caddy-security icon indicating copy to clipboard operation
caddy-security copied to clipboard
verified publisher icon greenpau

feature: Add support for client certificate instead of client_secret in OIDC

Open johkin opened this issue 7 months ago • 2 comments

A clear and concise description of what you want the system to do.

We have the requirement to use a client certificate to validate the client_id instead of using client_secret, it would be a nice addon if one could specify a client_certificate as a file.

What are the Caddyfile directives that need to be added.

Add Caddyfile directive:

{
  security {
    oauth identity provider generic {
			realm generic
			driver generic
			client_id {env.GENERIC_CLIENT_ID}
			**client_certificate file /etc/ssl/certs/my_client_cert.pem**
			scopes openid email profile
			base_auth_url https://keycloak.myfiosgateway.com/
			metadata_url https://keycloak.myfiosgateway.com/.well-known/openid-configuration
		}
  }
}

johkin avatar Jun 05 '25 07:06 johkin

@johkin , sounds great! PRs are welcomed! 😉

greenpau avatar Jun 05 '25 11:06 greenpau

It would be interesting to look into, but I have no experience in Go and have just started to evaluate Caddy. There are probably other developers better suited for the task! 😊

johkin avatar Jun 05 '25 13:06 johkin