azure-sdk-for-python icon indicating copy to clipboard operation
azure-sdk-for-python copied to clipboard

Published 20 hours ago verified publisher icon Azure

Support PoP token binding for public client apps

Open scottaddie opened this issue 2 years ago • 1 comments

Intro: Proof of Possession is intended to ensure that the client that requests a token is the only client that can use the token. This is accomplished by the client generating a key pair and requesting that the public key be included in the issued access token. The client library then generates a wrapper token signing it with the private key that is only known to it.

Proposal:

  1. Ensure all Azure Identity SDKs are able to call into WAM (this will give RT binding on Windows, for public client). This feature is available in .NET as a preview.
  2. Add API support for using access token binding. This requires the app developer to inform the SDK about the protected API they're about to call (i.e. what is the target URL), and to extract a nonce from 401 and 200 headers.

scottaddie avatar Sep 27 '22 18:09 scottaddie

Label prediction was below confidence level 0.6 for Model:ServiceLabels: 'IoT:0.10892465,App Services:0.06740505,Cosmos:0.060353283'

azure-sdk avatar Sep 27 '22 18:09 azure-sdk