Token endpoint authentication method supports only Basic Auth

Question

Token endpoint authentication method supports only Basic Auth

Opened this issue a year ago · 0 comments

The OidcClient currently only supports authentication with the token endpoint using Basic Auth.

https://github.com/vaulttec/sonar-auth-oidc/blob/v2.1.1/src/main/java/org/vaulttec/sonarqube/auth/oidc/OidcClient.java#L168

TokenRequest request = new TokenRequest(tokenEndpointURI, new ClientSecretBasic(getClientId(), getClientSecret()),
          new AuthorizationCodeGrant(authorizationCode, new URI(callbackUrl)));

It is sometimes necessary (due to security/other factors) to use different methods like client secret POST, which makes it more difficult to use the plugin when the Basic Auth is not supported for the token endpoint.

Would be great if the authentication method was configurable.