Microsoft Graph SDK should make the content of the WWW-Authenticate header available in the request context to support Pop with server nonce.
jmprieur opened this issue · 0 comments
Please provide the following (and please check them off the list with [x]) before submitting this issue:
- [ x ] Expected behavior. Please provide links to the specific Microsoft Graph documentation you used to determine the expected behavior.
- [ x ] Actual behavior. Provide error codes, stack information, and a Fiddler capture of the request and response (please remove personally identifiable information before posting).
- Steps to reproduce the behavior. Include your code, IDE versions, client library versions, and any other information that might be helpful to understand your scenario.
As tenant admins will enable Pop with server nonce for Microsoft Graph, the Clients will need to parse the WWW-Authenticate header to retrieve the Nonce
and other parameters.
Actual behavior
Today, the WWW-Authenticate header is parsed by the AuthenticationHandler
to provide the claims in the CaeAuthenticationProviderOption for the implementations of IAuthenticationProvider to support CAE.
Expected behavior
For Pop, the claims won't be enough. We need to provide the whole content of the WWW-Authenticate header (assuming Microsoft graph retuns only one WWW-Authenticate header), so that MSAL, or the classes that will provide the authentication can parse it and provide the authorization header (for instance Pop)