Azure · christothes · Jul 21, 2025 · Jul 23, 2025 · Jul 24, 2025 · Jul 28, 2025
@@ -4,7 +4,8 @@
     <IncludeOperationsSharedSource>true</IncludeOperationsSharedSource>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Azure.Core" />
+    <!-- <PackageReference Include="Azure.Core" /> -->
+    <ProjectReference Include="..\..\..\..\sdk\core\Azure.Core\src\Azure.Core.csproj" />
-    <!-- <PackageReference Include="Azure.Core" /> -->
-    <ProjectReference Include="..\..\..\..\sdk\core\Azure.Core\src\Azure.Core.csproj" />
+    <PackageReference Include="Azure.Core" />
+    <!-- <ProjectReference Include="..\..\..\..\sdk\core\Azure.Core\src\Azure.Core.csproj" /> -->
-    <ProjectReference Include="..\..\..\..\sdk\core\Azure.Core\src\Azure.Core.csproj" />
+    <ProjectReference Include="..\..\Azure.Core\src\Azure.Core.csproj" />
-    <!-- <PackageReference Include="Azure.Core" /> -->
-    <ProjectReference Include="..\..\..\..\sdk\core\Azure.Core\src\Azure.Core.csproj" />
+    <PackageReference Include="Azure.Core" />
+    <!-- <ProjectReference Include="..\..\..\..\sdk\core\Azure.Core\src\Azure.Core.csproj" /> -->
-    <ProjectReference Include="..\..\..\..\sdk\core\Azure.Core\src\Azure.Core.csproj" />
+    <ProjectReference Include="..\..\Azure.Core\src\Azure.Core.csproj" />
     <PackageReference Include="Azure.Identity" />
     <PackageReference Include="Newtonsoft.Json" />
     <PackageReference Include="NUnit" />

@@ -21,6 +21,8 @@ public class MockTransport : HttpPipelineTransport
 
         public bool? ExpectSyncPipeline { get; set; }
 
+        public List<HttpPipelineTransportOptions> TransportUpdates { get; } = [];
+
         public MockTransport()
         {
             RequestGate = new AsyncGate<MockRequest, MockResponse>();
@@ -38,7 +40,7 @@ public MockTransport(params MockResponse[] responses)
             };
         }
 
-        public MockTransport(Func<MockRequest, MockResponse> responseFactory): this(req => responseFactory((MockRequest)req.Request))
+        public MockTransport(Func<MockRequest, MockResponse> responseFactory) : this(req => responseFactory((MockRequest)req.Request))
         {
         }
 
@@ -72,6 +74,11 @@ public override async ValueTask ProcessAsync(HttpMessage message)
             await ProcessCore(message);
         }
 
+        public override void Update(HttpPipelineTransportOptions options)
+        {
+            TransportUpdates.Add(options);
+        }
+
         private async Task ProcessCore(HttpMessage message)
         {
             if (!(message.Request is MockRequest request))

@@ -306,6 +306,8 @@ public partial struct AccessToken
         public AccessToken(string accessToken, System.DateTimeOffset expiresOn) { throw null; }
         public AccessToken(string accessToken, System.DateTimeOffset expiresOn, System.DateTimeOffset? refreshOn) { throw null; }
         public AccessToken(string accessToken, System.DateTimeOffset expiresOn, System.DateTimeOffset? refreshOn, string tokenType) { throw null; }
+        public AccessToken(string accessToken, System.DateTimeOffset expiresOn, System.DateTimeOffset? refreshOn, string tokenType, System.Security.Cryptography.X509Certificates.X509Certificate2 bindingCertificate) { throw null; }
+        public System.Security.Cryptography.X509Certificates.X509Certificate2? BindingCertificate { get { throw null; } set { } }
         public System.DateTimeOffset ExpiresOn { get { throw null; } }
         public System.DateTimeOffset? RefreshOn { get { throw null; } }
         public string Token { get { throw null; } }
@@ -1042,12 +1044,15 @@ public partial class HttpClientTransport : Azure.Core.Pipeline.HttpPipelineTrans
     {
         public static readonly Azure.Core.Pipeline.HttpClientTransport Shared;
         public HttpClientTransport() { }
+        public HttpClientTransport(System.Func<Azure.Core.Pipeline.HttpPipelineTransportOptions, System.Net.Http.HttpClient> clientFactory) { }
+        public HttpClientTransport(System.Func<Azure.Core.Pipeline.HttpPipelineTransportOptions, System.Net.Http.HttpMessageHandler> handlerFactory) { }
         public HttpClientTransport(System.Net.Http.HttpClient client) { }
         public HttpClientTransport(System.Net.Http.HttpMessageHandler messageHandler) { }
         public sealed override Azure.Core.Request CreateRequest() { throw null; }
         public void Dispose() { }
         public override void Process(Azure.Core.HttpMessage message) { }
         public override System.Threading.Tasks.ValueTask ProcessAsync(Azure.Core.HttpMessage message) { throw null; }
+        public override void UpdateTransport(Azure.Core.Pipeline.HttpPipelineTransportOptions options) { }
     }
     public partial class HttpPipeline
     {
@@ -1103,6 +1108,7 @@ protected HttpPipelineTransport() { }
         public abstract Azure.Core.Request CreateRequest();
         public abstract void Process(Azure.Core.HttpMessage message);
         public abstract System.Threading.Tasks.ValueTask ProcessAsync(Azure.Core.HttpMessage message);
+        public virtual void UpdateTransport(Azure.Core.Pipeline.HttpPipelineTransportOptions options) { }
     }
     public partial class HttpPipelineTransportOptions
     {

@@ -306,6 +306,8 @@ public partial struct AccessToken
         public AccessToken(string accessToken, System.DateTimeOffset expiresOn) { throw null; }
         public AccessToken(string accessToken, System.DateTimeOffset expiresOn, System.DateTimeOffset? refreshOn) { throw null; }
         public AccessToken(string accessToken, System.DateTimeOffset expiresOn, System.DateTimeOffset? refreshOn, string tokenType) { throw null; }
+        public AccessToken(string accessToken, System.DateTimeOffset expiresOn, System.DateTimeOffset? refreshOn, string tokenType, System.Security.Cryptography.X509Certificates.X509Certificate2 bindingCertificate) { throw null; }
+        public System.Security.Cryptography.X509Certificates.X509Certificate2? BindingCertificate { get { throw null; } set { } }
         public System.DateTimeOffset ExpiresOn { get { throw null; } }
         public System.DateTimeOffset? RefreshOn { get { throw null; } }
         public string Token { get { throw null; } }
@@ -1042,12 +1044,15 @@ public partial class HttpClientTransport : Azure.Core.Pipeline.HttpPipelineTrans
     {
         public static readonly Azure.Core.Pipeline.HttpClientTransport Shared;
         public HttpClientTransport() { }
+        public HttpClientTransport(System.Func<Azure.Core.Pipeline.HttpPipelineTransportOptions, System.Net.Http.HttpClient> clientFactory) { }
+        public HttpClientTransport(System.Func<Azure.Core.Pipeline.HttpPipelineTransportOptions, System.Net.Http.HttpMessageHandler> handlerFactory) { }
         public HttpClientTransport(System.Net.Http.HttpClient client) { }
         public HttpClientTransport(System.Net.Http.HttpMessageHandler messageHandler) { }
         public sealed override Azure.Core.Request CreateRequest() { throw null; }
         public void Dispose() { }
         public override void Process(Azure.Core.HttpMessage message) { }
         public override System.Threading.Tasks.ValueTask ProcessAsync(Azure.Core.HttpMessage message) { throw null; }
+        public override void UpdateTransport(Azure.Core.Pipeline.HttpPipelineTransportOptions options) { }
     }
     public partial class HttpPipeline
     {
@@ -1103,6 +1108,7 @@ protected HttpPipelineTransport() { }
         public abstract Azure.Core.Request CreateRequest();
         public abstract void Process(Azure.Core.HttpMessage message);
         public abstract System.Threading.Tasks.ValueTask ProcessAsync(Azure.Core.HttpMessage message);
+        public virtual void UpdateTransport(Azure.Core.Pipeline.HttpPipelineTransportOptions options) { }
     }
     public partial class HttpPipelineTransportOptions
     {

@@ -315,6 +315,8 @@ public partial struct AccessToken
         public AccessToken(string accessToken, System.DateTimeOffset expiresOn) { throw null; }
         public AccessToken(string accessToken, System.DateTimeOffset expiresOn, System.DateTimeOffset? refreshOn) { throw null; }
         public AccessToken(string accessToken, System.DateTimeOffset expiresOn, System.DateTimeOffset? refreshOn, string tokenType) { throw null; }
+        public AccessToken(string accessToken, System.DateTimeOffset expiresOn, System.DateTimeOffset? refreshOn, string tokenType, System.Security.Cryptography.X509Certificates.X509Certificate2 bindingCertificate) { throw null; }
+        public System.Security.Cryptography.X509Certificates.X509Certificate2? BindingCertificate { get { throw null; } set { } }
         public System.DateTimeOffset ExpiresOn { get { throw null; } }
         public System.DateTimeOffset? RefreshOn { get { throw null; } }
         public string Token { get { throw null; } }
@@ -1055,12 +1057,15 @@ public partial class HttpClientTransport : Azure.Core.Pipeline.HttpPipelineTrans
     {
         public static readonly Azure.Core.Pipeline.HttpClientTransport Shared;
         public HttpClientTransport() { }
+        public HttpClientTransport(System.Func<Azure.Core.Pipeline.HttpPipelineTransportOptions, System.Net.Http.HttpClient> clientFactory) { }
+        public HttpClientTransport(System.Func<Azure.Core.Pipeline.HttpPipelineTransportOptions, System.Net.Http.HttpMessageHandler> handlerFactory) { }
         public HttpClientTransport(System.Net.Http.HttpClient client) { }
         public HttpClientTransport(System.Net.Http.HttpMessageHandler messageHandler) { }
         public sealed override Azure.Core.Request CreateRequest() { throw null; }
         public void Dispose() { }
         public override void Process(Azure.Core.HttpMessage message) { }
         public override System.Threading.Tasks.ValueTask ProcessAsync(Azure.Core.HttpMessage message) { throw null; }
+        public override void UpdateTransport(Azure.Core.Pipeline.HttpPipelineTransportOptions options) { }
     }
     public partial class HttpPipeline
     {
@@ -1117,6 +1122,7 @@ protected HttpPipelineTransport() { }
         public abstract Azure.Core.Request CreateRequest();
         public abstract void Process(Azure.Core.HttpMessage message);
         public abstract System.Threading.Tasks.ValueTask ProcessAsync(Azure.Core.HttpMessage message);
+        public virtual void UpdateTransport(Azure.Core.Pipeline.HttpPipelineTransportOptions options) { }
     }
     public partial class HttpPipelineTransportOptions
     {

@@ -306,6 +306,8 @@ public partial struct AccessToken
         public AccessToken(string accessToken, System.DateTimeOffset expiresOn) { throw null; }
         public AccessToken(string accessToken, System.DateTimeOffset expiresOn, System.DateTimeOffset? refreshOn) { throw null; }
         public AccessToken(string accessToken, System.DateTimeOffset expiresOn, System.DateTimeOffset? refreshOn, string tokenType) { throw null; }
+        public AccessToken(string accessToken, System.DateTimeOffset expiresOn, System.DateTimeOffset? refreshOn, string tokenType, System.Security.Cryptography.X509Certificates.X509Certificate2 bindingCertificate) { throw null; }
+        public System.Security.Cryptography.X509Certificates.X509Certificate2? BindingCertificate { get { throw null; } set { } }
         public System.DateTimeOffset ExpiresOn { get { throw null; } }
         public System.DateTimeOffset? RefreshOn { get { throw null; } }
         public string Token { get { throw null; } }
@@ -1042,12 +1044,15 @@ public partial class HttpClientTransport : Azure.Core.Pipeline.HttpPipelineTrans
     {
         public static readonly Azure.Core.Pipeline.HttpClientTransport Shared;
         public HttpClientTransport() { }
+        public HttpClientTransport(System.Func<Azure.Core.Pipeline.HttpPipelineTransportOptions, System.Net.Http.HttpClient> clientFactory) { }
+        public HttpClientTransport(System.Func<Azure.Core.Pipeline.HttpPipelineTransportOptions, System.Net.Http.HttpMessageHandler> handlerFactory) { }
         public HttpClientTransport(System.Net.Http.HttpClient client) { }
         public HttpClientTransport(System.Net.Http.HttpMessageHandler messageHandler) { }
         public sealed override Azure.Core.Request CreateRequest() { throw null; }
         public void Dispose() { }
         public override void Process(Azure.Core.HttpMessage message) { }
         public override System.Threading.Tasks.ValueTask ProcessAsync(Azure.Core.HttpMessage message) { throw null; }
+        public override void UpdateTransport(Azure.Core.Pipeline.HttpPipelineTransportOptions options) { }
     }
     public partial class HttpPipeline
     {
@@ -1103,6 +1108,7 @@ protected HttpPipelineTransport() { }
         public abstract Azure.Core.Request CreateRequest();
         public abstract void Process(Azure.Core.HttpMessage message);
         public abstract System.Threading.Tasks.ValueTask ProcessAsync(Azure.Core.HttpMessage message);
+        public virtual void UpdateTransport(Azure.Core.Pipeline.HttpPipelineTransportOptions options) { }
     }
     public partial class HttpPipelineTransportOptions
     {

@@ -3,6 +3,7 @@
 
 using System;
 using System.ClientModel.Primitives;
+using System.Security.Cryptography.X509Certificates;
 
 namespace Azure.Core
 {
@@ -52,6 +53,23 @@ public AccessToken(string accessToken, DateTimeOffset expiresOn, DateTimeOffset?
             TokenType = tokenType;
         }
 
+        /// <summary>
+        /// Creates a new instance of <see cref="AccessToken"/> using the provided <paramref name="accessToken"/> and <paramref name="expiresOn"/>.
+        /// </summary>
+        /// <param name="accessToken">The access token value.</param>
+        /// <param name="expiresOn">The access token expiry date.</param>
+        /// <param name="refreshOn">Specifies the time when the cached token should be proactively refreshed.</param>
+        /// <param name="tokenType">The access token type.</param>
+        /// <param name="bindingCertificate">The binding certificate for the access token.</param>
+        public AccessToken(string accessToken, DateTimeOffset expiresOn, DateTimeOffset? refreshOn, string tokenType, X509Certificate2 bindingCertificate)
+        {
+            Token = accessToken;
+            ExpiresOn = expiresOn;
+            RefreshOn = refreshOn;
+            TokenType = tokenType;
+            BindingCertificate = bindingCertificate;
+        }
+
         /// <summary>
         /// Get the access token value.
         /// </summary>
@@ -72,6 +90,12 @@ public AccessToken(string accessToken, DateTimeOffset expiresOn, DateTimeOffset?
         /// </summary>
         public string TokenType { get; }
 
+        /// <summary>
+        /// Gets or sets the binding certificate for the access token.
+        /// This is used when authenticating via Proof of Possession (PoP).
+        /// </summary>
+        public X509Certificate2? BindingCertificate { get; set; }
+
         /// <inheritdoc />
         public override bool Equals(object? obj)
         {