Using PFX files with MSAL for Certificate AuthType#349
Merged
rodrigobr-msft merged 3 commits intomainfrom Apr 1, 2026
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Refactors certificate-based authentication to use a single PFX file with MSAL, removing PEM/key handling and dropping the cryptography dependency.
Changes:
- Replace
CERT_PEM_FILE/CERT_KEY_FILEconfiguration withCERT_PFX_FILE - Update MSAL credential construction to use
private_key_pfx_path - Update unit tests and dependency list to match the new certificate flow
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| tests/hosting_core/test_auth_configuration.py | Updates test inputs/assertions to validate CERT_PFX_FILE instead of PEM/key fields |
| libraries/microsoft-agents-hosting-core/microsoft_agents/hosting/core/authorization/agent_auth_configuration.py | Refactors configuration API and internal fields to support PFX-only certificate configuration |
| libraries/microsoft-agents-authentication-msal/setup.py | Removes cryptography dependency now that PEM parsing is gone |
| libraries/microsoft-agents-authentication-msal/microsoft_agents/authentication/msal/msal_auth.py | Switches MSAL client credential setup to reference a PFX file path |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ng/core/authorization/agent_auth_configuration.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
MattB-msft
approved these changes
Apr 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request updates the certificate-based authentication flow to use a single PFX certificate file instead of separate PEM and key files. This simplifies configuration and removes unnecessary dependencies. The changes also update the configuration class, its initialization, and related tests to reflect this new approach.
Certificate Authentication Refactor:
CERT_PFX_FILE) in theAgentAuthConfigurationclass and its initialization. All references toCERT_PEM_FILEandCERT_KEY_FILEhave been removed and replaced withCERT_PFX_FILE. [1] [2] [3]private_key_pfx_path) instead of loading and parsing PEM and key files, and removed the calculation of the certificate thumbprint.Dependency Cleanup:
cryptographylibrary from the package dependencies and imports, as it is no longer needed for certificate parsing. [1] [2]Test Updates:
cert_pfx_fileparameter and to check forCERT_PFX_FILEinstead of the old PEM/key fields. [1] [2] [3]