ClientSecretBasicAuthenticationFilter
Supports client authentication with the method client_secret_basic
. Clients
that have received a client_secret
value from the Authorization Server
authenticate through the HTTP basic access authentication scheme, as in the
following example:
POST /oauth2/token HTTP/1.1
Host: as.example.com
Authorization: Basic ....
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&
code=...
Use this filter with an endpoint Handler
that requires client_secret_basic
authentication. For example, endpointHandler
in the
OAuth2TokenExchangeFilter or
ClientCredentialsOAuth2ClientFilter.
Usage
{
"name": string,
"type": "ClientSecretBasicAuthenticationFilter",
"config": {
"clientId": configuration expression<string>,
"clientSecretId": configuration expression<secret-id>,
"secretsProvider": SecretsProvider reference
}
}
Configuration
"clientId"
: configuration expression<string>, required-
The OAuth 2.0 client ID to use for authentication.
"clientSecretId"
: configuration expression<secret-id>, required-
The OAuth 2.0 client secret to use for authentication.
This secret ID must point to a GenericSecret.
"secretsProvider"
: SecretsProvider reference, required-
The SecretsProvider to use to resolve queried secrets, such as passwords and cryptographic keys. Provide either the name of a SecretsProvider object defined in the heap or specify a SecretsProvider object inline.
Example
{
"name": "ExchangeHandler",
"type": "Chain",
"config": {
"handler": "ForgeRockClientHandler",
"filters": [
{
"type": "ClientSecretBasicAuthenticationFilter",
"config": {
"clientId": "serviceConfidentialClient",
"clientSecretId": "client.secret.id",
"secretsProvider" : "SystemAndEnvSecretStore-1"
}
}
]
}
}