You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
it seems that configuring an oidc client with auth-method private_key_jwt or client_secret_jwt is possible, but not supported in DefaultTokenEndpointClient.
Do you confirm that there is not support for client_credentials nor authorization_code flows to token endpoints protected with such a mecanism ?
The documentation state that client_secret_basic or client_secret_post shoud be availble but no more precision about other auth method configuration.
We'd like to be able to use the jwt assertion for Oauth2 client authentication toward Authorization Server.
I was able to override this DefaultTokenEndpointClient to support such a thing but wonder why there is no support for this ?
Right now I use some really custom code, none of JwtTokenGenerator, RSASignature or SecretSignature has been used.
I suppose it should be the right way of doing so ?
No property seems to be available to inject private key for the private_key_jwt auth mecanism on OauthClientConfigurationProperties.
Any ideas to the way of configuring a private key inside the configuration ?
In my current implementation I set the client_secret as a base64 encoded jwk private key, decoding the key when sendRequest is called.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
it seems that configuring an oidc client with auth-method private_key_jwt or client_secret_jwt is possible, but not supported in DefaultTokenEndpointClient.
Do you confirm that there is not support for client_credentials nor authorization_code flows to token endpoints protected with such a mecanism ?
The documentation state that client_secret_basic or client_secret_post shoud be availble but no more precision about other auth method configuration.
We'd like to be able to use the jwt assertion for Oauth2 client authentication toward Authorization Server.
I was able to override this DefaultTokenEndpointClient to support such a thing but wonder why there is no support for this ?
Right now I use some really custom code, none of JwtTokenGenerator, RSASignature or SecretSignature has been used.
I suppose it should be the right way of doing so ?
No property seems to be available to inject private key for the private_key_jwt auth mecanism on OauthClientConfigurationProperties.
Any ideas to the way of configuring a private key inside the configuration ?
In my current implementation I set the client_secret as a base64 encoded jwk private key, decoding the key when sendRequest is called.
Beta Was this translation helpful? Give feedback.
All reactions