Open PSanetra opened 1 week ago
@PSanetra Thanks for your feedback! We will investigate and update as appropriate.
@PSanetra Thanks for bringing this to our attention. I'm going to assign this to the document author so they can take a look at it accordingly.
Regarding the
Microsoft identity platform and OAuth 2.0 On-Behalf-Of flow
documentation:The section Middle-tier access token request enumerates two possible ways two request an access token:
The section is not mentioning any functional differences between both requests. In fact both descriptions of the assertion parameter are exactly the same.
This assumption is wrong: On a request with a certificate the assertion parameter MUST be an app-only token. It can not be a user token. See error code AADSTS700229
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.