pnpcore icon indicating copy to clipboard operation
pnpcore copied to clipboard
verified publisher icon pnp

X509CertificateAuthenticationProvider does not provide a way to specify IMsalHttpClientFactory

Open SPWizard01 opened this issue 1 year ago • 3 comments

Category

  • [x] Bug

Describe the bug

When using this overload https://github.com/pnp/pnpcore/blob/dc8dd2d7536a8d65f8ca3fd5227835cd5188a4b8/src/sdk/PnP.Core.Auth/Confidential/X509CertificateAuthenticationProvider.cs#L89 token acquisition for Client App will fail because confidentialClientApplication has not been built

Steps to reproduce

        services.AddPnPCore(options =>
        {

            //var defProvider = new X509CertificateAuthenticationProvider(LoggerFactory.Create((b) => { }).CreateLogger<OAuthAuthenticationProvider>(), new SimpleHttpClientFactory());
            //defProvider.TenantId = tenantId;
            //defProvider.ClientId = clientId;
            //defProvider.Certificate = GetCertificateFromStore(certThumbprint);
            //this will not work to acquire token
            //options.DefaultAuthenticationProvider = defProvider;
            options.DefaultAuthenticationProvider = new X509CertificateAuthenticationProvider(clientId, tenantId, GetCertificateFromStore(certThumbprint)); //does not work behind a corporate proxy as IMsalHttpClientFactory is always null
        });

Expected behavior

Expected behavior is to be able to initialize this provider with IMsalHttpClientFactory, reasoning being behind a corporate proxy, I need to specify custom HttpClientHandler (with Proxy).

Environment details (development & target environment)

  • SDK version: 1.13.0
  • OS: [e.g. Windows 11
  • SDK used in: Console App
  • Framework: .NET Core v8.x
  • Browser(s): Latest Edge
  • Tooling: Visual Studio 2022

Additional context

I was not able to find a suitable constructor for X509CertificateAuthenticationProvider so that I can provide certificate, tenantId, clientId, and a custom IMsalHttpClientFactory. Maybe I am doing something wrong.

Workaround is to of course create your own implementation of OAuthAuthenticationProvider

Thanks for your contribution! Sharing is caring.

SPWizard01 avatar Jul 09 '24 00:07 SPWizard01

@SPWizard01 : you can possibly configure the proxy for all used HttpClient instances via https://learn.microsoft.com/en-us/dotnet/api/system.net.http.httpclient.defaultproxy?view=net-8.0#remarks?

jansenbe avatar Jul 26 '24 16:07 jansenbe

You can, but, because of how corporate proxies are configured most often you don't want that :)

In my case I had to create my own provider based on the one you have.

To be fair the easiest approach is the one you suggested, it just does not always fit the need :)

SPWizard01 avatar Aug 09 '24 08:08 SPWizard01

@SPWizard01 : so you're unblocked at the moment? We've currently no bandwidth to bring full proxy configuration options to PnP Core, but we welcome a PR

jansenbe avatar Aug 21 '24 08:08 jansenbe