Commits on Sep 14, 2020

1. Oidc additional client auth types (elastic#58708) …

   The OpenID Connect specification defines a number of ways for a
   client (RP) to authenticate itself to the OP when accessing the
   Token Endpoint. We currently only support `client_secret_basic`.
   
   This change introduces support for 2 additional authentication
   methods, namely `client_secret_post` (where the client credentials
   are passed in the body of the POST request to the OP) and
   `client_secret_jwt` where the client constructs a JWT and signs
   it using the the client secret as a key.
   
   Support for the above, and especially `client_secret_jwt` in our
   integration tests meant that the OP we use ( Connect2id server )
   should be able to validate the JWT that we send it from the RP.
   Since we run the OP in docker and it listens on an ephemeral port
   we would have no way of knowing the port so that we can configure
   the ES running via the testcluster to know the "correct" Token
   Endpoint, and even if we did, this would not be the Token Endpoint
   URL that the OP would think it listens on. To alleviate this, we
   run an ES single node cluster in docker, alongside the OP so that
   we can configured it with the correct hostname and port within
   the docker network.

   

   jkakavas authored and ywangd committed Sep 14, 2020
   Configuration menu

   • View commit details
   • Copy full SHA for 13491e0
   • Browse repository at this point

   Copy the full SHA

   13491e0 View commit details

   Browse the repository at this point in the history