Skip to content

client assertion does not work when its issuer and subject don't match #437

Closed
Closed
client assertion does not work when its issuer and subject don't match#437
Assignees
siddhijainAvery-Dunn
Labels
EnhancementA request or suggestion to improve some aspect of the library
@chewong

Description

@chewong
chewong
opened on Sep 7, 2021
public Mono<AccessToken> getToken(TokenRequestContext request)  {
    Map<String, String> env = System.getenv();
    String clientAssertion = "<jwt>";

    IClientCredential credential = ClientCredentialFactory.createFromClientAssertion(clientAssertion);
    String authority = "...";
    try {
        ConfidentialClientApplication app = ConfidentialClientApplication.builder(env.get("AZURE_CLIENT_ID"), credential).authority(authority).build();

        Set<String> scopes = new HashSet<>();
        for (String scope : request.getScopes()) scopes.add(scope);

        ClientCredentialParameters parameters = ClientCredentialParameters.builder(scopes).build();
        IAuthenticationResult result = app.acquireToken(parameters).join();
        return Mono.just(new AccessToken(result.accessToken(), result.expiresOnDate().toInstant().atOffset(ZoneOffset.UTC)));
    } catch (Exception e) {
        System.out.printf("Error creating client application: %s", e.getMessage());
        System.exit(1);
    }

    return Mono.empty();
}

I got the following error:

Error creating client application: com.nimbusds.oauth2.sdk.ParseException: Issuer and subject in client JWT assertion must designate the same client identifier

I have used msal-python, msal-go, msal-net, msal-node, and they all do not require client assertion's issuer and subject to be the same.

Metadata

Metadata

Assignees

Labels

EnhancementA request or suggestion to improve some aspect of the library

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions