erlef/oidcc

ability to override preferred token auth methods

Closed this issue · 2 comments

Description

Currently, the order is hard-coded here: https://github.com/erlef/oidcc/blob/main/src/oidcc_token.erl#L879-L886

However, some Identity Providers (Keycloak, at least), by default won't accept any authentication type, even ones which it nominaly supports. Instead, each client is configured with a particular authorization type. If I set the authorization type in Keycloak to client_secret_jwt then everything is fine. The default is client_secret_post, which fails out of the box.

Ideally, it would be possible to override the preferred authentication type, at least with the retrieve_token call.

@paulswartz Sure, this would be a welcome addition.

It would probably make sense to add preferred_auth_methods to retrieve_opts. (As an ordered list of methods to try.)

A PR would be welcome for that.

Closing in favor of PR