Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: Store client authentication method in JWT #2385

Merged
merged 9 commits into from
Jul 12, 2023
Merged

feature: Store client authentication method in JWT #2385

merged 9 commits into from
Jul 12, 2023

Conversation

strehle
Copy link
Member

@strehle strehle commented Jun 22, 2023
edited
Loading

Why: UAA historical supported only secret based client authentication, so no need to have this information on client side.
UAA supports until now client_secret_basic and client_secret_post from section 9 of standard:
See: https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication

Now there is the public usage, later private_key_jwt should be supported. Maybe then tls_client_auth.

Because of the support of other client authentication methods, the information might be needed or at least helpful for clients.

To be compatible. We add this information only if another (new) authentication was used. New means public and later private_key_jwt. So the new claim in token will only appear if a new method was used.

This PR should serve for solving

@strehle
Store client authentication method in JWT
bfd72d2 
Why: UAA historical supported only secret based client authentication, so no need to have this information on client side.
No there is a public usage, later private_key_jwt should be supported. Maybe then tls_client_auth.
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/185462863

The labels on this github issue will be updated when the story is started.

@strehle strehle mentioned this pull request Jun 22, 2023
Closed
@strehle strehle marked this pull request as draft June 22, 2023 15:59
@strehle strehle changed the title Store client authentication method in JWT feature: Store client authentication method in JWT Jun 23, 2023
@strehle strehle marked this pull request as ready for review July 7, 2023 07:20
@strehle strehle added this to the 76.17.0 milestone Jul 11, 2023
@strehle strehle merged commit b7c4c78 into develop Jul 12, 2023
18 checks passed
@strehle strehle deleted the feature/client_auth/storeIt branch July 12, 2023 04:48
@swalchemist swalchemist mentioned this pull request Jul 12, 2023
Closed
@cf-gitbot cf-gitbot added delivered accepted Accepted the issue and removed delivered labels Jul 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adrianhoelzl-sap adrianhoelzl-sap adrianhoelzl-sap approved these changes

@tack-sap tack-sap Awaiting requested review from tack-sap

@torsten-sap torsten-sap Awaiting requested review from torsten-sap

Assignees
No one assigned
Labels
accepted Accepted the issue
Projects
Foundational Infrastructure Working Group
Archived in project
Milestone
76.17.0
Development

Successfully merging this pull request may close these issues.
3 participants
@strehle @cf-gitbot @adrianhoelzl-sap