Expected Behavior
We would like to add a client-certificate to the outbound request when fetching a JwkSetUrl from a configured client.
Current Behavior
RestTemplate is a static final variable in JwtClientAssertionDecoderFactory.java. It would be nice to expose Resttemplate, in order to configure it with the authorizationServerConfigurer. (same suggestion as in #1413)
The exposed method could be used in the authorizationServerConfigurer.AuthenticationProvider, e.g.
authenticationProviders.forEach((authenticationProvider) -> {
if (authenticationProvider instanceof JwtClientAssertionAuthenticationProvider) {
// Customize JwtClientAssertionDecoderFactory
JwtClientAssertionDecoderFactory jwtDecoderFactory = new JwtClientAssertionDecoderFactory();
jwtDecoderFactory.setRestTemplate(...).
}
}
Context
This issue only affects oAuth flows with private_key_jwt client authentication.
I would be able to create a PR if the suggestion of exposing RestTemplate is acceptable!
Expected Behavior
We would like to add a client-certificate to the outbound request when fetching a JwkSetUrl from a configured client.
Current Behavior
RestTemplate is a static final variable in JwtClientAssertionDecoderFactory.java. It would be nice to expose Resttemplate, in order to configure it with the
authorizationServerConfigurer. (same suggestion as in #1413)The exposed method could be used in the
authorizationServerConfigurer.AuthenticationProvider, e.g.Context
This issue only affects oAuth flows with private_key_jwt client authentication.
I would be able to create a PR if the suggestion of exposing RestTemplate is acceptable!