I'm writing this here to document my experience somewhere on the internet, so anyone else searching for this can save a few hours.
I kept getting the following error when trying to authenticate using Microsoft's client assertion certificate. The error was as follows:
"AADSTS700027: The certificate with identifier used to sign the client assertion is not registered on application. [Reason - The key was not found., Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id '34ed65a2-xxxx-xxxx-xxxx-xxxxxxxxxxxx'"
Couldn't find anything online specific to Ruby, but found enough clues to indicate it was likely a problem with the "x5t#S256" certificate hash/thumbprint. Anyway, find my method below for generating a client assertion using Ruby. I've pulled it from a class so there's some class variable in there which I've commented on.
require 'jwt' # gem install jwt# @certificate_path = Path to PFX# @certificate_passphrase = Passphrase for PFX# @client_id = Client ID of Entra-registered app# @tenant_id = Tenant ID of Microsoft Entra tenancydef client_assertion pkcs = pkcs = OpenSSL::PKCS12.new(File.read(@certificate_path), @certificate_passphrase) claims = {"nbf": Time.now.to_i - 300,"exp": Time.now.to_i + 300,"jti": SecureRandom.uuid,"iss": @client_id,"sub": @client_id,"aud": "https://login.microsoftonline.com/#{@tenant_id}/oauth2/token" } JWT.encode(claims, pkcs.key, 'PS256', {'typ': 'JWT', 'x5t#S256': Base64.urlsafe_encode64(OpenSSL::Digest::SHA256.new(pkcs.certificate.to_der).digest)})endMicrosoft documentation can be found here: