You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The JwtBearerClientAssertionSecretParser already support the parsing of the client assertion but it looks like it assumes that the authentication method can only be private_key_jwt.
There is no ISecretValidator that support client_secret_jwt authentication method.
A workaround is to register a custom ISecretValidator and register it in DI but the discovery document is not impacted.
The text was updated successfully, but these errors were encountered:
Hi, thanks for getting in touch. We'll consider this feature request for a future release. In the meantime, your workaround seems like a reasonable approach. The discovery document's token_endpoint_auth_methods_supported property is built by the ISecretsListParser.GetAvailableAuthenticationMethods method, which by default builds the list based on the registered ISecretParsers, as well as looking at mTLS settings. You could customize that method to change the discovery document. Another option to explore is to possibly implement the ISecretParser for client_secret_jwt, but it's not immediately obvious to me how you would distinguish client secret jwts vs private key jwts. Probably the simplest thing is to just customzie GetAvailableAuthenticationMethods.
Which version of Duende IdentityServer are you using?
6.2.*
Describe the bug
N/A
Additional context
The client authentication mechanism
client_secret_jwt
is not supported. please see OpenIdConnect Core - Client Authentication.The
JwtBearerClientAssertionSecretParser
already support the parsing of the client assertion but it looks like it assumes that the authentication method can only beprivate_key_jwt
.There is no
ISecretValidator
that supportclient_secret_jwt
authentication method.A workaround is to register a custom
ISecretValidator
and register it in DI but the discovery document is not impacted.The text was updated successfully, but these errors were encountered: