Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-550

Default Token Endpoint Authentication Method is 'client_secret_basic' in OpenAM13

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.0.0
    • Fix Version/s: 4.0.0
    • Component/s: None
    • Labels:
    • Sprint:
      OpenIG Sprint 60, OpenIG Sprint 61

      Description

      The default token endpoint authentication method has been changed in OpenAM 13 (rev. 13543?) to 'client_secret_basic'.
      (specified in Section 2.3.1 of OAuth 2.0 RFC6749)

      In OpenIG, this will cause the getAccessToken to fail with OpenAM13 (see OAuth2Provider#getAccessToken-createRequestForAccessToken)
      as we are using the 'token_endpoint_auth_method' as 'client_secret_post'
      A harcoded boolean was added to the OAuth2Provider.class

          private final boolean tokenEndpointUseBasicAuth = false; // Do we want to make this configurable?
      

      According to openid-connect-registration this attribute should accept other options but if omitted, should use the 'client_secret_basic' as specified in OpenAM13.

      token_endpoint_auth_method
         OPTIONAL. Requested Client Authentication method for the Token Endpoint. The options are client_secret_post, client_secret_basic, 
         client_secret_jwt, private_key_jwt, and none, as described in Section 9 of OpenID Connect Core 1.0 [[OpenID.Core]]. Other 
         authentication methods MAY be defined by extensions. If omitted, the default is client_secret_basic -- the HTTP Basic Authentication Scheme
         specified in Section 2.3.1 of OAuth 2.0 [RFC6749].
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                violette Violette Roche Montane
                Reporter:
                violette Violette Roche Montane
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: