This adds support for JWK selection by ID on a per-client basis, and allows multiple JWK's for the same algorithm.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
This adds support for the private_key_jwt client authentication method.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
This adds support for multiple JWK algorithms and keys and allows for per-client algorithm choices.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
This adds the authentication machinery for the client_secret_jwt to the Default Client Authentication Strategy.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
This adds a feature to OpenID Connect 1.0 where clients can be restricted to a specific client authentication mode, as well as implements some backend requirements for the private_key_jwt client authentication mode (and potentially the tls_client_auth / self_signed_tls_client_auth client authentication modes). It also adds some improvements to configuration defaults and validations which will for now be warnings but likely be made into errors.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
This adds support to configure multiple session cookie domains.
Closes#1198
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
This adds multiple consent modes to OpenID Connect clients. Specifically it allows configuration of a new consent mode called implicit which never asks for user consent.
This ensures we are able to follow referrals for LDAP password modify operations when permit_referrals is true.
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
James Elliott
Manuel Nuñez