ClientSecretPostAuthenticationFilter
Supports client authentication with the method client_secret_post
.
Clients that have received a client_secret
value from the Authorization Server
authenticate by including the client credentials in the request body, as in the
following example:
POST /oauth2/token HTTP/1.1
Host: as.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&;
client_id=...&
client_secret=...&
code=...
Use this filter with an endpoint Handler
that requires client_secret_post
authentication. For example, endpointHandler
in the
OAuth2TokenExchangeFilter or
ClientCredentialsOAuth2ClientFilter.
Usage
{
"name": string,
"type": "ClientSecretPostAuthenticationFilter",
"config": {
"clientId": configuration expression<string>,
"clientSecretId": configuration expression<secret-id>,
"secretsProvider": SecretsProvider reference
}
}
Configuration
"clientId"
: configuration expression<string>, required-
The OAuth 2.0 client ID to use for authentication.
"clientSecretId"
: configuration expression<secret-id>, required-
The OAuth 2.0 client secret to use for authentication.
This secret ID must point to a GenericSecret.
"secretsProvider"
: SecretsProvider reference, required-
The SecretsProvider to use to resolve queried secrets, such as passwords and cryptographic keys. Provide either the name of a SecretsProvider object defined in the heap or specify a SecretsProvider object inline.