thunder-client-support icon indicating copy to clipboard operation
thunder-client-support copied to clipboard

Published 20 hours ago verified publisher icon thunderclient

Add support for Public key / Private key for client credential grant (OIDC)

Open mcrobbj opened this issue 2 years ago • 2 comments

Is your feature request related to a problem? Please describe.

Cant get an access token for client credential grant when it uses Public key / Private key rather than client secret.

Describe the solution you'd like

To be able to use Public key / Private key to get the access token with client credential. So there should be an option to enter the client secret OR the private key that was used to image https://oauth.net/private-key-jwt/

Describe alternatives you've considered

None this is the most secure way of getting an access tokens for machine to machine API' calls as outlined by FAPI

Your Team Size Using TC:

mcrobbj avatar Jan 30 '23 11:01 mcrobbj

Thanks @mcrobbj for the feedback, will review it.

rangav avatar Jan 30 '23 19:01 rangav

I think you may be able to do this with the pre scripts although I am having an issue with that.

async function testFunc() { const jwt = await tc.loadModule('jsonwebtoken'); //const fs = await tc.loadModule('fs'); //https://github.com/rangav/thunder-client-support/blob/master/docs/filters.md#custom-filters console.log("Test log message");

const alg = 'RS256'; //const env = tc.getVar('ENV'); //Used to flip between OIDC providers const tokenEndpoint = tc.getVar(env + '_TOKEN_ENDPOINT'); const clientId = tc.getVar(env + '_CLIENT_ID');// This is produced when you register the app using the public key with the OIDC provider const kid = tc.getVar(env + '_KID'); const privateKey = tc.getVar(env + '_PRIVATE_KEY'); //const privateKey = fs.readFileSync('./private_key.pem');

// JWT payload const payload = { aud: tokenEndpoint, iss: clientId, sub: clientId, iat: Math.floor(Date.now() / 1000), exp: Math.floor(Date.now() / 1000) + 3600 // Expiration time (1 hour from now) };

// Generate the JWT const token = jwt.sign(payload, privateKey, { algorithm: alg, keyid: kid}); //const token = jwt.sign(payload, privateKey, { algorithm: alg}); tc.setVar('TEST', token); return "TEST"; }

module.exports = [testFunc];

I have traced this and it gets as far as the jwt.sign with no console output as to why it has failed

mcrobbj avatar Jul 31 '23 07:07 mcrobbj