JWT bearer tokens client authentication

[F21]

In PR #25, we have support for JWT as Authorization Grants

Now, we need support for JWT as Client Authentication

[F21]

Before I start on this, what do you think about implementing the plugin architecture as mentioned earlier before doing this?

[bshaffer]

I don't think it will be happening any time soon. Code away!

[bshaffer]

One thing I wouldn't mind seeing is an interface for the ExtensionGrantType, so JWT and any other types can extend those.

[F21]

@bshaffer Just revisiting this (its been a while!).

Latest spec for JWT is here.

For JWT client authentication, it is basically piggy backing on the authorization_code grant type. So we can either put the code for that into the AuthorizationCode grant type or perhaps provide some modular approach.

I personally favour a more modular approach, but am unsure how this can be done. Any ideas 😄 ?

[bshaffer]

Well, I DO like the word "modular" :)

As long as it implements a common interface I am cool with either approach... extending a base class or duplicating the code. Our "built in" JWT client assertion could just extend the AuthorizationCode grant type wholesale.

Honestly, I'd have to wrap my brain around the problem a little more. I will definitely look into it, and offer feedback to any code you submit!

[bshaffer]

I may be missing something, but I believe this is already done. JWTBearer now implements ClientAssertionTypeInterface. This means, if we want to use it for client assertions, we just need to pass it in to the TokenController object when we create it.

There is still the issue that there is no way to pass this in to the Server class. However, if we add this, we should be good to go.

[F21]

@bshaffer I will have a look at it over the next few days (pretty busy atm) and get back to you 😄

[F21]

Thanks to @bshaffer, ClientAssertionTypeInterface is implemented, client authentication is now supported. Now, we just need to find a way to pass this to the Server.