ClientCredentialCertificateContext implementation using certificate #5870

tnup · 2024-12-04T14:20:26Z

tnup
Dec 4, 2024

Hello everyone,

i am trying to use the graph api to upload a file to sharepoint using php.
The authentification I am doing as the app, trying to use a certificate.

I am trying to follow this example, but I am confused:

https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=PHP#client-credentials-provider

Why is only the PHP example requiring both the certificate AND private key + pass to use the ClientCredentialCertificateContext ?
All the other languages have examples where only the Certificate is required.

Hopefully someone can shine some light on this for me :)

thank you very much.

Answered by baywet

Dec 4, 2024

Hi @tnup
Thank you for using kiota and for reaching out.

Certificate authentication MAY require up to three things one the confidential side to work:

(always required) the certificate itself, which describes the public key and some metadata
(always required) the matching private key, which allows signing a temporary generated "phrase" , this signed phrased is then deciphered by the service using the public key of the certificate to guarantee the origin/authenticity of the caller.
(optional) the password for the private key, depending on how your certificate/key pair was generated, the private key may require a password to be accessed. If you didn't specify a password to protect the priva…

View full answer

baywet · 2024-12-04T15:12:20Z

baywet
Dec 4, 2024
Collaborator

Hi @tnup
Thank you for using kiota and for reaching out.

Certificate authentication MAY require up to three things one the confidential side to work:

(always required) the certificate itself, which describes the public key and some metadata
(always required) the matching private key, which allows signing a temporary generated "phrase" , this signed phrased is then deciphered by the service using the public key of the certificate to guarantee the origin/authenticity of the caller.
(optional) the password for the private key, depending on how your certificate/key pair was generated, the private key may require a password to be accessed. If you didn't specify a password to protect the private key, this can be null.

Depending on how the certificate/key pair was generated, it might be in two separate files, or in a single file. In the later case, simply pass the same path twice. All of that ends up calling the open ssl get private key method

I hope this helps.

Let us know if you have any additional comments or questions.

0 replies

tnup · 2024-12-16T15:21:15Z

tnup
Dec 16, 2024
Author

thank you very much for your detailed explanation @baywet,

I was able to get the sdk to work using the php example, but still not quite understand why the php version of the library requires both the public key AND the private key where the examples in the other languages (c#, Typescript etc) requires only one...

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ClientCredentialCertificateContext implementation using certificate #5870

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

ClientCredentialCertificateContext implementation using certificate #5870

tnup Dec 4, 2024

Replies: 2 comments

baywet Dec 4, 2024 Collaborator

tnup Dec 16, 2024 Author

tnup
Dec 4, 2024

baywet
Dec 4, 2024
Collaborator

tnup
Dec 16, 2024
Author