You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add Token authentication config to OpenID Connect configuration
Description
Currently we always use the Authorization header when calling the Token endpoint which is the client_secret_basic method. However, we also add the client_id to the request body which is technically client_secret_post even though we aren't passing the client_secret in the body.
Some IdPs don't like this and will error. Here is an example from Okta
{
"error": "invalid_request",
"error_description": "Cannot supply multiple client credentials. Use one of the following: credentials in the Authorization header, credentials in the post body, or a client_assertion in the post body."
}
So as we have in FusionAuth, we need to add a configuration option to select which authentication method works with your IdP and then choose one or the other based upon this configuration.
Add Token authentication config to OpenID Connect configuration
Description
Currently we always use the
Authorization
header when calling the Token endpoint which is theclient_secret_basic
method. However, we also add theclient_id
to the request body which is technicallyclient_secret_post
even though we aren't passing theclient_secret
in the body.Some IdPs don't like this and will error. Here is an example from Okta
So as we have in FusionAuth, we need to add a configuration option to select which authentication method works with your IdP and then choose one or the other based upon this configuration.
Related
The text was updated successfully, but these errors were encountered: