IUA handling of client authentication

ehealthsuisse / ch-epr-fhir

Repository for the swiss implementation guide for the FHIR based profiles

3 stars 5 forks source link

IUA handling of client authentication #19

Closed oliveregger closed 1 year ago

oliveregger commented 3 years ago

How is client authentication is handled with the Authorization Server? Should the token_endpoint_auth_methods be further defined?

oliveregger commented 3 years ago

see 3.103.4.2.2 Message Semantics, https://profiles.ihe.net/ITI/IUA/index.html

oliveregger commented 3 years ago

same client authentication method as for next version of annex 8 will be proposed (open id connect fixes that)

msmock commented 1 year ago

Clients shall be authenticated against the Identity Provider via a digital signature of the request token. The clients shall not be authenticated explicitly in the IUA Authorization Server, only implicitly via the IdP token of the authenticated user session. Thus technical user are currently not allowed in IUA.