Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support PoP token binding via Signed HTTP Request (SHR) for public client apps #4472

Open
joshfree opened this issue Mar 21, 2023 · 2 comments
Open

Support PoP token binding via Signed HTTP Request (SHR) for public client apps #4472

joshfree opened this issue Mar 21, 2023 · 2 comments
Assignees
@antkmsft
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. feature-request This issue requires a new behavior in the product in order be resolved.
Milestone
Backlog

Comments

@joshfree
Copy link
Member

Intro:
Proof of Possession is intended to ensure that the client that requests a token is the only client that can use the token. This is accomplished by the client generating a key pair and requesting that the public key be included in the issued access token. The client library then generates a wrapper token signing it with the private key that is only known to it.

Proposal:

  1. Ensure all Azure Identity SDKs are able to call into WAM (this will give RT binding on Windows, for public client). This feature is available in .NET as a preview.
  2. Add API support for using access token binding. This requires the app developer to inform the SDK about the protected API they're about to call (i.e. what is the target URL), and to extract a nonce from 401 and 200 headers.
@joshfree joshfree added Client This issue points to a problem in the data-plane of the library. Azure.Identity labels Mar 21, 2023
@joshfree joshfree added this to the Backlog milestone Mar 21, 2023
@joshfree
Copy link
Member Author

Filing backlog item by request

@RickWinter RickWinter added the feature-request This issue requires a new behavior in the product in order be resolved. label Mar 27, 2023
@joshfree joshfree moved this from Untriaged to Planned in Azure Identity SDK Improvements Aug 14, 2023
@joshfree joshfree moved this from Planned to Backlog in Azure Identity SDK Improvements Aug 16, 2023
@scottaddie scottaddie moved this from Backlog to Blocked in Azure Identity SDK Improvements Feb 26, 2024
@scottaddie
Copy link
Member

Per Ahson, MSAL support is needed to make this feature happen in the C++ library. Marking as blocked.

@joshfree joshfree changed the title Support token binding for public client apps Support PoP token binding for public client apps Mar 11, 2024
@joshfree joshfree moved this from Blocked to Backlog in Azure Identity SDK Improvements Jun 24, 2024
@joshfree joshfree changed the title Support PoP token binding for public client apps Support PoP token binding via Signed HTTP Request (SHR) for public client apps Jun 24, 2024
@joshfree joshfree moved this from Backlog to Blocked in Azure Identity SDK Improvements Jun 24, 2024
@RickWinter RickWinter assigned antkmsft and unassigned ahsonkhan Jan 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@antkmsft antkmsft

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. feature-request This issue requires a new behavior in the product in order be resolved.
Projects
Azure Identity SDK Improvements
Status: Blocked
Milestone
Backlog
Development

No branches or pull requests
5 participants
@joshfree @RickWinter @ahsonkhan @scottaddie @antkmsft