search

quarkusio / quarkus

Quarkus: Supersonic Subatomic Java.
https://quarkus.io
Apache License 2.0
13.81k stars 2.68k forks source link

Default to OIDC client post authentication method if the provider lists it as the only supported method #22032

Open sberyozkin opened 2 years ago

sberyozkin commented 2 years ago

Description

By default Quarkus OIDC supports a client basic authentication when talking to OIDC providers. However, if a given OIDC provider supports only the client post authentication method and it is reported in the discovery doc, ex:

 "token_endpoint_auth_methods_supported": [
  "client_secret_post"
 ],

then there should be no need for the users to move to

quarkus.oidc.apple.credentials.client-secret.value=SECRET
quarkus.oidc.apple.credentials.client-secret.method=post

when 

quarkus.oidc.apple.credentials.secret=SECRET

is already set

Implementation ideas

Update OidcConfigurationMetadata to check the auth methods and if it is post only - switch to it

quarkus-bot[bot] commented 2 years ago

/cc @pedroigor

sberyozkin commented 2 years ago

or if it is the jwt secret method only; OidcClient should also be updated

FroMage commented 2 years ago

+1