-
Notifications
You must be signed in to change notification settings - Fork 331
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pop implementation for Confidential Client #1986
Conversation
did you consider refactoring for re-use across net desktop and net core? |
@henrik-me yes. Netcore is implemented here. one more commit to push |
...icrosoft.Identity.Client/ApiConfig/AbstractConfidentialClientAcquireTokenParameterBuilder.cs
Outdated
Show resolved
Hide resolved
I still see potential for refactoring's as there is code duplication which can be avoided. In reply to: 673187877 [](ancestors = 673187877) |
src/client/Microsoft.Identity.Client/Platforms/netcore/NetCorePoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Platforms/netcore/NetCorePoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Platforms/netcore/NetCorePoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Platforms/netcore/NetCorePoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Platforms/netcore/NetCorePoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Platforms/netcore/NetCorePoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Platforms/netcore/NetCorePoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Platforms/netcore/NetCorePoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See comments
src/client/Microsoft.Identity.Client/Platforms/netcore/NetCorePoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Platforms/netcore/NetCorePoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Platforms/netcore/NetCorePoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
tests/Microsoft.Identity.Test.Unit.net45/pop/PopAuthenticationSchemeTests.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Platforms/netcore/NetCorePoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Platforms/netcore/NetCorePoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few comments remaining
src/client/Microsoft.Identity.Client/PlatformsCommon/NetSharedPoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/PlatformsCommon/NetSharedPoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/PlatformsCommon/NetSharedPoPCryptoProvider.cs
Outdated
Show resolved
Hide resolved
tests/Microsoft.Identity.Test.Unit.net45/pop/PopAuthenticationSchemeTests.cs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor comments remaining, please resolve and commit
adding netcore implementation
Fixing key rotation issue. Adding surface for CCA
missing file change
addressing PR comments
/// <summary> | ||
/// The default implementation will store a key in memory | ||
/// </summary> | ||
internal class InMemoryCryptoProvider : IPoPCryptoProvider |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@trwalke - as discussed, here's a suggestion on how to deal with the key expiration, since the crypto provider must always provide details about the same public / private key pair.
I moved your expiration logic to another class.
internal /* internal for test only */ const int RsaKeySize = 2048; | ||
|
||
|
||
#if NET45 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we now target both .net45 and .net 461, and in .net 461 the RSA.Create() works fine.
/// <summary> | ||
/// This factory ensures key rotation every 8h | ||
/// </summary> | ||
internal class PoPProviderFactory |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I moved expiration logic here.
PR for #1946