Enabling server certificate validation

microsoftgraph · May 21, 2024 · ffa1edb · ffa1edb
1 parent e64f6d5
commit ffa1edb
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 7 deletions.
diff --git a/docs/authentication.md b/docs/authentication.md
@@ -114,9 +114,9 @@ Before using the provided `-AccessToken` to get Microsoft Graph resources, custo
 
 ### Access Token Proof of Possession (AT PoP)
 
-AT PoP is a security mechanism that binds an access token to a cryptographic key that only the intended recipient has. This prevents unauthorized use of the token by malicious actors. AT PoP enhances data protection, reduces token replay attacks, and enables fine-grained authorization policies.
+AT PoP is a security mechanism that binds an access token to a cryptographic key that only the token requestor has. This prevents unauthorized use of the token by malicious actors. AT PoP enhances data protection, reduces token replay attacks, and enables fine-grained authorization policies.
 
-Note: AT PoP requires WAM to function.
+Note: AT PoP requires Web Account Manager (WAM) to function.
 
 Microsoft Graph PowerShell module supports AT PoP in the following scenario:
 

diff --git a/src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs b/src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs
@@ -482,7 +482,7 @@ public static PopTokenRequestContext CreatePopTokenRequestContext(IAuthContext a
         {
             // Creating a httpclient that would handle all pop calls
             Uri popResourceUri = GraphSession.Instance.GraphRequestProofofPossession.Uri ?? new Uri("https://canary.graph.microsoft.com/beta/me"); //PPE (https://graph.microsoft-ppe.com) or Canary (https://canary.graph.microsoft.com) or (https://20.190.132.47/beta/me)
-            HttpClient popHttpClient = new(new HttpClientHandler { ServerCertificateCustomValidationCallback = (_, _, _, _) => true });
+            HttpClient popHttpClient = new(new HttpClientHandler());
 
             // Find the WWW-Authenticate header in the response.
             var popMethod = GraphSession.Instance.GraphRequestProofofPossession.HttpMethod ?? HttpMethod.Get;
@@ -498,7 +498,7 @@ public static PopTokenRequestContext CreatePopTokenRequestContext(IAuthContext a
 
             });
 
-            var _popPipeline = HttpPipelineBuilder.Build(popPipelineOptions, new HttpPipelineTransportOptions { ServerCertificateCustomValidationCallback = (_) => true });
+            var _popPipeline = HttpPipelineBuilder.Build(popPipelineOptions, new HttpPipelineTransportOptions());
             GraphSession.Instance.GraphRequestProofofPossession.Request = _popPipeline.CreateRequest();
             GraphSession.Instance.GraphRequestProofofPossession.Request.Method = ConvertToAzureRequestMethod(popMethod);
             GraphSession.Instance.GraphRequestProofofPossession.Request.Uri.Reset(popResourceUri);

diff --git a/src/Authentication/Authentication.Test/Microsoft.Graph.Authentication.Test.csproj b/src/Authentication/Authentication.Test/Microsoft.Graph.Authentication.Test.csproj
@@ -8,7 +8,7 @@
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.2" />
     <!-- As described in this post https://devblogs.microsoft.com/powershell/depending-on-the-right-powershell-nuget-package-in-your-net-project, reference the SDK for dotnetcore-->
     <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.2.2" PrivateAssets="all" Condition="'$(TargetFramework)' == 'net6.0'" />
-    <PackageReference Include="Moq" Version="4.20.69" />
+    <PackageReference Include="Moq" Version="4.20.1" />
     <PackageReference Include="xunit" Version="2.4.2" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.4.5">
       <PrivateAssets>all</PrivateAssets>

diff --git a/src/Authentication/Authentication/test/Get-MgGraphOption.Tests.ps1 b/src/Authentication/Authentication/test/Get-MgGraphOption.Tests.ps1
@@ -13,7 +13,7 @@ Describe "Get-MgGraphOption Command" {
             $GetMgGraphOptionCommand = Get-Command Set-MgGraphOption
             $GetMgGraphOptionCommand | Should -Not -BeNullOrEmpty
             $GetMgGraphOptionCommand.ParameterSets | Should -HaveCount 1
-            $GetMgGraphOptionCommand.ParameterSets.Parameters | Should -HaveCount 13 # PS common parameters.
+            $GetMgGraphOptionCommand.ParameterSets.Parameters | Should -HaveCount 14 # PS common parameters.
         }
 
         It 'Executes successfully' {

diff --git a/src/Authentication/Authentication/test/Set-MgGraphOption.Tests.ps1 b/src/Authentication/Authentication/test/Set-MgGraphOption.Tests.ps1
@@ -13,7 +13,7 @@ Describe "Set-MgGraphOption" {
             $SetMgGraphOptionCommand = Get-Command Set-MgGraphOption
             $SetMgGraphOptionCommand | Should -Not -BeNullOrEmpty
             $SetMgGraphOptionCommand.ParameterSets | Should -HaveCount 1
-            $SetMgGraphOptionCommand.ParameterSets.Parameters | Should -HaveCount 13 # PS common parameters.
+            $SetMgGraphOptionCommand.ParameterSets.Parameters | Should -HaveCount 14 # PS common parameters.
         }
 
         It 'Executes successfully when toggling WAM on' {