Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support private_key_jwt in OIDC Provider #1062

Closed
NickMeves opened this issue Feb 23, 2021 · 9 comments
Closed

Support private_key_jwt in OIDC Provider #1062

NickMeves opened this issue Feb 23, 2021 · 9 comments
Assignees
@NickMeves
Labels
enhancement Stale

Comments

@NickMeves
Copy link
Member

The private_key_jwt authentication method (as opposed to the client secret) in the OIDC spec seems to be the only aspect we are missing from our OIDC implementation that the LoginGov provider requires that we can't meet with the OIDC Provider

Expected Behavior

Let's support that private_key_jwt in the generic OIDC Provider so LoginGov (and any other IdPs that support it) can use it.
And then let's look to deprecate LoginGov.

Current Behavior

Only client secret token redeem authentication is supported.

Possible Solution

https://kb.authlete.com/en/s/oauth-and-openid-connect/a/client-auth-private-key-jwt

Look at existing LoginGov provider for implementation details.

Context

Let's simplify the codebase, specifically in the Providers which have a lot of duplication.
@NickMeves NickMeves self-assigned this Feb 23, 2021
@NickMeves
Copy link
Member Author

CC: @timothy-spencer

With this plus nonce support in this PR: #967 -- Is their anything else missing from the generic OIDC Provider that Login.gov needs?

@github-actions
Copy link
Contributor

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

@github-actions github-actions bot added the Stale label Apr 25, 2021
@NickMeves NickMeves removed the Stale label Apr 26, 2021
@github-actions
Copy link
Contributor

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

@github-actions github-actions bot added the Stale label Jun 26, 2021
@NickMeves NickMeves removed the Stale label Jul 2, 2021
@github-actions
Copy link
Contributor

github-actions bot commented Sep 1, 2021

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

@github-actions github-actions bot added the Stale label Sep 1, 2021
@github-actions github-actions bot closed this as completed Sep 9, 2021
@ghermana
Copy link

Could not find a way to use private_key_jwt with OIDC. Am I missing something? The issue still seems open

@tuunit tuunit reopened this Nov 20, 2023
@tuunit
Copy link
Member

tuunit commented Nov 20, 2023
edited

Hi @ghermana,

yes indeed, as of yet this isn't implemented and support. A PR was recently opened: #2305

@tuunit tuunit removed the Stale label Nov 20, 2023
@ghermana
Copy link

Thank you for the link @tuunit , please let me know if there is anything that can be done to help with the PR

@tuunit
Copy link
Member

tuunit commented Nov 21, 2023

@ghermana if you want to, give it a code review and / or build the branch locally and test if it works for your use case as well.

@tuunit tuunit mentioned this issue Nov 21, 2023
Closed
@github-actions GitHub Actions
Copy link
Contributor

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

@github-actions github-actions bot added the Stale label Jan 23, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jan 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@NickMeves NickMeves

Labels
enhancement Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@NickMeves @tuunit @ghermana