Add PoP (Proof-of-Possession) magic #8
Comments
|
Bogdan mentioned that POP for MSAL is only available for confidential clients. I'm going to read this and then probably grab some time with him to explain to me what this all means 🤣 https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-client-applications |
|
I can enable POP support for public clients if you wish to experiment with it. But it will only protect the access token, not the refresh token. It should be enough for you prototyping, but not enough for a secure solution. |
|
@bgavrilMS I decided to simulate the concept with Azure Blob per-request SAS signing: https://github.com/johnterickson/devproxy/blob/main/Proxy/RequestPlugins/AzureBlobSasRequestPlugin.cs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/access-token-proof-of-possession.md
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Proof-Of-Possession-(PoP)-tokens
The text was updated successfully, but these errors were encountered: