Details
-
Enhancement
-
Status: Closed
-
Major
-
Resolution: Done
-
2.0.0.CR1
-
None
-
None
Description
In the specs http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata there are 2 options, we don't yet support:
token_endpoint_auth_methods_supported
OPTIONAL. JSON array containing a list of Client Authentication methods supported by this
Token Endpoint. The options are client_secret_post, client_secret_basic, client_secret_jwt, and
private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0 [OpenID.Core]. Other
authentication methods MAY be defined by extensions. If omitted, the default is client_secret_basic
-- the HTTP Basic Authentication Scheme specified in Section 2.3.1 of OAuth 2.0 [RFC6749].
token_endpoint_auth_signing_alg_values_supported
OPTIONAL. JSON array containing a list of the JWS signing algorithms (alg values) supported
by the Token Endpoint for the signature on the JWT [JWT] used to authenticate the Client at the
Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods. Servers
SHOULD support RS256. The value none MUST NOT be used.
We can add "client_secret_post", "client_secret_basic", and "private_key_jwt" for token_endpoint_auth_methods_supported and "RS256" for token_endpoint_auth_signing_alg_values_supported.
That should help with OIDC conformance testsuite as there is one test for client_secret_post, which ends with WARNING (we already support client_secret_post, but it just need to be exposed through WellKnown).
Attachments
Issue Links
- blocks
-
KEYCLOAK-3177 Pass OIDC Basic Profile
-
- Closed
-
