Discovery does not return token_endpoint_auth_signing_alg_values_supported
`token_endpoint_auth_signing_alg_values_supported` is only related to private_key_jwt and client_secret_jwt client authentication methods at the token endpoint, which we do not support. See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata for more details. Signed-off-by: Aram Price <pricear@vmware.com>
This commit is contained in:
parent
648fa4b9ba
commit
e1ae48f2e4
@ -31,10 +31,9 @@ type Metadata struct {
|
||||
|
||||
// vvv Optional vvv
|
||||
|
||||
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
|
||||
TokenEndpointAuthSigningAlgoValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
|
||||
ScopesSupported []string `json:"scopes_supported"`
|
||||
ClaimsSupported []string `json:"claims_supported"`
|
||||
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
|
||||
ScopesSupported []string `json:"scopes_supported"`
|
||||
ClaimsSupported []string `json:"claims_supported"`
|
||||
|
||||
// ^^^ Optional ^^^
|
||||
}
|
||||
@ -58,9 +57,8 @@ func NewHandler(issuerURL string) http.Handler {
|
||||
SubjectTypesSupported: []string{"public"},
|
||||
IDTokenSigningAlgValuesSupported: []string{"ES256"},
|
||||
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
|
||||
TokenEndpointAuthSigningAlgoValuesSupported: []string{"RS256"},
|
||||
ScopesSupported: []string{"openid", "offline"},
|
||||
ClaimsSupported: []string{"groups"},
|
||||
ScopesSupported: []string{"openid", "offline"},
|
||||
ClaimsSupported: []string{"groups"},
|
||||
}
|
||||
if err := json.NewEncoder(w).Encode(&oidcConfig); err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
|
@ -43,9 +43,8 @@ func TestDiscovery(t *testing.T) {
|
||||
SubjectTypesSupported: []string{"public"},
|
||||
IDTokenSigningAlgValuesSupported: []string{"ES256"},
|
||||
TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"},
|
||||
TokenEndpointAuthSigningAlgoValuesSupported: []string{"RS256"},
|
||||
ScopesSupported: []string{"openid", "offline"},
|
||||
ClaimsSupported: []string{"groups"},
|
||||
ScopesSupported: []string{"openid", "offline"},
|
||||
ClaimsSupported: []string{"groups"},
|
||||
},
|
||||
},
|
||||
{
|
||||
|
@ -472,7 +472,6 @@ func requireWellKnownEndpointIsWorking(t *testing.T, supervisorScheme, superviso
|
||||
"authorization_endpoint": "%s/oauth2/authorize",
|
||||
"token_endpoint": "%s/oauth2/token",
|
||||
"token_endpoint_auth_methods_supported": ["client_secret_basic"],
|
||||
"token_endpoint_auth_signing_alg_values_supported": ["RS256"],
|
||||
"jwks_uri": "%s/jwks.json",
|
||||
"scopes_supported": ["openid", "offline"],
|
||||
"response_types_supported": ["code"],
|
||||
|
Loading…
Reference in New Issue
Block a user