Closed Benderinho closed 1 year ago
Hello, we are in the process of building new OIDC frontends based on idpy-oidc and moving away from pyop
, pyoidc
/oic
, and underlying libs.
You can find such a frontend here: https://github.com/UniversitaDellaCalabria/SATOSA-oidcop and we will be updating https://github.com/IdentityPython/SATOSA/blob/master/doc/README.md#external-contributions with more pointers, hopefully soon.
I don't think that we should invest on the current oidc-frontend. But if you (or anybody) wants to do that, please go forward with a PR. The current oidc-frontend is not going away, but it will be there for some as a possible choice.
I configured an openid frontend, the/.well-known/openid-configuration lists only one supported token_endpoint_auth_methods_supported: client_secret_basic
The other 3 methods from oidc specs are not listed (client_secret_post, client_secret_jwt, private_key_jwt) - are they not yet supported in satosa openid frontends? I did not find any config option to change token_endpoint_auth_methods_supported for openid frontend.
Code Version
SATOSA version 8.2.0
Expected Behavior
Client authentication method client_secret_post should be supported by OIDC frontend.
Current Behavior
The only listed client authentication method is client_secret_basic. My client wants to use client_secret_post, so it fails with this error in satosa log:
Possible Solution
Support client_secret_post method or all client authentication methods from oidc specs.
Steps to Reproduce