feature: add persistence support for private_key_jwt client authentication #2449
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BaseClientDetails from spring security oauth2 cannot be changed, therefore more to UaaClientDetails for client details load
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/185883453 The labels on this github issue will be updated when the story is started. |
strehle
force-pushed
the
feature/issue/2235/jwtTrustConfig
branch
from
c7fd688
to
596feb0
Compare
Allow to setup jwks_uri and jwks, similar to OIDC proxy mode with tokenKeyUrl and tokenKey. The private_key_jwt metadata is stored in additional_information (could be switched to own column) The setup can be done from REST and yaml.
strehle
force-pushed
the
feature/issue/2235/jwtTrustConfig
branch
from
596feb0
to
bf61c5d
Compare
…sue/2235/jwtTrustConfig
…sue/2235/refactorClient
…sue/2235/refactorClient
…sue/2235/jwtTrustConfig
…nt_details additional_information is not used anymore
strehle
changed the title
…sue/2235/refactorClient
Even if UaaClientDetails is used the addClientDetails method can be used and therefore it does not make sense to have 2 add methods
…sue/2235/refactorClient
…oundry/uaa into feature/issue/2235/jwtTrustConfig
…ithub.com:cloudfoundry/uaa into feature/issue/2235/jwtTrustConfig
…sue/2235/jwtTrustConfig
hsinn0
requested changes
Sep 16, 2023
model/src/main/java/org/cloudfoundry/identity/uaa/oauth/client/ClientJwtChangeRequest.java
Outdated
Show resolved
Hide resolved
model/src/main/java/org/cloudfoundry/identity/uaa/oauth/client/ClientJwtChangeRequest.java
Show resolved
Hide resolved
server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminBootstrap.java
Show resolved
Hide resolved
server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpoints.java
Show resolved
Hide resolved
server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsValidator.java
Outdated
Show resolved
Hide resolved
server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientJwtConfiguration.java
Show resolved
Hide resolved
This can be used for JWT client trust configuration calls Similar to clients.secret
…sue/2235/jwtTrustConfig
hsinn0
approved these changes
Sep 19, 2023
strehle
added a commit
that referenced
this pull request
Oct 12, 2023
#2507) * feature: add runtime support for private_key_jwt client authentication More details in #2449, in #2433 as this PR include #2433. -> because to have smaller review packages Enable the validation of client_assertion as replacement for client_secret Add private_key_jwt as client_auth_method into tokens. * review * fix smells from sonar https://sonarcloud.io/summary/new_code?id=cloudfoundry-identity-parent&pullRequest=2507
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
More details in #2433 as this PR include #2433. -> because to have smaller review packages
Allow to setup jwks_uri and jwks, similar to OIDC proxy mode with tokenKeyUrl and tokenKey. The private_key_jwt metadata is stored in additional_information (could be switched to own column)
The setup can be done from REST and yaml.