#6673 - Fix of SNI auth not working in Cert based authentication (#6676)

After upgrade from ADAL to MSAL auth library, sendX5C flag was not set and it breaks SN+I authentication with AAD app registrations. Co-authored-by: Michal Hanzlik <mihanzlk@microsoft.com>
microsoft · Jul 28, 2023 · 6baf0f8 · 6baf0f8
1 parent b9603fb
commit 6baf0f8
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/libraries/Microsoft.Bot.Connector/Authentication/CertificateAppCredentials.cs b/libraries/Microsoft.Bot.Connector/Authentication/CertificateAppCredentials.cs
@@ -139,7 +139,7 @@ protected override Lazy<IAuthenticator> BuildIAuthenticator()
             return new Lazy<IAuthenticator>(
                 () =>
                 {
-                    var clientApplication = CreateClientApplication(clientCertificate, MicrosoftAppId, CustomHttpClient);
+                    var clientApplication = CreateClientApplication(clientCertificate, MicrosoftAppId, sendX5c, CustomHttpClient);
                     return new MsalAppCredentials(
                         clientApplication,
                         MicrosoftAppId,
@@ -151,11 +151,11 @@ protected override Lazy<IAuthenticator> BuildIAuthenticator()
                 LazyThreadSafetyMode.ExecutionAndPublication);
         }
 
-        private Identity.Client.IConfidentialClientApplication CreateClientApplication(X509Certificate2 clientCertificate, string appId, HttpClient customHttpClient = null)
+        private Identity.Client.IConfidentialClientApplication CreateClientApplication(X509Certificate2 clientCertificate, string appId, bool sendX5c, HttpClient customHttpClient = null)
         {
             var clientBuilder = Identity.Client.ConfidentialClientApplicationBuilder.Create(appId)
                .WithAuthority(new Uri(OAuthEndpoint), ValidateAuthority)
-               .WithCertificate(clientCertificate);
+               .WithCertificate(clientCertificate, sendX5c);
 
             if (customHttpClient != null)
             {