This page is intended as a place to gather all the MS specification documents that Himmelblau implements, as well as comments about the accuracy of the specs.

  • [MS-OAPX]: OAuth 2.0 Protocol Extensions
  • Used in the MSAL PublicClientApplication for general authentication.
  • [MS-OAPXBC]: OAuth 2.0 Protocol Extensions for Broker Clients
  • Used in the MSAL BrokerClientApplication for PRT requests.
  • [MS-DVRJ]: Device Registration Join Protocol
  • Sections 3.1.5.1.1.1 and 3.1.5.1.1.2 are mostly accurate and used in [MS-DRS] Section 2.1.
  • [MS-DVRE]: Device Registration Enrollment Protocol
  • This protocol appears to be used by the DRS service in Azure to enroll the client device. Section 2.3.3 Alt-Security-Identities matches the device object which is created within the directory. The client does not use this protocol, but is useful as a reference.
  • [MS-DVRD]: Device Registration Discovery Protocol
  • Accurate, but missing many services, see [MS-DRS] Section 3.1.
  • [MS-KPP]: Key Provisioning Protocol
  • This is used by MSAL to provision a Windows Hello for Business key. The process for requesting a PRT using that key does not appear to be document (although MSAL copies Windows behavior here to request the PRT).