This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
MIT License
4.53k
stars
2.76k
forks
source link
[azure-identity] `CertificateCredential` passes `private_key` to MSAL with incorrect type #36578
azure-identity
Describe the bug When
CertificateCredential
builds theclient_credential
dict and passes it to MSAL, it setsprivate_key
asbytes
:https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74aef5d569db499d6e/sdk/identity/azure-identity/azure/identity/_credentials/certificate.py#L169
But in MSAL's document,
private_key
should be astr
:https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/3279f045dc573d8408ddcdf3565e8b16247627be/msal/application.py#L257
Its underlying
jwt.encode
also requireskey
asstr
:It is fortunate that
jwt.encode
is smart enough to supportkey
asbytes
: https://github.com/jpadilla/pyjwt/blob/527fec277e8215a197f8facd3778b359043704ef/jwt/algorithms.py#L336, but this is undocumented behavior and may break unexpectedly.Expected behavior
azure-identity
should strictly follow MSAL's documentation to invoke MSAL.