Evaluate private_key_jwt as endpoint auth

Reposoft / openidc-keycloak-test

zmartzone/mod_auth_openidc and keycloak combined - self hosted cloud auth

19 stars 6 forks source link

Evaluate private_key_jwt as endpoint auth #7

Closed solsson closed 6 years ago

solsson commented 7 years ago

In #6 I'm unsure which method to prefer in production, of client_secret_basic and client_secret_post. Or maybe we should try to exemplify private_key_jwt in the test config.

solsson commented 7 years ago

After mod_auth_openidc 2.0.1 is released, and until this evaluation is done, we can remove the endpoint auth directive from https://github.com/pingidentity/mod_auth_openidc/wiki/Keycloak, thanks to b0b30fe

solsson commented 6 years ago

Confirmed again with 2.3.3 that OIDCProviderTokenEndpointAuth isn't needed with Keycloak's default settings for confidential OpenID Connect type client.

I have seen it help with a badly configured realm though. But that doesn't fix the root cause :)

C0rn3j commented 1 month ago

That wiki page still has the OIDCProviderTokenEndpointAuth key value, shouldn't that have been removed?