You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
https://www.rfc-editor.org/rfc/rfc7523 defines how an incoming or possibly stored JWT bearer token can be exchanged using the JWT bearer token grant (already supported by the OIDC client) or be used to authenticate the client as part of whatever grant requests that are made.
For example, the use case in #38458 is to use the token capturing the current client credentials which is periodically recycled in the cluster thus making it a more secure option to authenticate to the OIDC server.
Implementation ideas
This token is obtained out of band as far as the OIDC client is concerned whose job is to acquire tokens, therefore to support the JWT bearer client authentication at the OIDC client filter level a custom filter is required.
This issue is about making creating such custom filters very easy by only having to extend an abstract class and provide a required assertion property.
Going forward it will also benefit other cases where the OIDC client request parameters have to be provided dynamically at the filter level
The text was updated successfully, but these errors were encountered:
Description
https://www.rfc-editor.org/rfc/rfc7523 defines how an incoming or possibly stored JWT bearer token can be exchanged using the JWT bearer token grant (already supported by the OIDC client) or be used to authenticate the client as part of whatever grant requests that are made.
For example, the use case in #38458 is to use the token capturing the current client credentials which is periodically recycled in the cluster thus making it a more secure option to authenticate to the OIDC server.
Implementation ideas
This token is obtained out of band as far as the OIDC client is concerned whose job is to acquire tokens, therefore to support the JWT bearer client authentication at the OIDC client filter level a custom filter is required.
This issue is about making creating such custom filters very easy by only having to extend an abstract class and provide a required assertion property.
Going forward it will also benefit other cases where the OIDC client request parameters have to be provided dynamically at the filter level
The text was updated successfully, but these errors were encountered: