ClientSignedAssertion.Assertion Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Represents the client assertion (JWT) and optional mutual‑TLS binding certificate returned
by the clientAssertionProvider callback supplied to
WithClientAssertion(Func<AssertionRequestOptions,CancellationToken,Task<ClientSignedAssertion>>).
public string Assertion { get; set; }member this.Assertion : string with get, setPublic Property Assertion As StringProperty Value
Remarks
MSAL forwards Assertion to the token endpoint as the client_assertion parameter. When mutual‑TLS Proof‑of‑Possession (PoP) is enabled on the application and a TokenBindingCertificate is provided, MSAL sets client_assertion_type to urn:ietf:params:oauth:client-assertion-type:jwt-pop; otherwise it uses jwt-bearer.
Guidance on constructing the client assertion (required claims, audience, and lifetime) is available at aka.ms/msal-net-client-assertion. The assertion is created by your callback; MSAL does not modify or re‑sign it. **Note:** It is up to the caller to cache the assertion and certificate if reuse is desired.