From 463c98518cafc2515dba97b8ffa21f8e28b15bb4 Mon Sep 17 00:00:00 2001
From: Gladwin Johnson <90415114+gladjohn@users.noreply.github.com>
Date: Mon, 1 Apr 2024 17:18:44 -0700
Subject: [PATCH] Temporary Workaround for AAD JWT Token Signing Algorithm
 Issue (#4692)

force set IsSha2CredentialSupported to false

Co-authored-by: Gladwin Johnson <gljohns@microsoft.com>
---
 .../AppConfig/AuthorityInfo.cs                     |  5 +----
 .../ApiConfigTests/AuthorityTests.cs               | 14 +++++++-------
 2 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs b/src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs
index 8a26e3ec43..ad6a5a4057 100644
--- a/src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs
+++ b/src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs
@@ -141,10 +141,7 @@ private AuthorityInfo(
         /// <summary>
         /// True if SHA2 and PSS can be used for creating the client credential from a certificate 
         /// </summary>
-        internal bool IsSha2CredentialSupported =>
-            AuthorityType != AuthorityType.Dsts &&
-            AuthorityType != AuthorityType.Generic &&
-            AuthorityType != AuthorityType.Adfs;
+        internal bool IsSha2CredentialSupported => false; 
 
         #region Builders
         internal static AuthorityInfo FromAuthorityUri(string authorityUri, bool validateAuthority)
diff --git a/tests/Microsoft.Identity.Test.Unit/ApiConfigTests/AuthorityTests.cs b/tests/Microsoft.Identity.Test.Unit/ApiConfigTests/AuthorityTests.cs
index 4a881bcadc..deb1356782 100644
--- a/tests/Microsoft.Identity.Test.Unit/ApiConfigTests/AuthorityTests.cs
+++ b/tests/Microsoft.Identity.Test.Unit/ApiConfigTests/AuthorityTests.cs
@@ -104,15 +104,15 @@ public void WithTenantIdAtRequestLevel_NonAad(string inputAuthority)
         }
 
         [DataTestMethod]
-        [DataRow(TestConstants.AuthorityCommonTenant, true)]
-        [DataRow(TestConstants.AuthorityCommonPpeAuthority, true)]
+        [DataRow(TestConstants.AuthorityCommonTenant, false)]
+        [DataRow(TestConstants.AuthorityCommonPpeAuthority, false)]
         [DataRow(TestConstants.DstsAuthorityCommon, false)]
         [DataRow(TestConstants.DstsAuthorityTenanted, false)]
-        [DataRow(TestConstants.CiamAuthorityMainFormat, true)]
-        [DataRow(TestConstants.CiamAuthorityWithFriendlyName, true)]
-        [DataRow(TestConstants.CiamAuthorityWithGuid, true)]
-        [DataRow(TestConstants.B2CAuthority, true)]
-        [DataRow(TestConstants.B2CCustomDomain, true)]
+        [DataRow(TestConstants.CiamAuthorityMainFormat, false)]
+        [DataRow(TestConstants.CiamAuthorityWithFriendlyName, false)]
+        [DataRow(TestConstants.CiamAuthorityWithGuid, false)]
+        [DataRow(TestConstants.B2CAuthority, false)]
+        [DataRow(TestConstants.B2CCustomDomain, false)]
         [DataRow(TestConstants.ADFSAuthority, false)]
         public void IsSha2Supported(string inputAuthority, bool expected)
         {