ability to override preferred token auth methods
Closed this issue · 2 comments
Description
Currently, the order is hard-coded here: https://github.com/erlef/oidcc/blob/main/src/oidcc_token.erl#L879-L886
However, some Identity Providers (Keycloak, at least), by default won't accept any authentication type, even ones which it nominaly supports. Instead, each client is configured with a particular authorization type. If I set the authorization type in Keycloak to client_secret_jwt
then everything is fine. The default is client_secret_post
, which fails out of the box.
Ideally, it would be possible to override the preferred authentication type, at least with the retrieve_token
call.
@paulswartz Sure, this would be a welcome addition.
It would probably make sense to add preferred_auth_methods
to retrieve_opts
. (As an ordered list of methods to try.)
A PR would be welcome for that.
Closing in favor of PR