Skip to content
This repository was archived by the owner on Aug 7, 2021. It is now read-only.

Add support for certificate based confidential client auth. acquireTokenWithClientCertificate #32

Merged
merged 11 commits into from
Dec 16, 2014
Merged

Add support for certificate based confidential client auth. acquireTokenWithClientCertificate #32

merged 11 commits into from
Dec 16, 2014

Conversation

RandalliLama
Copy link
Contributor

No description provided.

@RandalliLama
Implement creation of self signed jwt for assertion based auth.
17808dc
@RandalliLama
Fix bug in self signed JWT creation. The header must contain the cert…
354704b 
… thumbprint. The jwt-simple lib doesn't provide a way to do that. Switching to customer implementation.
@RandalliLama
This should have been part of the last commit, 354704b.
52d47f6
@RandalliLama
Tests were broken by a change in the nock package. This fixes the iss…
0e929d5 
…ue by trimming the path from any hosts passed to nock.
@RandalliLama
Get basic cert auth happy path implemented.
4a697cb
@RandalliLama
Merge branch 'dev' into cert_auth
e1defc3 
Conflicts:
	test/util/util.js
@RandalliLama
Update basic self-signed-jwt test to actually check that the returned…
b506e3e 
… jwt matches what was expected given static inputs.
@RandalliLama
Complete self-sign-jwt validation code and tests.
df0beef
@RandalliLama
Add end to end tests for client assertion flow.
f8767c8
@RandalliLama
Add sample for certificate/client assertion flow.
7619e39
@RandalliLama RandalliLama assigned afshins and omercs and unassigned afshins Dec 15, 2014
afshins
afshins reviewed Dec 15, 2014
View reviewed changes
lib/authentication-context.js
* @param {string} thumbprint A hex encoded thumbprint of the certificate.
* @param {AcquireTokenCallback} callback The callback function.
*/
AuthenticationContext.prototype.acquireTokenWithClientCertificate = function(resource, clientId, certificate, thumbprint, callback) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We abstract out client certificate using class ClientAssertionCertificate which has the Sign method (and maybe a hash method). This way, the object can be created differently on different platforms and the API still have the same OM.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We also have another class named ClientAssertion and an AcquireToken API for it, so developer can create the assertion once and pass it multiple times.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One idea we discussed in the API review meetings was to get rid of ClientAssertionCertificate and add a factory method (or constructor) to ClientAssertion to create it using a certificate.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@afshins I don't think that the ClientAssertionCertificate class makes sense in Node. There is only one kind of certificate in Node and that is a PEM file. There is no need to create the cert differently on different platforms.

I can get to the version that accepts an already generated assertion later. I don't think we need to block this update on that particular version.

In general, Node is much lighter weight than C#, and generally doesn't involve a whole lot of classes. Since there is no static type checking it doesn't make as much sense to have a bunch of classes. In node strings are acceptable. I believe that it would be unnatural in node to force the developer to deal with a bunch of other classes.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair enough. We need to make OM natural to the platform, so feel free to follow the common pattern.

@omercs
Copy link
Contributor

omercs commented Dec 16, 2014

Sign off

omercs added a commit that referenced this pull request Dec 16, 2014
@omercs
Merge pull request #32 from RandalliLama/dev
1c71882 
Add support for certificate based confidential client auth.  acquireTokenWithClientCertificate
@omercs omercs merged commit 1c71882 into AzureAD:dev Dec 16, 2014
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@omercs omercs

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@RandalliLama @omercs @forivall @afshins