3.2.5.2.1.1.2 x-ms-DeviceCredential HTTP header format

The x-ms-DeviceCredential HTTP header is a signed JWT, as defined in section 2.2.1.2,.

The JWT fields MUST be given the following values:<9>

grant_type (OPTIONAL): Set to "device_auth" if present.

iss (OPTIONAL): Set to "aad:brokerplugin" if present.

request_nonce (REQUIRED): A nonce previously obtained from the server by making the request. See section 3.1.5.1.1.

ua_client_id (OPTIONAL): A client_id of the user-agent using this header.

ua_redirect_uri (OPTIONAL): A redirect_uri of the user-agent using this header.

x_client_platform (OPTIONAL): The value is used to inform AAD/server the platform on which this header is created.<10>

win_ver (OPTIONAL): This claim has the operating system version information.<11>

windows_api_version (OPTIONAL): The version value is "2.0.1". This information is used to indicate to the server that the client has the ability to handle nonce challenges.

The signature header fields MUST be given the following values:

typ (REQUIRED): "JWT"

alg (REQUIRED): "RS256"

x5c (REQUIRED): The certificate is used to sign the request, following the format specified in [RFC7515] section 4.1.6.