Skip to content

[Bug] MSAL should use the recommended padding in client_credentials #958

New issue
New issue
Open
Open
[Bug] MSAL should use the recommended padding in client_credentials#958
Labels
BugSomething isn't working, needs an investigation and a fixP2Normal priority items, should be done after P1confidential-clientFor issues related to confidential client apps
@bgavrilMS

Description

@bgavrilMS
bgavrilMS
opened on May 23, 2025

Library version used

latest

Java version

8

Scenario

ConfidentialClient - service to service (AcquireTokenForClient)

Is this a new or an existing app?

This is a new app or experiment

Issue description and reproduction steps

The recommended padding is PSS, as per docs https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials#header

MSAL Java use RSS -

microsoft-authentication-library-for-java/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/JwtHelper.java

Line 49 in b02c8f2

JWSHeader.Builder builder = new Builder(JWSAlgorithm.RS256);

Relevant code snippets



Expected behavior


No response


Identity provider


Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)


Regression


No response


Solution and workarounds


No response
Metadata
Metadata
Assignees
No one assigned
    Labels
    BugSomething isn't working, needs an investigation and a fixP2Normal priority items, should be done after P1confidential-clientFor issues related to confidential client apps
    Type
    No type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions