Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13582

token_endpoint_auth_signing_alg_values_supported not implemented

    Details

    • Needs backport:
      Yes
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      The token_endpoint_auth_signing_alg_values_supported, as described in https://openid.net/specs/openid-connect-discovery-1_0.html, should be populated by the well-known.
      The goad of this field is to list all the JWS algorithm you are allowed to use when using private_key_jwt.

      • the AM admin system should be able to set the list of algorithm support
      • AM should return those values in the well-known
      • AM should verify that the user is indeed using an algorithm supported, when using private_key_jwt on the token endpoint

      How to reproduce the issue

      1) well known

      Call the well-known

      2) token endpoint

      Call the token endpoint with a non supported algorithm

      Expected behaviour

      1) well known
      token_endpoint_auth_signing_alg_values_supported populated
      2) token endpoint
      An error saying the algorithm is not supported

      Current behaviour

      1) well known
      not populated
      2) token endpoint
      AM support all the algorithms, so can't be tested

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                phillcunnington Phill Cunnington
                Reporter:
                quentin.castel Quentin CASTEL [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: