marcel-hamer
commented
11 months ago Open LorenzoLeonardo opened 1 year ago
marcel-hamer
commented
11 months ago 
seanpianka
commented
9 months ago Is this fork safe to merge into the mainline? I'm interested in using this for Apple SSO
fiadliel
commented
9 months ago Just to note, I think this implements §2.2 of RFC 7523, but not §2.1 (which requires a new grant type).
seanpianka
commented
9 months ago I will do what I can by forking and modifying it on my own to support that section... trying to avoid handrolling an oauth2 implementation if possible for Apple's SSO!
seanpianka
commented
9 months ago Apple's SSO seemed to only require a dynamic client_secret, as described in their docs here. I've essentially just added a step before requesting an access token in my own codebase that generates this JWT using jwt-simple, then overwrite the client secret with that value.
ramosbugs
commented
8 months ago JWTs add significant complexity that I would like to avoid in this crate. See earlier comment. Just as I implemented OpenID Connect in a separate crate on top of this one, I think RFC 7523 is complex enough to merit its own crate (maintained by someone else).
If there are API changes needed to this crate in order to be able to build that separate crate (e.g., stuff like add_extra_param), I'd be happy to discuss those.
marcel-hamer
commented
7 months ago For me it works fine setting the client_assertion and client_assertion_type through the add_extra_param() function. I have only used and tested §2.2 of RFC 7523 for now.
Don't we support urn:ietf:params:oauth:grant-type:jwt-bearer in getting an access token?