link
Member

Hi @trwalke - any updates on this?

@bgavrilMS bgavrilMS added bug requires more info regression Behavior that worked in a previous release that no longer works in a newer release and removed untriaged Do not delete. Needed for Automation needs attention Delete label after triage labels Aug 5, 2024
@trwalke
Copy link
Member

trwalke commented Aug 7, 2024

Taking a look @localden

@trwalke trwalke mentioned this issue Aug 9, 2024
Merged
1 task
@bgavrilMS bgavrilMS added the QM label Aug 14, 2024
@trwalke trwalke closed this as completed Aug 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@trwalke trwalke

Labels
bug confidential-client P1 QM regression Behavior that worked in a previous release that no longer works in a newer release requires more info
Projects
MSAL Customer Trust / QM
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bgavrilMS @trwalke @localden