Merge pull request #30 from Cloud-Architekt/Chapter5-RtUpdate

Description update for RT
Cloud-Architekt · Jan 20, 2023 · e4d455e · e4d455e
2 parents 397de7e + 3edc3dc
commit e4d455e
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/ReplayOfPrimaryRefreshToken.md b/ReplayOfPrimaryRefreshToken.md
@@ -256,6 +256,9 @@ An attacker is capturing PowerShell process traffic from a compliant device and
 
 The attacker is stealing refresh-token from browser traffic on a device where users can satisfy Conditional Access Policies and get refresh token without Web Account Manager (WAM) being involved in token and session cookie encryption.
 
+**Side note**
+PRT flow contains PRT cookie in the browser, which is included as part of the request header called "x-ms-RefreshTokenCredential" and request tokens from Azure AD. Detailed information about the authentication flow and be found from [Browser SSO Using PRT](https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-primary-refresh-token#browser-sso-using-prt)
+
 **Pre-requisites**
 
 - Valid and unprotected Refresh Token which has been issued outside of WAM and PRT flow.