Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16895

Allow client to authenticate using private_key_jwt when using OIDC node

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      When using OIDC authentication node, the client always authenticates to OIDC provider provider using client_secret_post.

      Exit

      Node could be configured so that the client uses private_key_jwt for authentication if required.
      The implementation should also define a URL to expose the client's public key.

      Acceptance Criteria

      • Social ID provider node can be configured to use private_key_jwt instead of client_secret_post
      • the request contains the appropriate additional request parameters for using private_key_jwt
      • the jwt's sub is AM's client ID
      • an endpoint exists where OPs can retrieve the public key to verify the JWT signature
      • the JWT is signed-then-encrypted

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                simon.moffatt Simon Moffatt
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated: