libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

KEYCLOAK-12615 HS384 and HS512 support for Client Authentication by Client Secret Signed JWT

Browse source
This commit is contained in:
Takashi Norimatsu 2020-01-15 09:38:58 +09:00 committed by Marek Posolda
parent 829fc13e89
commit 678d80cbc8
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
securing_apps/topics/oidc/java/client-authentication.adoc
View file

@ -66,11 +66,16 @@ The client has a secret, which needs to be known to both the adapter (applicatio
---- ----
"credentials": { "credentials": {
"secret-jwt": { "secret-jwt": {
"secret": "19666a4f-32dd-4049-b082-684c74115f28" "secret": "19666a4f-32dd-4049-b082-684c74115f28",
"algorithm": "HS512"
} }
} }
---- ----
The "algorithm" field specifies the algorithm for Signed JWT using Client Secret. It needs to be one of the following values : HS256, HS384, and HS512. For details, please refer to https://tools.ietf.org/html/rfc7518#section-3.2[JSON Web Algorithms (JWA)].
This "algorithm" field is optional so that HS256 is applied automatically if the "algorithm" field does not exist on the `keycloak.json` file.
===== Add Your Own Client Authentication Method ===== Add Your Own Client Authentication Method
You can add your own client authentication method as well. You will need to implement both client-side and server-side providers. For more details see the `Authentication SPI` section in link:{developerguide_link}[{developerguide_name}]. You can add your own client authentication method as well. You will need to implement both client-side and server-side providers. For more details see the `Authentication SPI` section in link:{developerguide_link}[{developerguide_name}].