Support JWT Bearer Client Authentication #59
Comments
jgrandja
changed the title
|
I've implemented client authentication part of this specification. If there are no objections, I'm ready to issue PR as soon as 0.1.2 cycle starts. This implementation contains significant amount of duplicated code (PKCE related) that needs to be factored out, I'm aware of that and plan to take care of it. Branch implementing this feature is here: https://github.com/rlewczuk/spring-authorization-server/tree/jwt-client-auth Update: JWT client authentication is also being implemented in spring-security, so this patch needs to rebased to new spring-security and adapted to new codebase |
|
Here is another part of this epic - JWT assertion grant type: https://github.com/rlewczuk/spring-authorization-server/tree/jwt-assertion-grant In both parts I had to make some design decisions that really need to be reviewed and discussed. Plus I have to review it once again for compliance with RFC (especially error codes). If you have time some time next week, we can start working on this. Update: JWT authentication grants is also being implemented in spring-security, so this patch needs to rebased to new spring-security and adapted to new codebase |
|
Thanks @rlewczuk ! Let's focus on JWT client authentication for I'm pretty backlogged over the next 2 weeks. After |
jgrandja
changed the title
jgrandja
added
type: enhancement
|
What's the status for this feature? |
|
@larsw This is scheduled for |
This feature will deliver Using JWTs for Client Authentication defined in the JSON Web Token (JWT) Profile spec.
The text was updated successfully, but these errors were encountered: