rollupid icon indicating copy to clipboard operation
rollupid copied to clipboard
verified publisher icon proofzero

feat(passport): Enhance the client authentication methods for token exchange

Open betimshahini opened this issue 2 years ago • 0 comments

Our current support is limited to the equivalent of the client_secret_post authentication type for the purpose of authenticating a client at the token exchange stage of the authz flow.

Additional methods should be supported. References:

  • https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
  • https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#name-client-authentication

This ticket tracks:

  • [ ] Feature and design decision
  • [ ] Breakdown of implementation work.

betimshahini avatar Apr 02 '23 17:04 betimshahini