This sample won't work if I use certificate as secret for my AAD app

[shiweiwei114]

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [x] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

In appsetting.json file, instead of putting AAD app secret for "ClientSecret", I put the Certificate Name. The sample won't run because in the Startup.cs file, when the app first runs:
services.AddAuthentication(AzureADDefaults.JwtBearerAuthenticationScheme)
.AddAzureADBearer(options => Configuration.Bind("AzureAd", options));

.AddAzureADBearer() is taking AzureADOptions as input, and this class doesn't have properties for certificate name. Thus, this sample is not supporting certificate as a secret for AAD app.

AzureADOptions class is from the package: Microsoft.AspNetCore.Authentication.AzureAD.UI.AzureADOptions

Any log messages given by the failure

Expected/desired behavior

Do I miss anything here? Or this sample will support certificate in the future?

OS and Version?

Windows 10.

Versions

Mention any other details that might be useful

Please let me know if I am missing anything here, maybe this sample does support the certificate as secret.

---

Thanks! We'll be in touch soon.

[jmprieur]

@shiweiwei114 : yes this sample will also show how to use certs in the future

[shiweiwei114]

@jmprieur thanks for the quick response! Do you have a ETA for that? I will come back to check by that time then.

[jmprieur]

@shiweiwei114 : I'd like to come to this before the end of April.
Meanwhile you can have a loot at this variation of the daemon sample: https://github.com/azure-samples/active-directory-dotnetcore-daemon-v2#variation-daemon-application-using-client-credentials-with-certificates.
this will be similar.

[amal-khalaf]

Hi
is there an update on when there will be a aspnetcore-v2 code sample which use certificates instead of secrets ?

[jmprieur]

It's on the backlog for Microsoft.Identity.Web, @amal-khalaf:
See AzureAD/microsoft-identity-web#12

[amal-khalaf]

Thanks Jean @jmprieur for your quick response - do you have an ETA on when this would be ready?
I am currently re-implementing the Authentication for Luis.ai Portal (which to be released in July) using the Identity Platform v2.0 and i wanted to use the Microsoft.Identiy.Web library (for both Sign in and token acquisition )
however we must use cert for api authenication as we use 1st party app which do not have the client secret option.

[jmprieur]

@amal-khalaf : we are well aware that this is needed for first party.
Would something like this: https://github.com/AzureAD/microsoft-identity-web/wiki/Spec-certificates ?

[amal-khalaf]

@jmprieur : so i will need to write my own implementation of TokenAcquistion class to handle the new certificate configuration
how will i use the CertificatesExtension

[jmprieur]

This is now fixed.
@shiweiwei114 @@amal-khalaf:
See https://github.com/AzureAD/microsoft-identity-web/wiki/Using-certificates#decryption-certificates