search

erlef / oidcc

OpenId Connect client library in Erlang & Elixir
https://hexdocs.pm/oidcc
Apache License 2.0
184 stars 49 forks source link

ability to override preferred token auth methods #289

Closed paulswartz closed 1 year ago

paulswartz commented 1 year ago

Description

Currently, the order is hard-coded here: https://github.com/erlef/oidcc/blob/main/src/oidcc_token.erl#L879-L886

However, some Identity Providers (Keycloak, at least), by default won't accept any authentication type, even ones which it nominaly supports. Instead, each client is configured with a particular authorization type. If I set the authorization type in Keycloak to client_secret_jwt then everything is fine. The default is client_secret_post, which fails out of the box.

Ideally, it would be possible to override the preferred authentication type, at least with the retrieve_token call.

maennchen commented 1 year ago

@paulswartz Sure, this would be a welcome addition.

It would probably make sense to add preferred_auth_methods to retrieve_opts. (As an ordered list of methods to try.)

A PR would be welcome for that.

maennchen commented 1 year ago

Closing in favor of PR