authlib
authlib copied to clipboard
support for mTLS client authentication (rfc8705)
currently only client_secret_basic
, client_secret_post
or none
are possible to client authentication.
Unfortunately I need tls_client_auth
as described in https://tools.ietf.org/html/rfc8705
It is ClientId and a x509 certificate for mTLS communication.
Is it possible to write a plugin to implement the missing functionality?
best regards
Andreas
@freegroup Hi, you can create a plugin for Authlib. Here is an example that would help you oauth2/rfc7523/auth.py
.
Hi
thanks for the example coding. I already found them but I'm unable to find the point where the request is fired. I need a "request" hook. In the end I add the certs into the "fetch_token" call....which works for the required IDP...but maybe not for all kind of OAuth servers
# OAuth2 client
#
client = OAuth2Session(OIDC_CLIENT_ID, None, scope="openid", redirect_uri=OIDC_CALLBACK_URL)
.
.
.
.
@app.route('/oauth/callback')
def callback():
app.logger.debug("Start OIDC token exchange")
response = client.fetch_token(OIDC_TOKEN_URL, authorization_response=request.url, cert=("./secrets/certificate", "./secrets/key"))
session_info = jwt.decode(response['access_token'])
session['access_token'] = response['access_token']
session['user'] = session_info["user_uuid"]
app.logger.debug("User: "+session['user'])
Any idea how to implement this as a plugin?