[Bug] Missing Claims Propagation in SignedAssertionWithAssertionRequestOptions Delegate #5143
Comments
gladjohn
added
needs attention
gladjohn
added
confidential-client
bug
P2
and removed
untriaged
gladjohn
moved this from Committed
to Committed High Priority
in MSAL Customer Trust / QM
1 task
1 task
github-project-automation
bot
moved this from Committed High Priority
to Done
in MSAL Customer Trust / QM
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Library version used
Latest
.NET version
net 8
Scenario
ConfidentialClient - service to service (AcquireTokenForClient)
Is this a new or an existing app?
This is a new app or experiment
Issue description and reproduction steps
When using the delegate-based flow (.WithClientAssertion(options => ...)) in MSAL to generate a client assertion, the Claims property from AssertionRequestOptions is not being propagated into the final assertion. Although Claims is already part of AssertionRequestOptions, it is currently not consumed or forwarded in code paths that rely on the delegate.
Relevant code snippets
Expected behavior
Claims provided in AssertionRequestOptions.Claims should be included in the client assertion that is sent to the token endpoint.
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
When building the AssertionRequestOptions, ensure that the Claims property is passed to the delegate and included in the final assertion.
The text was updated successfully, but these errors were encountered: