Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CIBA grant type to oidc-client #34356

Closed
Eng-Fouad opened this issue Jun 28, 2023 · 1 comment · Fixed by #34357
Closed

Add CIBA grant type to oidc-client #34356

Eng-Fouad opened this issue Jun 28, 2023 · 1 comment · Fixed by #34357
Labels
area/oidc kind/enhancement New feature or request
Milestone
3.3.0.CR1

Comments

@Eng-Fouad
Copy link
Contributor

Description

Add CIBA grant type: urn:openid:params:grant-type:ciba to OidcClientConfig, as some providers already support CIBA protocol (e.g. Keycloak).

OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0

quarkus/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/OidcClientConfig.java

Lines 54 to 88 in 1eb8437

public static class Grant {
public static enum Type {
/**
* 'client_credentials' grant requiring an OIDC client authentication only
*/
CLIENT("client_credentials"),
/**
* 'password' grant requiring both OIDC client and user ('username' and 'password') authentications
*/
PASSWORD("password"),
/**
* 'authorization_code' grant requiring an OIDC client authentication as well as
* at least 'code' and 'redirect_uri' parameters which must be passed to OidcClient at the token request time.
*/
CODE("authorization_code"),
/**
* 'urn:ietf:params:oauth:grant-type:token-exchange' grant requiring an OIDC client authentication as well as
* at least 'subject_token' parameter which must be passed to OidcClient at the token request time.
*/
EXCHANGE("urn:ietf:params:oauth:grant-type:token-exchange"),
/**
* 'urn:ietf:params:oauth:grant-type:jwt-bearer' grant requiring an OIDC client authentication as well as
* at least an 'assertion' parameter which must be passed to OidcClient at the token request time.
*/
JWT("urn:ietf:params:oauth:grant-type:jwt-bearer"),
/**
* 'refresh_token' grant requiring an OIDC client authentication and a refresh token.
* Note, OidcClient supports this grant by default if an access token acquisition response contained a refresh
* token.
* However, in some cases, the refresh token is provided out of band, for example, it can be shared between
* several of the confidential client's services, etc.
* If 'quarkus.oidc-client.grant-type' is set to 'refresh' then `OidcClient` will only support refreshing the
* tokens.
*/
REFRESH("refresh_token");

Implementation ideas

No response
@Eng-Fouad Eng-Fouad added the kind/enhancement New feature or request label Jun 28, 2023
@quarkus-bot
Copy link

quarkus-bot bot commented Jun 28, 2023

/cc @pedroigor (oidc), @sberyozkin (oidc)

@Eng-Fouad Eng-Fouad mentioned this issue Jun 28, 2023
Merged
@Eng-Fouad Eng-Fouad changed the title Add Grant.Type.CIBA to OidcClientConfig Add CIBA grant type to oidc-client Jul 2, 2023
@quarkus-bot quarkus-bot bot added this to the 3.3 - main milestone Jul 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/oidc kind/enhancement New feature or request
Projects
None yet
Milestone
3.3.0.CR1
Development

Successfully merging a pull request may close this issue.

Add CIBA grant type to oidc-client Eng-Fouad/quarkus
1 participant
@Eng-Fouad