ClientSecretPostAuthenticationFilter
Supports client authentication with the method client_secret_post.
Clients that have received a client_secret value from the Authorization Server
authenticate by including the client credentials in the request body, as in the
following example:
POST /oauth2/token HTTP/1.1
Host: as.example.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&;
client_id=...&
client_secret=...&
code=...Use this filter with an endpoint Handler that requires client_secret_post
authentication. For example, endpointHandler in the
OAuth2TokenExchangeFilter or
ClientCredentialsOAuth2ClientFilter.
Usage
{
"name": string,
"type": "ClientSecretPostAuthenticationFilter",
"config": {
"clientId": configuration expression<string>,
"clientSecretId": configuration expression<secret-id>,
"secretsProvider": SecretsProvider reference
}
}Configuration
"clientId": configuration expression<string>, required-
The OAuth 2.0 client ID to use for authentication.
"clientSecretId": configuration expression<secret-id>, required-
The OAuth 2.0 client secret to use for authentication.
This secret ID must point to a GenericSecret.
"secretsProvider": SecretsProvider reference, required-
The SecretsProvider to query for passwords and cryptographic keys.