New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add basic auth support for OpenId token endpoint (client_secret_basic) #6617
Comments
lachlan-roberts
added a commit
that referenced
this issue
Aug 16, 2021
…method Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts
added a commit
that referenced
this issue
Aug 18, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts
added a commit
that referenced
this issue
Aug 19, 2021
…method Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts
added a commit
that referenced
this issue
Aug 19, 2021
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
lachlan-roberts
added a commit
that referenced
this issue
Aug 19, 2021
Issue #6617 - add support for the client_secret_basic authentication method (jetty-9.4)
lachlan-roberts
added a commit
that referenced
this issue
Aug 19, 2021
Issue #6617 - add support for the client_secret_basic authentication method
This can now be configured through the constructor of For standalone jetty there is a setting which can be configured in the
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Target Jetty version(s)
9, 10, 11
Enhancement Description
Some open ID providers use only Basic Authentication (
client_secret_basic
) to protect token endpoint(s) as described in https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication. The Jetty's open id module supports onlyclient_secret_post
authentication scheme, that is the client secret is posted as a form parameter. It would good to add support for basic auth, or allow developers to easily override that.Currently, it is possible to register a custom http client with a basic auth module but it is not possible to remove unexpected
client_secret
parameter.The text was updated successfully, but these errors were encountered: