Is the OIDC client RFC8707 compliant? #47996
-
|
In our organisation we use a SIDM as identity provider and they have enabled the RFC8707 on OAuth2 so that we need to provide an additional property in the body; resource Indicator. Is this enabled somehow in the extension already? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
/cc @pedroigor (oidc), @sberyozkin (oidc) |
Beta Was this translation helpful? Give feedback.
-
|
When requesting tokens, Quarkus does not know where the access token is intended to be forwarded to by the application. But the If you meant the
That will add it to the redirect URI as shown in https://www.rfc-editor.org/rfc/rfc8707.html#name-authorization-request. If this resource must also be included in the code exchange request as shown in https://www.rfc-editor.org/rfc/rfc8707.html#name-access-token-request, then you can add:
If you meant the
For the client credentials, or:
for the password grant, etc. Does it answer your question ? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, thanks. We use the client extension on a client_credentials grant type and this was exactly what I was looking for… |
Beta Was this translation helpful? Give feedback.
@MikaelAnderssonWigander
When requesting tokens, Quarkus does not know where the access token is intended to be forwarded to by the application.
But the
resourceindicator can be configured.If you meant the
quarkus-oidcextension, for it to add the resource indicator during the authorization code flow, then you can configure it as follows:quarkus.oidc.authentication.extra-params.resource=https://...That will add it to the redirect URI as shown in https://www.rfc-editor.org/rfc/rfc8707.html#name-authorization-request.
If this resource must also be included in the code exchange request as shown in https://www.rfc-editor.org/rfc/rfc8707.html#name-access-token-request, then you can add:
qu…