[Feature]: [Azure] Support certificate-based flow for requesting access token

[lorenzo-biava]

Motivation

Currently only the client_secret can be used, which is an App password. They are inherently harder to rotate, and cannot be automated (e.g. in Azure through AKV, which supports auto-rotation of certificates).

Instead of only allowing for the client secret, it would be great if the certificate-based flow was supported.

Even better if the certificate could be automatically reloaded if it changes on the file system (this feature would work very well with Kubernetes Secrets Store CSI Driver, allowing an E2E automatic rotation of the App's credentials in AAD).

Possible solution

Implement the certificate-based flow to request access tokens (e.g. in

oauth2-proxy/providers/azure.go

Line 325 in 66bfd8e

params.Add("client_secret", clientSecret)

)

Provider

azure

[lorenzo-biava]

I guess this was already part of proposed PR #2364, and now it's beind delegated to #2390 and #2378

And this issue is basically a duplicate of #1979 , which was closed without having been implemented though