-
Notifications
You must be signed in to change notification settings - Fork 254
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable client assertion authentication #66
Comments
Or is it no external dependency at all ? |
Can you ne more precise? |
For all bearer style credentials, it typically boils down to adding something to the POST body, e.g. client_assertion and client_assertion_type Instead of baking in client assertion support directly, I want a generic easy way to add to the POST body (easier than modifying the body in an HTTP handler). Once we have that, you can have helpers that produce the actually assertion and use that new hook to add it to the body. I don't want the assertion producing code in IdentityModel itself. |
The current implementation of the post values authentication style is into an extension method of the |
Proposal : With an
Where the With an
The With a DiscovertClient Factory
The discovery client would be responsible to create a client with the appropriate parameters. What if the AS support multiple authentication methods? |
The more I think about it, I don't like putting these feature in here. IdentityModel should have the building blocks necessary to pass the credentials with the request. Other higher level libraries should implement the smarts you are talking about. TokenClient is all set - introspection & revocation I need to check. I encourage you to write this higher level lib that utilizes IdentityModel. |
Did you even start work on the higher level library I mentioned? |
I put this work in standby for the moment. |
ok . closing then, |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue. |
Endpoints
Styles
Client_secret_jwt require an additional
signingAlgorithm
parameter. The key is the client_secret.private_key_jwt require the additional parameters
signingAlgorithm
and an asymmetric key. The key could be a JWK.Requirement
No dependency to Microsoft JWT package
Integrated within a generic callback when creating the POST body
The text was updated successfully, but these errors were encountered: