You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Feature Request] When ESTS sends a 401 because a certificate is revoked due to a rotation, attempt to reload once (like when the certificate has expired)
#2444
Closed
jmprieur opened this issue
Sep 6, 2023
· 1 comment
· Fixed by #2450
Is your feature request related to a problem? Please describe.
Today, Microsoft identity web detects that a certificate has an invalid key or has expired (Constants.InvalidKeyError or Constants.SignedAssertionInvalidTimeRange), and retries to load the certificate from the certificate description.
It does not look at the "certificate revoked" event ()
Describe the solution you'd like
Amend the IsInvalidClientCertificateOrSignedAssertionError method to add a test for AADSTS7000214: Certificate has been revoked.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Today, Microsoft identity web detects that a certificate has an invalid key or has expired (
Constants.InvalidKeyError
orConstants.SignedAssertionInvalidTimeRange
), and retries to load the certificate from the certificate description.See:
microsoft-identity-web/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs
Lines 546 to 556 in 767331f
with:
microsoft-identity-web/src/Microsoft.Identity.Web.TokenAcquisition/Constants.cs
Lines 130 to 131 in 767331f
It does not look at the "certificate revoked" event ()
Describe the solution you'd like
Amend the
IsInvalidClientCertificateOrSignedAssertionError
method to add a test for AADSTS7000214: Certificate has been revoked.The text was updated successfully, but these errors were encountered: