Azure Certificate based Authentication from App Service

[Manojgupta1234]

As of now there is a Client Secret based authentication available in CoreLib(V4.2 - corelibrary/src/Infrastructure/LeanCode.IdentityServer.KeyVault/IdentityServerKeyVaultConfiguration.cs) and we are referring the same in our project.

Is there any plan to implement a Client Certificate based authentication(more secure) or is it already implement in latest version (V6.0)?
Certificate type: .pem

Happy to discuss on this.

[jakubfijalkowski]

Thanks for the question!

In V6 (even V5 I think, although it was using older Azure libs back then) we changed the way this module is configured. It now assumes that some external process (so - Startup) configured client to the KeyVault using whatever approach they like the best and you specify which keyvault to use with AddIdentityServerTokenSigningKey extension method like this:

var vaultUri = new Uri("https://my-vault.vault.azure.net");
var keyId = new Uri("https://my-vault.vault.azure.net/keys/tokens");
cfg.AddKeyClient(vaultUri);
cfg.AddIdentityServerTokenSigningKey(keyId);

This gave us the ability not to force the auth method used (and we tend to use MSIs now for Azure auth).

So, to answer your question - it is "implemented" in V6 and we don't plan to add certificate-based option to 4.2 (although we are open for PRs).