Closed evansims closed 1 year ago
👋 Thanks for contributing! Please be patient while a maintainer reviews your PR. In the meantime, please make sure you've read our contributing guide.
Base: 100.00% // Head: 100.00% // No change to project coverage :thumbsup:
Coverage data is based on head (
87a7de7
) compared to base (2e23ec4
). Patch coverage: 100.00% of modified lines in pull request are covered.
:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
Description
This PR adds support for Client Assertion, as an alternative to using Client Secrets, when making requests against the Authentication API.
Changes include the introduction of two new SDK configuration properties:
clientAssertionSigningKey
, which accepts anOpenSSLAsymmetricKey
object, a PEM formatted private key as astring
, a file path to a PEM certificate (e.g.file://path/to/file.pem
), ornull
to disable the feature. Defaults tonull
.clientAssertionSigningAlgorithm
, which accepts a string. Defaults toRS256
.When configured, the
clientAssertionSigningKey
will take precedence over any configuredclientSecret
, where appropriate.When passing a string as the value to
clientAssertionSigningKey
, the format can be anything the OpenSSLopenssl_pkey_get_private()
Changes also include a new class,
Auth0\SDK\Token\ClientAssertionGenerator
. This is a template interstitial forAuth0\SDK\Token\Generator
that will apply the necessary configuration to create a JSON Web Token appropriate for use with the Client Assertion feature.Type of change
Checklist