Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SDK-3858] Support JWT Client Authentication #507

Merged
merged 2 commits into from
Jan 24, 2023
Merged

[SDK-3858] Support JWT Client Authentication #507

merged 2 commits into from
Jan 24, 2023

Conversation

jimmyjames
Copy link
Contributor

Changes

Adds the ability to authenticate using JWT Client Authentication instead of a client secret.

New classes:

  • ClientAssertionSigner - interface that defines the contract to create signed client authentication JWTs
  • RSAClientAssertionSigner - implementation that supports RS256 and RS384 signing

New methods:

  • AuthAPI.Builder#withClientAssertionSigning(ClientAssertionSigner signer) - configure the builder to use client assertion signing

Usage:

AuthAPI api = new AuthAPI.Builder("domain", "client-id")
    // defaults to RS256 algorithm
    .withClientAssertionSigning(new RSAClientAssertionSigner(rsaPrivateKey));
    .build();

A static method has also been added to AuthAPI for convenience:

AuthAPI api = AuthAPI.newBuilder("domain", "clientId", new RSAClientAssertionSigner(rsaPrivateKey)).build();

Note that in the event both a client secret and a client assertion is specified, the client assertion will be preferred.

References

https://openid.net/specs/openid-connect-core-1_0-15.html#ClientAuthentication

Testing

In addition to unit tests, tested using a client configured for client authentication and specified withClientAssertionSigner using an RSA signer from a public key in PEM format.

@jimmyjames jimmyjames requested a review from a team as a code owner January 24, 2023 01:36
@jimmyjames jimmyjames merged commit a78c3b2 into v2-dev Jan 24, 2023
@jimmyjames jimmyjames deleted the support-jwt-ca branch January 24, 2023 23:27
@jimmyjames jimmyjames mentioned this pull request Jan 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamjmcgrath adamjmcgrath adamjmcgrath approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jimmyjames @adamjmcgrath