New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KEYCLOAK-5811 OIDC Client Authentication by JWS Client Assertion in client_secret_jwt #4835
Conversation
@tnorimat Thanks for the PR. Great work! Just few things:
|
Thank you for your comments. I've moved testrealm-jwt-client-secret.json file under directory "client-auth-test". And as you said, I've revised test codes for client adapters so that OIDC Filter adapter also executes this tests. |
Due to my other pull request (#4719), the unit test failed. |
Great work, Thanks! Few last things:
|
I've tried to squash 5 commits onto one commit by rebase and squash but failed. Aside from that, I'm now preparing documentation. |
The PR for documentation is keycloak/keycloak-documentation#297 |
@tnorimat For squash commits, I am using command (number 5 refers to your 5 commits): Thanks for the docs! Going to take a look. |
Thank you for your advice. I have followed what you had said but failed. I'm afraid that the reason why rebase failed is due to merging master branch into my topic branch on 2b11af3 . At that time, I've resolved the conflicts and merged on github so that this PR includs several commits other than my 5 commits (131 in total) It might be resolved if you close this PR and I newly issue PR by squashed one commit. Would you have any other good idea? |
@tnorimat Yes, I see. That should work if you prefer it. That's why I like "rebase" much more than "merge" . So closing this now. BTV. Very useful command is also "git cherry-pick" . You can checkout latest master, then cherry-pick the commits from this your branch (excluding merge commits) and finally squash the cherry-picked commits into single one. Good luck. |
BTV. your documentation PR is fine and approved. So squashing commits here is only remaining thing. |
Thank you for your kindly advice. I'll try again. |
I've implemented JWS Client Assertion On Client Authentication in "client_secret_jwt" on both authorization server and client adapter (keycloak-adapter-core) side.
JIRA issue is as follows.
https://issues.jboss.org/browse/KEYCLOAK-5811
And I've also wrote and executed Arquillian integration tests for both authorization server and client adapter (keycloak-adapter-core) side.
I recognized that it also needs documentation on the manual. I'd like to do it afterwards if this PR be accepted.
here is the brief summary of its specification.
[Concept]
Section: 4.2. Using Assertions for Client Authentication
Section: 2.2. Using JWTs for Client Authentication
[Authorization Server Realm Representation]
[Client Adapter Representation(keycloak.json)]
[Following Standard]
URL: http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
Title: OpenID Connect Core 1.0 incorporating errata set 1
Section: 9. Client Authentication
Part: client_secret_jwt