TeslaOAuth2ClientAuth.ClientSecretJWT (tesla_oauth2_client_auth v1.0.0) View Source
Tesla middleware that implements the "client_secret_jwt"
authentication scheme for
https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
The client configuration must contain a "client_secret"
member whose value is the
client secret (a String.t()
) or a JWK in its "jwks"
attribute that is suited for signature
and has a "kty"
of "oct"
.
To determine the MAC algorithm to use, this middleware:
- uses the client's
"token_endpoint_auth_signing_alg"
value if present, and check it against the server metadata"token_endpoint_auth_signing_alg_values_supported"
- otherwise uses the
"token_endpoint_auth_signing_alg_values_supported"
server metadata and picks one algorithm that is suitable for MACing - otherwise raises
Note that the body of the Tesla.Env
must be a map to be later serialized with
the Tesla.Middleware.FormUrlencoded
.
The options of this middleware are:
:jwt_lifetime
: the lifetime of the JWT in seconds. Defaults to30
:jwt_jti_callback
: a(TeslaOAuth2ClientAuth.opts() -> String.t())
function that returns the"jti"
field of the JWT. Defaults to a random 16-bytes base64 encoded string:jwt_additional_claims
: claims added to the JWT. They have precedence over the default claims