-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support private_key_jwt in OIDC Provider #1062
Comments
CC: @timothy-spencer With this plus nonce support in this PR: #967 -- Is their anything else missing from the generic OIDC Provider that Login.gov needs? |
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed. |
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed. |
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed. |
Could not find a way to use private_key_jwt with OIDC. Am I missing something? The issue still seems open |
Thank you for the link @tuunit , please let me know if there is anything that can be done to help with the PR |
@ghermana if you want to, give it a code review and / or build the branch locally and test if it works for your use case as well. |
This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed. |
The
private_key_jwt
authentication method (as opposed to the client secret) in the OIDC spec seems to be the only aspect we are missing from our OIDC implementation that the LoginGov provider requires that we can't meet with the OIDC ProviderExpected Behavior
Let's support that
private_key_jwt
in the generic OIDC Provider so LoginGov (and any other IdPs that support it) can use it.And then let's look to deprecate LoginGov.
Current Behavior
Only client secret token redeem authentication is supported.
Possible Solution
https://kb.authlete.com/en/s/oauth-and-openid-connect/a/client-auth-private-key-jwt
Look at existing LoginGov provider for implementation details.
Context
Let's simplify the codebase, specifically in the Providers which have a lot of duplication.
The text was updated successfully, but these errors were encountered: