Following the instructions in 4.9. JWT Profile for OAuth 2.0 Authorization Grant does not lead to the documented outcome. It is not clear wether this is a documentation issue, or defect in the service.
- Generate rsa 2048 keypair
- create client with client_id = jwt-bearer-client and secret = password, and Client JWT Bearer Public Key set to the generated public key, and public key selector to X509
- Create a JWT signed with private key, header and payload are :
- Issuing the request
e.g as explained in the documentation.
Expected behaviour, something like:
When configuring a JWT issuer: Agent ID = myJWTIssuer, Issuer: jwt-bearer-client, the outcome becomes :
And then setting the JWK Set in the issuer, access_token is provided:
At the end, the field Client JWT Bearer Public Key in the Signing and Encryption tab does not seem to have any effect, in contradiction to the documentation:
Client JWT Bearer Public Key Certificate Specify the base64-encoded X509 certificate in PEM format. The certificate is never used during the signing process, but is used to obtain the client's JWT bearer public key. The client uses the private key to sign client authentication and access token request JWTs, while AM uses the public key for verification.
It is not clear wether this is a documentation miss, or a feature that is obsolete, or regression after introducing the JWT issuer feature.