-
Type:
Improvement
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:
-
Sprint:AM 2020.16 - Seismometer, AM 2021.1 - Crystalised Sugar
-
Story Points:3
-
Epic Link:
When using OIDC authentication node, the client always authenticates to OIDC provider provider using client_secret_post.
Exit
Node could be configured so that the client uses private_key_jwt for authentication if required.
The implementation should also define a URL to expose the client's public key.
Acceptance Criteria
- Social ID provider node can be configured to use private_key_jwt instead of client_secret_post
- the request contains the appropriate additional request parameters for using private_key_jwt
- the jwt's sub is AM's client ID
- an endpoint exists where OPs can retrieve the public key to verify the JWT signature
- the JWT is signed-then-encrypted
- relates to
-
OPENAM-9779 Allow client to authenticate using private_key_jwt when using OAuth2 OpenID connect authentication module
-
- Closed
-
-
-
- Open
-
