Open SmotrovaLilit opened 4 years ago
Current implementation client authentication with jwt is not supported rfc 7523 Client Authentication.
In https://github.com/golang/oauth2/blob/master/jwt/jwt.go token request likes as
POST /token.oauth2 HTTP/1.1 Host: as.example.com Content-Type: application/x-www-form-urlencoded grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer &assertion=eyJhbGciOiJFUzI1NiJ9....
In rfc 7523 https://tools.ietf.org/html/rfc7523#section-3 token request likes as:
POST /token.oauth2 Host: as.example.com Content-Type: application/x-www-form-urlencoded grant_type=authorization_code& code=n0esc3NRze7LTCu7iYzS6a5acc3f0ogp4& client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3A client-assertion-type%3Ajwt-bearer& client_assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6IjIyIn0. eyJpc3Mi[...omitted for brevity...]. cC4hiUPo[...omitted for brevity...]
Do you plan to implement rfc7523?
Any update on this?
jordaniversen
commented
2 years ago jordaniversen
commented
2 years ago
Current implementation client authentication with jwt is not supported rfc 7523 Client Authentication.
In https://github.com/golang/oauth2/blob/master/jwt/jwt.go token request likes as
In rfc 7523 https://tools.ietf.org/html/rfc7523#section-3 token request likes as:
Do you plan to implement rfc7523?