[Documentation] confused on func CertFromPEM

AzureAD / microsoft-authentication-library-for-go

The MSAL library for Go is part of the Microsoft identity platform for developers (formerly named Azure AD) v2.0. It enables you to acquire security tokens to call protected APIs. It uses industry standard OAuth2 and OpenID Connect.

MIT License

218 stars 87 forks source link

[Documentation] confused on func CertFromPEM #470

Closed Vighnesh1234 closed 6 months ago

Vighnesh1234 commented 6 months ago

Documentation related to component

Please check all that apply

[ ] typo
[x] documentation doesn't exist
[x] documentation needs clarification
[ ] error(s) in the example
[x] needs an example

Description of the issue

Vighnesh1234 commented 6 months ago

Hi Team,

I am trying to generate a token .

I have a private key( privatekey.pem), thumbprint and certificate file (cert.pem). I dont have a secret.

I was trying to understand and generate token for myself.

From what I understand I should use CertFromPEM then the returned values in the NewCredFromCert.

CertFromPEM has 2 inputs pemData []byte, password string. So I have converted my cert.pem from string to byte array and using privatekey.pem (copied the string code) as my password .

It gives me the error "no private key found" .

Please suggest what needs to be changed and provide an example.

bgavrilMS commented 6 months ago

The certificate must have a private key, as the private key is used for signing the assertion.

The service (the identity provider / AAD) has the public key, so it is able to verify the digital signature. See https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/main/apps/tests/devapps/client_certificate_sample.go#L29

Vighnesh1234 commented 6 months ago

Thanks. I was confused and later realized I have to combine the public and private keys which will act as the pemData. This can be closed.