Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add basic auth support for OpenId token endpoint (client_secret_basic) #6617

Closed
agavrilov76 opened this issue Aug 14, 2021 · 1 comment
Closed

Add basic auth support for OpenId token endpoint (client_secret_basic) #6617

agavrilov76 opened this issue Aug 14, 2021 · 1 comment
Assignees
@lachlan-roberts
Labels
Enhancement
Projects
Jetty 9.4.44 FROZEN Jetty 10.0.7/11.0.7 FROZEN

Comments

@agavrilov76
Copy link

Target Jetty version(s)
9, 10, 11

Enhancement Description

Some open ID providers use only Basic Authentication (client_secret_basic) to protect token endpoint(s) as described in https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication. The Jetty's open id module supports only client_secret_post authentication scheme, that is the client secret is posted as a form parameter. It would good to add support for basic auth, or allow developers to easily override that.

Currently, it is possible to register a custom http client with a basic auth module but it is not possible to remove unexpected client_secret parameter.
lachlan-roberts added a commit that referenced this issue Aug 16, 2021
@lachlan-roberts
Issue #6617 - add support for the client_secret_basic authentication …
b91c3fd 
…method

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
@lachlan-roberts lachlan-roberts mentioned this issue Aug 16, 2021
Merged
lachlan-roberts added a commit that referenced this issue Aug 18, 2021
@lachlan-roberts
Issue #6617 - change jetty property name to jetty.openid.authMethod
50798ff 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
@lachlan-roberts lachlan-roberts self-assigned this Aug 18, 2021
@lachlan-roberts lachlan-roberts added this to To do in Jetty 9.4.44 FROZEN via automation Aug 18, 2021
@lachlan-roberts lachlan-roberts added this to To do in Jetty 10.0.7/11.0.7 FROZEN via automation Aug 18, 2021
lachlan-roberts added a commit that referenced this issue Aug 19, 2021
@lachlan-roberts
Issue #6617 - add support for the client_secret_basic authentication …
84a122f 
…method

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts added a commit that referenced this issue Aug 19, 2021
@lachlan-roberts
Issue #6617 - change jetty property name to jetty.openid.authMethod
11c8ea0 
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
@lachlan-roberts lachlan-roberts mentioned this issue Aug 19, 2021
Merged
lachlan-roberts added a commit that referenced this issue Aug 19, 2021
@lachlan-roberts
Merge pull request #6643 from eclipse/jetty-9.4.x-6617-openidBasicAuth
3de9d34 
Issue #6617 - add support for the client_secret_basic authentication method (jetty-9.4)
lachlan-roberts added a commit that referenced this issue Aug 19, 2021
@lachlan-roberts
Merge pull request #6621 from eclipse/jetty-10.0.x-6617-openidBasicAuth
c150ce6 
Issue #6617 - add support for the client_secret_basic authentication method
@lachlan-roberts
Copy link
Contributor

This can now be configured through the constructor of OpenIdConfiguration.

For standalone jetty there is a setting which can be configured in the openid.ini file.
You can set

jetty.openid.authMethod=client_secret_basic

Jetty 9.4.44 FROZEN automation moved this from To do to Done Aug 19, 2021
Jetty 10.0.7/11.0.7 FROZEN automation moved this from To do to Done Aug 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lachlan-roberts lachlan-roberts

Labels
Enhancement
Projects
No open projects
Jetty 10.0.7/11.0.7 FROZEN
Done
Jetty 9.4.44 FROZEN
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@agavrilov76 @lachlan-roberts