This PR completely revamps how client authentication is implemented in the OpenIddict client by adopting the same negotiation logic that allows controlling what grant_type/response_type/response_mode/code_challenge_method is used for authorization or token requests.
It also implements complete tls_client_auth and self_signed_tls_client_auth support in the OpenIddict client for all endpoints (device authorization, token, introspection and revocation). It also implements mTLS support for userinfo requests, since it is required to support servers that issue certificate-bound access tokens.
Note: for consistency, mTLS was also added in the validation stack for introspection requests.
Fixes https://github.com/openiddict/openiddict-core/issues/2186.
This PR completely revamps how client authentication is implemented in the OpenIddict client by adopting the same negotiation logic that allows controlling what
grant_type/response_type/response_mode/code_challenge_methodis used for authorization or token requests.It also implements complete
tls_client_authandself_signed_tls_client_authsupport in the OpenIddict client for all endpoints (device authorization, token, introspection and revocation). It also implements mTLS support for userinfo requests, since it is required to support servers that issue certificate-bound access tokens.Note: for consistency, mTLS was also added in the validation stack for introspection requests.