[POC] Expose secure HTTP client factory and propagate binding certificate in authentication result #5535
Conversation
| /// This interface is designed to support MTLS scenarios. | ||
| /// </remarks> | ||
| internal interface IMsalMtlsHttpClientFactory : IMsalHttpClientFactory | ||
| public interface IMsalMtlsHttpClientFactory : IMsalHttpClientFactory |
There was a problem hiding this comment.
@gladjohn - don't we need this to be made public for MSIv2 as well?
There was a problem hiding this comment.
No, we don't need to expose this for MSI v2. We will continue to use the existing factory IMsalHttpClientFactory to make calls into IMDS endpoints, this will ensure we use custom factory. But for the mTLS calls to ESTS, we will use the new IMsalMtlsHttpClientFactory. MSAL will be responsible for calls to ESTS.
| /// .NET should use SocketHandler, but UseDefaultCredentials doesn't work with it | ||
| /// </remarks> | ||
| internal class SimpleHttpClientFactory : IMsalMtlsHttpClientFactory, IMsalSFHttpClientFactory | ||
| public class SecureHttpClientFactory : IMsalMtlsHttpClientFactory, IMsalSFHttpClientFactory |
There was a problem hiding this comment.
Why did you make this public?
There was a problem hiding this comment.
Mostly to reuse the logic to create HTTP client with setting up a certificate by Identity.Web but it can be also beneficial for users of MSAL.NET who wants either secure HTTP client factory (with mTLS or server certificate validation).
cpp11nullptr
changed the title
| /// <summary> | ||
| /// Internal factory responsible for creating HttpClient instances configured for mutual TLS (MTLS). | ||
| /// This factory is specifically intended for use within the MSAL library for secure communication with Azure AD using MTLS. | ||
| /// A factory responsible for creating HttpClient instances configured for mutual TLS (MTLS). |
There was a problem hiding this comment.
Isn't it an interface not an actual factory?
No description provided.