Missing upstream capability — documented non-parity.
Current state
Python Teams adapter explicitly rejects certificate-based authentication:
```python
src/chat_sdk/adapters/teams/adapter.py:165-170
if config.certificate:
raise ValidationError(
"teams",
"Certificate-based authentication is not yet supported. "
"Use app_password (client secret) or federated (workload identity) authentication instead.",
)
```
Upstream TS supports cert auth.
Why it matters
Enterprise customers often use cert-based auth for Microsoft Bot Framework registrations — it's recommended over client secrets by the Azure security baseline. Federated (workload identity) is the other production-grade option we support.
Fix
- Accept `certificate` in `TeamsAdapterConfig` (cert PEM + private key PEM)
- Use `msal` cert-credential flow when fetching the Bot Framework token
- Regression test using mock certs
Acceptance
Missing upstream capability — documented non-parity.
Current state
Python Teams adapter explicitly rejects certificate-based authentication:
```python
src/chat_sdk/adapters/teams/adapter.py:165-170
if config.certificate:
raise ValidationError(
"teams",
"Certificate-based authentication is not yet supported. "
"Use app_password (client secret) or federated (workload identity) authentication instead.",
)
```
Upstream TS supports cert auth.
Why it matters
Enterprise customers often use cert-based auth for Microsoft Bot Framework registrations — it's recommended over client secrets by the Azure security baseline. Federated (workload identity) is the other production-grade option we support.
Fix
Acceptance