Support for configuring token endpoint authentication method

[haakonst]

Support for configuring token endpoint authentication method with the setting :token_endpoint_auth_method per provider. This defaults to "client_secret_post" which was originally supported. Another method "client_secret_basic" is now also supported, which uses HTTP Basic authentication.

I needed this to support Vipps Login as OIDC provider, which unfortunately doesn't support the "client_secret_post" authentication method.

[andrefau]

+1 for this. I'm in a similar situation, and would rather not fork this repo just for this functionality.

[bcardarella]

This requires test support

[haakonst]

I made an attempt to add a test. For this I had to add a new provider in the config and adapt the mock worker and some of the other tests to handle multiple providers/configs.

[andrefau]

I needed this to support Vipps Login as OIDC provider, which unfortunately doesn't support the "client_secret_post" authentication method.

For what it's worth, I contacted Vipps support and they enabled the "client_secret_post" method for us. I still think it would be nice if this repo supported both methods though.

[larshesel]

Hi @bcardarella is this something you'd consider adding or can I help this along in some way? I'm having the same issue that the IdP I'm using currently only supports the client_id/client_secret as basic auth for the token endpoint.

[bcardarella]

@larshesel There is another effort underway to develop a spec compliant openidconnect. I think that's where the focus for development will be and I've offered up this namespace to them. So for the time being there won't be an additional development on this specific implementation