♻ ODP-RP01 - Authenticate with `private_key_jwt`

GCTC-NTGC / gc-digital-talent

GC Digital Talent is the new recruitment platform for digital and tech jobs in the Government of Canada. // Talents numériques du GC est la nouvelle plateforme de recrutement pour les emplois numériques et technologiques au gouvernement du Canada.

https://talent.canada.ca

GNU Affero General Public License v3.0

22 stars 9 forks source link

♻ ODP-RP01 - Authenticate with `private_key_jwt` #1985

Open petertgiles opened 2 years ago

petertgiles commented 2 years ago

Reference CATS document section 5.1 We should authenticate to the token endpoint using private_key_jwt instead of client_secret_post.

Clients SHOULD authenticate to the authorization server’s token endpoint using a JWT assertion.
Clients using software that cannot support the private_key_jwt method MAY use
the client_secret_basic or client_secret_post methods.

🛑 Blockers

### Blocked By
- [ ] #2572 
- [ ] #4916

petertgiles commented 2 years ago

To support private_key_jwt will we need to generate a keypair and send you the public key to register with the client id?

petertgiles commented 2 years ago

Doug from SiC: Yes, generate a key pair and send them the public key.