Client authentication configuration private_key_jwt

Authorization server configuration to use private_key_jwt

  1. Go to:
    Loginapp >> OAuth 2.0/OIDC Authorization Servers >> OAuth 2.0/OIDC Authorization Server >> OAuth 2.0 Token Endpoint
  2. In property Client Authentication create and edit a OpenID Connect Private Key JWT Authentication plugin.
  3. In property SQL Data Source select the already existing JDBC Connection Pool plugin from the drop-down.

Client configuration of private_key_jwt

For the authorization server to authenticate a client correctly, each client needs to be configured with a list of acceptable public keys.

  1. Go to:
    Loginapp >> OAuth 2.0/OIDC Authorization Servers >> OAuth 2.0/OIDC Authorization Server >> OAuth 2.0 Static Clients >> OAuth 2.0 Static Client
  2. In Authentication Settings in property Public Keys create and configure an OAuth 2.0 Client Public Key plugin
  3. In property Public Key paste the client's key in PEM format.
  4. If only one public key needs to be configured, the Key ID property is optional. It is mandatory if more than one key needs to be configured.

Clean-up job for private_key_jwt

  1. Go to:
    Service Container >> Task Scheduler Config >> Service
  2. In property Tasks create or edit the existing Task Schedule for the OAuth 2.0 Clean-up Task plugin.
  3. In property Cleanup Accepted Client Assertions select the checkbox to enable this feature.