Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-3222

WellKnown endpoint doesn't return supported types of client authentication

    XMLWordPrintable

Details

    • Enhancement
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Done
    • 2.0.0.CR1
    • 2.1.0.CR1
    • None
    • None

    Description

      In the specs http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata there are 2 options, we don't yet support:

      token_endpoint_auth_methods_supported
          OPTIONAL. JSON array containing a list of Client Authentication methods supported by this 
      Token Endpoint. The options are client_secret_post, client_secret_basic, client_secret_jwt, and 
      private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0 [OpenID.Core]. Other 
      authentication methods MAY be defined by extensions. If omitted, the default is client_secret_basic 
      -- the HTTP Basic Authentication Scheme specified in Section 2.3.1 of OAuth 2.0 [RFC6749]. 
      
      token_endpoint_auth_signing_alg_values_supported
          OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported 
      by the Token Endpoint for the signature on the JWT [JWT] used to authenticate the Client at the 
      Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods. Servers 
      SHOULD support RS256. The value none MUST NOT be used. 
      

      We can add "client_secret_post", "client_secret_basic", and "private_key_jwt" for token_endpoint_auth_methods_supported and "RS256" for token_endpoint_auth_signing_alg_values_supported.

      That should help with OIDC conformance testsuite as there is one test for client_secret_post, which ends with WARNING (we already support client_secret_post, but it just need to be exposed through WellKnown).

      Attachments

        Issue Links

          Activity

            People

              mposolda@redhat.com Marek Posolda
              mposolda@redhat.com Marek Posolda
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: