TeslaOAuth2ClientAuth.PrivateKeyJWT (tesla_oauth2_client_auth v1.0.0) View Source
Tesla middleware that implements the "private_key_jwt"
authentication scheme for
https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
The client configuration must contain a "jwks"
member whose value is a list of JWKs,
including private keys. This middleware will sign the JWTs with the first encryption key
found that conforms to the signature algorithm.
To determine the signature algorithm to use, this middleware:
- uses the client's
"token_endpoint_auth_signing_alg"
value if present, and check it against the server metadata"token_endpoint_auth_signing_alg_values_supported"
- otherwise uses the
"token_endpoint_auth_signing_alg_values_supported"
server metadata and picks one algorithm that is suitable for signing - otherwise raises
The options of this middleware are:
:jwt_lifetime
: the lifetime of the JWT in seconds. Defaults to30
:jwt_jti_callback
: a(TeslaOAuth2ClientAuth.opts() -> String.t())
function that returns the"jti"
field of the JWT. Defaults to a random 16-bytes base64 encoded string:jwt_additional_claims
: claims added to the JWT. They have precedence over the default claims