Comments (4)
thabart
commented on May 31, 2024
At the moment only three authentication methods are supported : client_secret_basic, client_secret_post
The following ones need to be supported : client_secret_jwt, private_key_jwt
from simpleidentityserver.
thabart
commented on May 31, 2024
To support the "client_secret_jwt" we need to support this part : https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-40#appendix-A.2
The encryption mechanism (alg : RSA1_5 & enc : A128CBC_HS256) is now implemented in the "testing project". We also need to support the algorithms (https://tools.ietf.org/html/rfc7518#page-12):
==> RSA-OAEP : use OAEP
==> RSA-OAEP-256 : use OAEP & SHA256 & MGF1
And also the following encryptions methodologies (https://tools.ietf.org/html/rfc7518#page-22) :
==> A192CBC-HS384 : HMAC using SHA-256
==> A256CBC-HS512 : HMAC using SHA-512
from simpleidentityserver.
thabart
commented on May 31, 2024
Validate the Client assertion based on this RFC : https://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-12#section-3
from simpleidentityserver.
thabart
commented on May 31, 2024
TODO :
=> Write an another UT to test "client_secret_jwt"
=> How to test the issuer value ? Maybe the issuer is the client id ?
=> How to use the parameter "authentication_client_endpt"
=> For the encryption the "client_secret" should be used as the HMAC key
Good def
client_secret_jwt: the client uses the JWT Assertion profile with a symmetric secret issued by the server
private_key_jwt: the client uses the JWT Assertion profile with its own private key
from simpleidentityserver.
Related Issues (20)
- Returns the errors revoke edp
- Add configureawait in SimpleIdentityServer.Client
- Can update POST_LOGOUT_URIS in client screen
- Add more UTS for UMA edp
- Update personnal information in SCIM edp
- Don't display JSON error when unlink profile
- Add two bus (RabbitMq & InMemory)
- When two websites are authenticated against OPENID then issue
- Account filder add EF (inmemory, postgre etc ...)
- Share session_id cookie between browser instances
- Fix authentication via ADFS HOT 1
- Start to add provisioning between AD and SCIM HOT 1
- When use implicit workflow and sms auth don't send the SMS code twice
- Use same DBProvider for all the components (SID)
- Fix exception when trying to authenticate with invalid credentials
- Use latest version of ASP.NET CORE
- Add issuer into the access token
- Add SubjectBuilder
- Split the solution
- Is this package for me? ASP.Net Core querying external SCIM v2 API
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simpleidentityserver.