microsoft-authentication-library-for-go icon indicating copy to clipboard operation
microsoft-authentication-library-for-go copied to clipboard
verified publisher icon AzureAD

[Feature Request] Support certificates in a Windows certificate store

Open johnstairs opened this issue 2 years ago • 2 comments

Is your feature request related to a problem? Please describe. We need to acquire OAuth tokens using a certificate that is in a Windows certificate store. The private key is non-exportable and so we can't hand the private key directly to MSAL.

Describe the solution you'd like It should be possible to look up a certificate in a certificate store by subject name, thumbprint, etc. and then use it as a credential for a confidential client.

Describe alternatives you've considered I'm working though using the Windows crypto API and implementing my own AssertionCallback, but it's not pretty :).

johnstairs avatar Apr 25 '23 16:04 johnstairs

We recommend using Managed Identity of Federated Idenitity instead of certificates.

bgavrilMS avatar Mar 07 '25 13:03 bgavrilMS

@bgavrilMS, understood, but this is an on-prem scenario where Managed Identity and federated identities are not options.

johnstairs avatar Aug 12 '25 17:08 johnstairs