2.2.1.6 X-MS-ProxyAuth-Token
The value of this header MUST be set to a serialized JSON Web Token (JWT) bearer request containing details of the token binding information. This header SHOULD be included when the proxy is processing incoming requests from clients that are trying to access the server, and which contain token binding information in the form of the Sec-Token-Binding header defined in [IETFDRAFT-TOKBIND-H] section 2.<2>
-
String = *(%x20-7E) X-MS-ProxyAuth-Token = String
This field must be a serialized JWT, as defined by [RFC7519].
The signing key must be a trust certificate. The x5t header on the JWT must be the byte data of the trust certificate.
-
{ "SerializedTrustCertificate" : "<certificate>" }
The JWT must use the RSA-SHA256 signature algorithm.
The JWT must contain the following two claims, matching the headers specified in [IETFDRAFT-TOKBIND-T] section 2.3:
-
"Sec-Provided-Token-Binding-ID": <provided binding ID from Sec-Token-Binding header on original request> "Sec-Referred-Token-Binding-ID": <referred binding ID from Sec-Token-Binding header on original request>