diff --git a/python/docs-ref-autogen/msal/msal.application.ClientApplication.yml b/python/docs-ref-autogen/msal/msal.application.ClientApplication.yml index 8efa0bc..e60c09e 100644 --- a/python/docs-ref-autogen/msal/msal.application.ClientApplication.yml +++ b/python/docs-ref-autogen/msal/msal.application.ClientApplication.yml @@ -26,52 +26,71 @@ constructor: - - name: client_credential description: "For , you use *None*\ - \ here.\nFor ,\nit can\ - \ be a string containing client secret,\nor an X509 certificate container in\ + \ here.\n\nFor ,\nit supports\ + \ many different input formats for different scenarios.\n\n\n\n## Support using\ + \ a client secret.Just feed in a string, such as `\"your client secret\"`.\n\ + \n\n\n## Support using a certificate in X.509 (.pem) formatFeed in a dict in\ \ this form:\n\n\n\n````default\n\n\ \ {\n \"private_key\": \"...-----BEGIN PRIVATE KEY-----... in PEM format\"\ - ,\n \"thumbprint\": \"A1B2C3D4E5F6...\",\n \"public_certificate\"\ - : \"...-----BEGIN CERTIFICATE-----... (Optional. See below.)\",\n \"passphrase\"\ - : \"Passphrase if the private_key is encrypted (Optional. Added in version 1.6.0)\"\ - ,\n }\n ````\n\nMSAL Python requires a \"private_key\" in PEM format.\n\ - If your cert is in a PKCS12 (.pfx) format, you can also\n[convert it to PEM\ - \ and get the thumbprint](https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L101-L123).\n\ - \nThe thumbprint is available in your app's registration in Azure Portal.\n\ - Alternatively, you can [calculate the thumbprint](https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L94-L97).\n\ - \n*Added in version 0.5.0*:\npublic_certificate (optional) is public key certificate\n\ - which will be sent through 'x5c' JWT header only for\nsubject name and issuer\ - \ authentication to support cert auto rolls.\n\nPer [specs](https://tools.ietf.org/html/rfc7515#section-4.1.6),\n\ - \"the certificate containing\nthe public key corresponding to the key used to\ + ,\n \"thumbprint\": \"A1B2C3D4E5F6...\",\n \"passphrase\": \"Passphrase\ + \ if the private_key is encrypted (Optional. Added in version 1.6.0)\",\n \ + \ }\n ````\n\nMSAL Python requires a \"private_key\" in PEM format.\nIf your\ + \ cert is in PKCS12 (.pfx) format,\nyou can convert it to X.509 (.pem) format,\n\ + by `openssl pkcs12 -in file.pfx -out file.pem -nodes`.The thumbprint is available\ + \ in your app's registration in Azure Portal.\nAlternatively, you can [calculate\ + \ the thumbprint](https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L94-L97).\n\ + \n\n\n## Support Subject Name/Issuer Auth with a cert in .pem[Subject Name/Issuer\ + \ Auth](https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/60)\n\ + is an approach to allow easier certificate rotation.*Added in version 0.5.0*:\n\ + \n\n\n````default\n\n {\n \"\ + private_key\": \"...-----BEGIN PRIVATE KEY-----... in PEM format\",\n \ + \ \"thumbprint\": \"A1B2C3D4E5F6...\",\n \"public_certificate\": \"...-----BEGIN\ + \ CERTIFICATE-----...\",\n \"passphrase\": \"Passphrase if the private_key\ + \ is encrypted (Optional. Added in version 1.6.0)\",\n }\n ````\n\n`public_certificate`\ + \ (optional) is public key certificate\nwhich will be sent through 'x5c' JWT\ + \ header only for\nsubject name and issuer authentication to support cert auto\ + \ rolls.Per [specs](https://tools.ietf.org/html/rfc7515#section-4.1.6),\n\"\ + the certificate containing\nthe public key corresponding to the key used to\ \ digitally sign the\nJWS MUST be the first certificate. This MAY be followed\ \ by\nadditional certificates, with each subsequent certificate being the\n\ one used to certify the previous one.\"\nHowever, your certificate's issuer\ \ may use a different order.\nSo, if your attempt ends up with an error AADSTS700027\ \ -\n\"The provided signature value did not match the expected signature value\"\ - ,\nyou may try use only the leaf cert (in PEM/str format) instead.\n\n*Added\ - \ in version 1.13.0*:\nIt can also be a completely pre-signed assertion that\ - \ you've assembled yourself.\nSimply pass a container containing only the key\ - \ \"client_assertion\", like this:\n\n\n\n````default\n\n {\n \"\ + client_assertion\": \"...a JWT with claims aud, exp, iss, jti, nbf, and sub...\"\ + \n }\n ````\n\n\n\n## Supporting reading client cerficates from PFX files*Added\ + \ in version 1.29.0*:\nFeed in a dictionary containing the path to a PFX file:\n\ + \n\n\n````default\n\n {\n \"\ + private_key_pfx_path\": \"/path/to/your.pfx\",\n \"passphrase\": \"Passphrase\ + \ if the private_key is encrypted (Optional)\",\n }\n ````\n\nThe following\ + \ command will generate a .pfx file from your .key and .pem file:\n\n\n\n````default\n\n openssl pkcs12 -export -out certificate.pfx\ + \ -inkey privateKey.key -in certificate.pem\n ````\n\n\n\n## Support Subject\ + \ Name/Issuer Auth with a cert in .pfx*Added in version 1.30.0*:\nIf your .pfx\ + \ file contains both the private key and public cert,\nyou can opt in for Subject\ + \ Name/Issuer Auth like this:\n\n\n\n````default\n\ - \n {\n \"client_assertion\": \"...a JWT with claims aud, exp, iss, jti,\ - \ nbf, and sub...\"\n }\n ````\n\n\n\n## Supporting reading client cerficates\ - \ from PFX files*Added in version 1.29.0*:\nFeed in a dictionary containing\ - \ the path to a PFX file:\n\n\n\n````default\n\ - \n {\n \"private_key_pfx_path\": \"/path/to/your.pfx\",\n \"passphrase\"\ - : \"Passphrase if the private_key is encrypted (Optional. Added in version 1.6.0)\"\ - ,\n }\n ````\n\nThe following command will generate a .pfx file from your\ - \ .key and .pem file:\n\n\n\n````default\n\ - \n openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.pem\n\ - \ ````" + \n {\n \"private_key_pfx_path\": \"/path/to/your.pfx\",\n \"public_certificate\"\ + : True,\n \"passphrase\": \"Passphrase if the private_key is encrypted\ + \ (Optional)\",\n }\n ````" defaultValue: None types: - - [, ] + - [, , ] - name: client_claims description: "*Added in version 0.5.0*:\nIt is a dictionary of extra claims that\ \ would be signed by\nby this \ diff --git a/python/docs-ref-autogen/msal/msal.application.ConfidentialClientApplication.yml b/python/docs-ref-autogen/msal/msal.application.ConfidentialClientApplication.yml index 61e7cbf..8b53c19 100644 --- a/python/docs-ref-autogen/msal/msal.application.ConfidentialClientApplication.yml +++ b/python/docs-ref-autogen/msal/msal.application.ConfidentialClientApplication.yml @@ -26,52 +26,71 @@ constructor: - - name: client_credential description: "For , you use *None*\ - \ here.\nFor ,\nit can\ - \ be a string containing client secret,\nor an X509 certificate container in\ + \ here.\n\nFor ,\nit supports\ + \ many different input formats for different scenarios.\n\n\n\n## Support using\ + \ a client secret.Just feed in a string, such as `\"your client secret\"`.\n\ + \n\n\n## Support using a certificate in X.509 (.pem) formatFeed in a dict in\ \ this form:\n\n\n\n````default\n\n\ \ {\n \"private_key\": \"...-----BEGIN PRIVATE KEY-----... in PEM format\"\ - ,\n \"thumbprint\": \"A1B2C3D4E5F6...\",\n \"public_certificate\"\ - : \"...-----BEGIN CERTIFICATE-----... (Optional. See below.)\",\n \"passphrase\"\ - : \"Passphrase if the private_key is encrypted (Optional. Added in version 1.6.0)\"\ - ,\n }\n ````\n\nMSAL Python requires a \"private_key\" in PEM format.\n\ - If your cert is in a PKCS12 (.pfx) format, you can also\n[convert it to PEM\ - \ and get the thumbprint](https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L101-L123).\n\ - \nThe thumbprint is available in your app's registration in Azure Portal.\n\ - Alternatively, you can [calculate the thumbprint](https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L94-L97).\n\ - \n*Added in version 0.5.0*:\npublic_certificate (optional) is public key certificate\n\ - which will be sent through 'x5c' JWT header only for\nsubject name and issuer\ - \ authentication to support cert auto rolls.\n\nPer [specs](https://tools.ietf.org/html/rfc7515#section-4.1.6),\n\ - \"the certificate containing\nthe public key corresponding to the key used to\ + ,\n \"thumbprint\": \"A1B2C3D4E5F6...\",\n \"passphrase\": \"Passphrase\ + \ if the private_key is encrypted (Optional. Added in version 1.6.0)\",\n \ + \ }\n ````\n\nMSAL Python requires a \"private_key\" in PEM format.\nIf your\ + \ cert is in PKCS12 (.pfx) format,\nyou can convert it to X.509 (.pem) format,\n\ + by `openssl pkcs12 -in file.pfx -out file.pem -nodes`.The thumbprint is available\ + \ in your app's registration in Azure Portal.\nAlternatively, you can [calculate\ + \ the thumbprint](https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L94-L97).\n\ + \n\n\n## Support Subject Name/Issuer Auth with a cert in .pem[Subject Name/Issuer\ + \ Auth](https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/60)\n\ + is an approach to allow easier certificate rotation.*Added in version 0.5.0*:\n\ + \n\n\n````default\n\n {\n \"\ + private_key\": \"...-----BEGIN PRIVATE KEY-----... in PEM format\",\n \ + \ \"thumbprint\": \"A1B2C3D4E5F6...\",\n \"public_certificate\": \"...-----BEGIN\ + \ CERTIFICATE-----...\",\n \"passphrase\": \"Passphrase if the private_key\ + \ is encrypted (Optional. Added in version 1.6.0)\",\n }\n ````\n\n`public_certificate`\ + \ (optional) is public key certificate\nwhich will be sent through 'x5c' JWT\ + \ header only for\nsubject name and issuer authentication to support cert auto\ + \ rolls.Per [specs](https://tools.ietf.org/html/rfc7515#section-4.1.6),\n\"\ + the certificate containing\nthe public key corresponding to the key used to\ \ digitally sign the\nJWS MUST be the first certificate. This MAY be followed\ \ by\nadditional certificates, with each subsequent certificate being the\n\ one used to certify the previous one.\"\nHowever, your certificate's issuer\ \ may use a different order.\nSo, if your attempt ends up with an error AADSTS700027\ \ -\n\"The provided signature value did not match the expected signature value\"\ - ,\nyou may try use only the leaf cert (in PEM/str format) instead.\n\n*Added\ - \ in version 1.13.0*:\nIt can also be a completely pre-signed assertion that\ - \ you've assembled yourself.\nSimply pass a container containing only the key\ - \ \"client_assertion\", like this:\n\n\n\n````default\n\n {\n \"\ + client_assertion\": \"...a JWT with claims aud, exp, iss, jti, nbf, and sub...\"\ + \n }\n ````\n\n\n\n## Supporting reading client cerficates from PFX files*Added\ + \ in version 1.29.0*:\nFeed in a dictionary containing the path to a PFX file:\n\ + \n\n\n````default\n\n {\n \"\ + private_key_pfx_path\": \"/path/to/your.pfx\",\n \"passphrase\": \"Passphrase\ + \ if the private_key is encrypted (Optional)\",\n }\n ````\n\nThe following\ + \ command will generate a .pfx file from your .key and .pem file:\n\n\n\n````default\n\n openssl pkcs12 -export -out certificate.pfx\ + \ -inkey privateKey.key -in certificate.pem\n ````\n\n\n\n## Support Subject\ + \ Name/Issuer Auth with a cert in .pfx*Added in version 1.30.0*:\nIf your .pfx\ + \ file contains both the private key and public cert,\nyou can opt in for Subject\ + \ Name/Issuer Auth like this:\n\n\n\n````default\n\ - \n {\n \"client_assertion\": \"...a JWT with claims aud, exp, iss, jti,\ - \ nbf, and sub...\"\n }\n ````\n\n\n\n## Supporting reading client cerficates\ - \ from PFX files*Added in version 1.29.0*:\nFeed in a dictionary containing\ - \ the path to a PFX file:\n\n\n\n````default\n\ - \n {\n \"private_key_pfx_path\": \"/path/to/your.pfx\",\n \"passphrase\"\ - : \"Passphrase if the private_key is encrypted (Optional. Added in version 1.6.0)\"\ - ,\n }\n ````\n\nThe following command will generate a .pfx file from your\ - \ .key and .pem file:\n\n\n\n````default\n\ - \n openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.pem\n\ - \ ````" + \n {\n \"private_key_pfx_path\": \"/path/to/your.pfx\",\n \"public_certificate\"\ + : True,\n \"passphrase\": \"Passphrase if the private_key is encrypted\ + \ (Optional)\",\n }\n ````" defaultValue: None types: - - [, ] + - [, , ] - name: client_claims description: "*Added in version 0.5.0*:\nIt is a dictionary of extra claims that\ \ would be signed by\nby this \