Conversation
| return (T)this; | ||
| } | ||
|
|
||
| /// <summary> |
| } | ||
| } | ||
|
|
||
| ClaimsAndClientCapabilities = ClaimsHelper.MergeClaimsAndClientCapabilities( |
There was a problem hiding this comment.
Should the ClaimsAndClientCapabilities be renamed to Claims? Do I understand correctly that capabilities are passed in a claims request, so they are a special type of a claim? So in this context normal claims and capabilities are both request claims. Also what if in the future a new type of claim is added, then having a generic Claims collection would be more representative? MergeClaimsAndClientCapabilities and WithClientCapabilities method names, I think, are good because they describe the specific separate collections.
There was a problem hiding this comment.
This is a valid observation Peter. I was preparing for the fix #1639, where claims and client capabilities are treated differently in that:
- if claims are specified, we need to bypass the token cache (because cached Access Tokens do not have enough claims)
- but not for client capabilities
jmprieur
left a comment
jmprieur
left a comment
There was a problem hiding this comment.
Thanks @bgavrilMS
I've left a comment about the XML Comment, which, from my perspective, we could improve to state the value for the developer.
Can we have examples of such client capabilities and how the client will react?
On another side, we also have a claims request backlog item (Epic 789600: Claims request parameter support in MSAL). Do I understand that we are doing it as well?
| } | ||
|
|
||
| /// <summary> | ||
| /// Microsoft Identity specific OIDC extension that allows resource challenges to be resolved without interaction. |
There was a problem hiding this comment.
Microsoft Identity specific OIDC extension that allows resource challenges to be resolved without interaction.
I don't understand what this means.
Do we want to say something like:
enables client applications to advertise to the Microsoft identity platform endpoint that they are capable of handling some specific fields and behaviors, and therefore the response to acquire token can be more elaborated?
| public string ClientVersion { get; set; } | ||
|
|
||
| /// <summary> | ||
| /// Microsoft Identity specific OIDC extension that allows resource challenges to be resolved without interaction. |
| .Create(s_clientIdForPublicApp) | ||
| .WithAuthority(GetAuthority()) | ||
| .WithLogging(Log, LogLevel.Verbose, true) | ||
| //.WithClientCapabilities(new[] { "llt" }) |
There was a problem hiding this comment.
Do we want to keep this comment?
| logger.InfoPii(messageWithPii, builder.ToString()); | ||
| } | ||
|
|
||
| } |
trwalke
left a comment
trwalke
left a comment
There was a problem hiding this comment.
Minor nit pick but the current state looks good
5 participants
Feature spec - #1545
Still need to find a way to end to end test this.
Known bug (will fix separately) - #1639