fix

bgavrilMS · bgavrilMS · commit ad3401cb4f9a · 2025-11-06T11:51:33.000Z
diff --git a/src/client/Microsoft.Identity.Client/AuthScheme/PoP/MtlsPopAuthenticationOperation.cs b/src/client/Microsoft.Identity.Client/AuthScheme/PoP/MtlsPopAuthenticationOperation.cs
@@ -38,23 +38,9 @@ public IReadOnlyDictionary<string, string> GetTokenRequestParams()
             };
         }
 
-        private static string ComputeX5tS256KeyId(X509Certificate2 certificate)
-        {
-            // Extract the raw bytes of the certificate’s public key.
-            var publicKey = certificate.GetPublicKey();
-
-            // Compute the SHA-256 hash of the public key.
-            using (var sha256 = SHA256.Create())
-            {
-                byte[] hash = sha256.ComputeHash(publicKey);
-
-                // Return the hash encoded in Base64 URL format.
-                return Base64UrlHelpers.Encode(hash);
-            }
-        }
-
         public Task FormatResultAsync(AuthenticationResult authenticationResult, CancellationToken cancellationToken = default)
         {
+            FormatResult(authenticationResult);
             return Task.CompletedTask;
         }
 
diff --git a/tests/Microsoft.Identity.Test.Unit/PublicApiTests/MtlsPopTests.cs b/tests/Microsoft.Identity.Test.Unit/PublicApiTests/MtlsPopTests.cs
@@ -196,6 +196,28 @@ public void Constructor_ValidCertificate()
             Assert.AreEqual(Constants.MtlsPoPTokenType, scheme.AccessTokenType);
         }
 
+        [TestMethod]
+        public void SchemeSetsCert()
+        {
+            var scheme = new MtlsPopAuthenticationOperation(s_testCertificate);
+            AuthenticationResult ar = new AuthenticationResult();
+
+            scheme.FormatResult(ar);
+
+            Assert.AreSame(s_testCertificate, ar.BindingCertificate);
+        }
+
+        [TestMethod]
+        public async Task SchemeSetsCertAsync()
+        {
+            var scheme = new MtlsPopAuthenticationOperation(s_testCertificate);
+            AuthenticationResult ar = new AuthenticationResult();
+
+            await scheme.FormatResultAsync(ar).ConfigureAwait(false);
+
+            Assert.AreSame(s_testCertificate, ar.BindingCertificate);
+        }
+
         private static string ComputeExpectedKeyId(X509Certificate2 certificate)
         {
             // Get the raw public key bytes
