Skip to content

Honor access token type in bearer auth policy#49542

Open
rohitsinghal4u wants to merge 1 commit into
mainfrom
rohit/msi-token-binding-core-java
Open

Honor access token type in bearer auth policy#49542
rohitsinghal4u wants to merge 1 commit into
mainfrom
rohit/msi-token-binding-core-java

Conversation

@rohitsinghal4u

@rohitsinghal4u rohitsinghal4u commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Updates BearerTokenAuthenticationPolicy to use AccessToken.getTokenType() when setting the Authorization header. This is a Core prerequisite for PoP/MSI token binding flows while preserving Bearer as the default.\n\nValidation:\n- mvn -pl sdk/core/azure-core -Dtest=BearerTokenAuthenticationPolicyTests test -DskipCheckStyle=true -DskipRevapi=true -Dgpg.skip=true -q

@singhalrohit4u
Honor access token type in bearer auth policy
c736037 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 17, 2026 23:40
@github-actions github-actions Bot added the Azure.Core azure-core label Jun 17, 2026
Copilot AI reviewed Jun 17, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Not ready to approve

The new null/empty token-type fallback branch is not currently covered by tests, leaving the defaulting behavior unverified.

Pull request overview

Updates BearerTokenAuthenticationPolicy in azure-core to honor AccessToken.getTokenType() when forming the Authorization header, enabling non-Bearer schemes (e.g., Pop) while retaining Bearer as the default behavior.

Changes:

  • Use AccessToken (including tokenType) when setting the Authorization header in both async and sync flows.
  • Add new unit tests asserting that a non-default token type (e.g., Pop) is used in the Authorization header.
File summaries
File Description
sdk/core/azure-core/src/main/java/com/azure/core/http/policy/BearerTokenAuthenticationPolicy.java Switch header construction to incorporate AccessToken.getTokenType() with a fallback to Bearer.
sdk/core/azure-core/src/test/java/com/azure/core/http/policy/BearerTokenAuthenticationPolicyTests.java Add async and sync tests validating that tokenType is reflected in the Authorization header.

Copilot's findings

  • Files reviewed: 2/2 changed files
  • Comments generated: 1

Note

Your feedback helps us improve the quality of this feature.
Please use 👍 or 👎 to tell us whether this assessment is correct.

Comment thread ...zure-core/src/test/java/com/azure/core/http/policy/BearerTokenAuthenticationPolicyTests.java
}
assertEquals("Pop token", authorizationHeader.get());
}

@g2vinay

g2vinay commented Jun 23, 2026

Copy link
Copy Markdown
Member

the mTLS token binding support is not available currently in downstream SDKs.
Identity SDK will be driving the changes there and update the policy as needed here.
Logically, based on impl details, this policy might support both the flows.
This change is not required at this stage, until the feature rolls out in Identity SDK.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@alzimmermsft alzimmermsft Awaiting requested review from alzimmermsft alzimmermsft is a code owner

@samvaity samvaity Awaiting requested review from samvaity samvaity is a code owner

@srnagar srnagar Awaiting requested review from srnagar srnagar is a code owner

@vcolin7 vcolin7 Awaiting requested review from vcolin7 vcolin7 is a code owner

@JonathanGiles JonathanGiles Awaiting requested review from JonathanGiles JonathanGiles is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Azure.Core azure-core

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rohitsinghal4u @g2vinay @singhalrohit4u