lua-resty-openidc icon indicating copy to clipboard operation
lua-resty-openidc copied to clipboard

Published 20 hours ago verified publisher icon zmartzone

Feature: Support Mutual TLS Client Authentication

Open iwenda opened this issue 5 years ago • 3 comments

Environment
  • lua-resty-openidc version 1.7.0
  • OpenID Connect provider: Keycloak
Expected behaviour

Support for mutual TLS (MTLS) client authentication according to the draft https://tools.ietf.org/html/draft-ietf-oauth-mtls-13 E.g. Keycloak already supports MTLS client authentication and token binding.

Actual behaviour

lua-resty-openidc is not able to establish a MTLS connection with the token endpoint at the moment. This would require capabilities to configure a TLS client certificate for the connection to the token endpoint.

iwenda avatar Apr 02 '19 08:04 iwenda

any progress on this feature? Or maybe there is already a solution available but not reported in this ticket?

freegroup avatar Jul 23 '20 13:07 freegroup

I'm not aware of anybody working on this enhancement request.

bodewig avatar Jul 24 '20 15:07 bodewig

AFAICT it's not supported, there is support for client assertion. I've actually started to implement this, so I'll keep you guys posted (but perhaps you've found a way around the issue? If so... curious what workaround you came up with :-))

UXabre avatar Mar 07 '23 12:03 UXabre