libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Re-add notes about not supporting DPoP and holder-of-key in the remaining adapters

Browse source 
Closes #30874

Signed-off-by: rmartinc <rmartinc@redhat.com>
This commit is contained in:
rmartinc 2024-07-24 09:39:24 +02:00 committed by Marek Posolda
parent 5b62857a03
commit 9f2eddead8
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
docs/documentation/server_admin/topics/clients/oidc/con-advanced-settings.adoc
View file

@ -92,6 +92,11 @@ In the following cases, {project_name} will verify the client sending the access
See https://datatracker.ietf.org/doc/html/draft-ietf-oauth-mtls-08#section-3[Mutual TLS Client Certificate Bound Access Tokens] in the OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens for more details.
[NOTE]
====
{project_name} client adapters do not support holder-of-key token verification. {project_name} adapters treat access and refresh tokens as bearer tokens.
====
[[_dpop-bound-tokens]]
*OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP)*
@ -120,6 +125,11 @@ In the following cases, {project_name} will verify the client sending the access
See https://datatracker.ietf.org/doc/html/rfc9449[OAuth 2.0 Demonstrating Proof of Possession (DPoP)] for more details.
[NOTE]
====
{project_name} client adapters do not support DPoP holder-of-key token verification. {project_name} adapters treat access and refresh tokens as bearer tokens.
====
:tech_feature_name: DPoP
:tech_feature_id: dpop
include::../../templates/techpreview.adoc[]