Share via


2.2.3.7 x5c

 HTTP/1.1 200 OK
 Content-Type: application/json;charset=UTF-8
 {"x5c"={x5c},"token_type":{token_type},"expires_in":{expires_in},"resource":{resource},"refresh_token":{refresh_token}}

OPTIONAL

The x5c response parameter is optional, and is returned by the AD FS server in response to a successful OAuth logon certificate request. The value returned is a base64-encoded CMS certificate chain or a CMC full PKI response (see [MS-WCCE] section 2.2.2.8).

The AD FS server does not return this parameter unless its ad_fs_behavior_level is AD_FS_BEHAVIOR_LEVEL_2 or higher.

For an example of the x5c response parameter being used, section 4.13.

The format for the x5c response parameter is as follows.

 String = *(%x20-7E)
 x5c = String