[Feature Request] MSAL.NET should have a mechanism to pass-in an FmiPath to the client assertion delegate

[jmprieur]

MSAL client type

Confidential

Problem statement

In some flows, developers want to call AcquireTokenForClient and AcquireTokenOnBehalfOf with client credentials, obtained by exchanging an MSI token while providing an fmiPath

Proposed solution

1. Add a new WithFmiPathForClientAssertion modifier on AcquireTokenForClientBuilder and AcquireTokenOnBehalfOfBuilder:

cca.AcquireTokenForClient
  .WithFmiPathForClientAssertion(clientAssertionFmiPath)

2. Add a new property ClientAssertionFmiPath in AssertionRequestOptions

class AssertionRequestOptions
{
 //... current properties
  string ClientAssertionFmiPath {get;set;}
}

3. MSAL should provide back the clientAssertionFmiPath in the AssertionRequestOptions.ClientAssertionFmiPath property passed-in to the client assertion delegate.

Alternatives

Do several MSAL calls, but this won't work with IdWeb / MISE

[bgavrilMS]

This is an extensiblity API, so it should go in the extensibility namespace

[bgavrilMS]

@jmprieur - just to clarify an important aspect:

cca.AcquireTokenForClient(aud).WithFmiPathForClientAssertion("path1"); // will invoke the assertion callback and get a token
cca.AcquireTokenForClient(aud).WithFmiPathForClientAssertion("path2"); // will get a token from the cache, irrespective of the assertion instructions