Revert "Update MSAL to send "fmi-bearer" client assertion type based … (#5166)

Revert "Update MSAL to send "fmi-bearer" client assertion type based on the client id (#5160)"

This reverts commit cac074c.

Co-authored-by: trwalke <[email protected]>

Author: trwalke

src/client/Microsoft.Identity.Client/Internal/ClientCredential/CertificateAndClaimsClientCredential.cs

@@ -65,9 +65,7 @@ public Task AddConfidentialClientParametersAsync(
 
                 string assertion = jwtToken.Sign(Certificate, requestParameters.SendX5C, useSha2);
 
-                oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType,
-                                                                string.Equals(clientId, Constants.FmiUrnClientId) ? 
-                                                                OAuth2AssertionType.FmiBearer : OAuth2AssertionType.JwtBearer);
+                oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer);
                 oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, assertion);
             }
             else

src/client/Microsoft.Identity.Client/Internal/ClientCredential/SignedAssertionDelegateClientCredential.cs

@@ -38,14 +38,12 @@ public async Task AddConfidentialClientParametersAsync(
             string tokenEndpoint,
             CancellationToken cancellationToken)
         {
-            string assertionType = requestParameters.AppConfig.ClientId == Constants.FmiUrnClientId ?
-                                   OAuth2AssertionType.FmiBearer :
-                                   OAuth2AssertionType.JwtBearer;
-            string signedAssertion;
             if (_signedAssertionDelegate != null)
             {
                 // If no "AssertionRequestOptions" delegate is supplied
-                signedAssertion = await _signedAssertionDelegate(cancellationToken).ConfigureAwait(false);
+                string signedAssertion = await _signedAssertionDelegate(cancellationToken).ConfigureAwait(false);
+                oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer);
+                oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, signedAssertion);
             }
             else
             {
@@ -68,14 +66,13 @@ public async Task AddConfidentialClientParametersAsync(
 
                 //Set claims
                 assertionOptions.Claims = requestParameters.Claims;
-
+            
                 // Delegate that uses AssertionRequestOptions
-                signedAssertion = await _signedAssertionWithInfoDelegate(assertionOptions).ConfigureAwait(false);
+                string signedAssertion = await _signedAssertionWithInfoDelegate(assertionOptions).ConfigureAwait(false);
 
+                oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, OAuth2AssertionType.JwtBearer);
+                oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, signedAssertion);
             }
-
-            oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertionType, assertionType);
-            oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientAssertion, signedAssertion);
         }
     }
 }

src/client/Microsoft.Identity.Client/Internal/Constants.cs

@@ -53,8 +53,6 @@ internal static class Constants
         public const int CallerSdkIdMaxLength = 10;
         public const int CallerSdkVersionMaxLength = 20;
 
-        public const string FmiUrnClientId = "urn:microsoft:identity:fmi";
-
         public static string FormatEnterpriseRegistrationOnPremiseUri(string domain)
         {
             return $"https://enterpriseregistration.{domain}/enrollmentserver/contract";

src/client/Microsoft.Identity.Client/OAuth2/OAuthConstants.cs

@@ -66,7 +66,6 @@ internal static class OAuth2ResponseType
     internal static class OAuth2AssertionType
     {
         public const string JwtBearer = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
-        public const string FmiBearer = "urn:ietf:params:oauth:client-assertion-type:fmi-bearer";
     }
 
     internal static class OAuth2RequestedTokenUse

tests/Microsoft.Identity.Test.Unit/PublicApiTests/FmiTests.cs

@@ -58,88 +58,5 @@ public async Task FmiEnsureWithFmiPathFunctions()
                 Assert.AreEqual(fmiClientId, app.AppTokenCacheInternal.Accessor.GetAllAccessTokens().First().ClientId);
             }
         }
-
-        [TestMethod]
-        [DataRow("urn:microsoft:identity:fmi", "Cert")]
-        [DataRow("urn:microsoft:identity:fmi", "SignedAssertionDelegate")]
-        [DataRow(TestConstants.ClientId, "Cert")]
-        [DataRow(TestConstants.ClientId, "SignedAssertionDelegate")]
-        [DataRow("urn:microsoft:identity:fmi", "SignedAssertionDelegate2")]
-        [DataRow(TestConstants.ClientId, "SignedAssertionDelegate2")]
-        public async Task FmiEnsureWithFmiPathUsesCorrectClientAssertion(string clientId, string clientAssertionType)
-        {
-            using (var httpManager = new MockHttpManager())
-            {
-                var jwtClientAssertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
-                var fmiClientAssertionType = "urn:ietf:params:oauth:client-assertion-type:fmi-bearer";
-
-                var certificate = CertHelper.GetOrCreateTestCert();
-                var builder = ConfidentialClientApplicationBuilder.Create(clientId)
-                                              .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
-                                              .WithRedirectUri(TestConstants.RedirectUri);
-
-                switch (clientAssertionType)
-                {
-                    case "Cert":
-                        builder.WithCertificate(certificate);
-                        break;
-                    case "SignedAssertionDelegate":
-                        builder.WithClientAssertion(() => { return TestConstants.DefaultClientAssertion; });
-                        break;
-                    case "SignedAssertionDelegate2":
-                        Func<AssertionRequestOptions, Task<string>> func = (AssertionRequestOptions options) =>
-                        {
-                            return Task.FromResult(TestConstants.DefaultClientAssertion);
-                        };
-                        builder.WithClientAssertion(func);
-                        break;
-                    default:
-                        throw new NotImplementedException();
-                }
-
-                var app = builder.WithHttpManager(httpManager)
-                .WithExperimentalFeatures()
-                .BuildConcrete();
-
-                var appCacheAccess = app.AppTokenCache.RecordAccess();
-
-                httpManager.AddInstanceDiscoveryMockHandler();
-
-                if (string.Equals(clientId, TestConstants.ClientId))
-                {
-                    httpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage(
-                                expectedPostData: new Dictionary<string, string>()
-                                { { OAuth2Parameter.ClientAssertionType, jwtClientAssertionType } });
-                }
-                else
-                {
-                    httpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage(
-                                expectedPostData: new Dictionary<string, string>()
-                                { { OAuth2Parameter.ClientAssertionType, fmiClientAssertionType } });
-                }
-
-                //Ensure that the FMI path is set correctly and token is retrieved
-                var result = await app.AcquireTokenForClient(TestConstants.s_scope.ToArray())
-                                        .WithFmiPath("fmiPath")
-                                        .ExecuteAsync(CancellationToken.None)
-                                        .ConfigureAwait(false);
-
-                Assert.IsNotNull(result);
-                Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
-                Assert.AreEqual("header.payload.signature", result.AccessToken);
-                Assert.AreEqual(clientId, app.AppTokenCacheInternal.Accessor.GetAllAccessTokens().First().ClientId);
-
-                //Assert token can be acquired from cache
-                result = await app.AcquireTokenForClient(TestConstants.s_scope.ToArray())
-                                        .WithFmiPath("fmiPath")
-                                        .ExecuteAsync(CancellationToken.None)
-                                        .ConfigureAwait(false);
-
-                Assert.IsNotNull(result);
-                Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource);
-                Assert.AreEqual("header.payload.signature", result.AccessToken);
-                Assert.AreEqual(clientId, app.AppTokenCacheInternal.Accessor.GetAllAccessTokens().First().ClientId);
-            }
-        }
     }
 }