[Obaid to Bcc] Hi David,
I'll be looking into this Oauth question you've posed. Once I've completed my research, I'll reach out to you with my findings. Regards, Kristian Smith Support Escalation Engineer | Azure DevOps, Windows Protocols | Microsoft® Corporation Office phone: +1 425-421-4442 Email: kristian.sm...@microsoft.com<mailto:kristian.sm...@microsoft.com> Working hours: 8:00 am - 5:00 pm PST, Monday – Friday Team Manager: Gary Ranne gar...@microsoft.com<mailto:gar...@microsoft.com> ServiceHub: https://serviceshub.microsoft.com/support/contactsupport_ In case you don't hear from me, please call your regional number here: https://support.microsoft.com/help/13948/global-customer-service-phone-numbers. If you need assistance outside my normal working hours, please reach out to de...@microsoft.com<mailto:de...@microsoft.com>. One of my colleagues will gladly continue working on this issue.de...@microsoft.com<mailto:de...@microsoft.com>. One of my colleagues will gladly continue working on this issue. ________________________________ From: Obaid Farooqi <oba...@microsoft.com> Sent: Friday, December 15, 2023 3:00 PM To: David Mulder <dmul...@samba.org> Cc: cifs-protocol@lists.samba.org <cifs-protocol@lists.samba.org> Subject: [MS-OAPXBC] Exchange PRT for Access Token, HS256 or RS256? - TrackingID#2312150040011919 Hi David: Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon. Regards, Obaid Farooqi Escalation Engineer | Microsoft -----Original Message----- From: David Mulder <dmul...@samba.org> Sent: Friday, December 15, 2023 2:52 PM To: Interoperability Documentation Help <doch...@microsoft.com> Cc: cifs-protocol@lists.samba.org Subject: [EXTERNAL] [MS-OAPXBC] Exchange PRT for Access Token, HS256 or RS256? In section 3.2.5.1.3.1 the protocol initially says that "JWTs are signed either with a device key or session keys". Then for the jwt header alg field it says "HS256" is supported. The session key (session_key_jwe) obtained during the request for PRT would be the symmetric key for the HS256 algorithm. How do we sign instead with the device key? The private key for the device isn't symmetric. Do we instead sign it with RS256? The spec doesn't explain. Likewise, in section 3.2.5.1.2.1, the PRT request says we can use either "a device key or session keys". The PRT request then explicitly states that we will use the "RS256" alg. RS256 isn't symmetric, so how would we then use the symmetric session key for signing? -- David Mulder Labs Software Engineer, Samba SUSE 1221 S Valley Grove Way, Suite 500 Pleasant Grove, UT 84062 (P)+1 385.208.2989 dmul...@suse.com https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.suse.com%2F&data=05%7C02%7CKristian.Smith%40microsoft.com%7C869f960ed47343bf791b08dbfdc1a9f3%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638382780449701376%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5GQ74FaS2R3Kkph1y3JYg3tJEPA6ThGxz1%2FeFVzflmQ%3D&reserved=0<http://www.suse.com/>
_______________________________________________ cifs-protocol mailing list cifs-protocol@lists.samba.org https://lists.samba.org/mailman/listinfo/cifs-protocol