Forum Discussion

linder05's avatar
New Contributor
2 years ago

client_assertion Oauth2 auth profile

A project I'm working on is looking to add an Authentication Profile which has a Client Assertion jwt on the Oauth2 call per rfc7523 . The auth server also is requiring a "client_assertion_type" parameter (jwt-bearer) to be passed in addition to the "client_assertion" which is getting populated when going through the access token request form.  I've found plenty of examples for adding custom authentication headers to individual test steps, but not on access token requests. What's the best way to go about adding the additional parameter to authentication requests in a profile?

Worst case, we were looking at adding the Access Token requests as new test steps with a script to generate the assertion JWT and needed headers.


Any ideas are appreciated.

1 Reply

  • linder05's avatar
    New Contributor

    Update: figured out that the "assertion" and "assertion_type" are being sent as parameters with those names, and not "client_assertion" and "client_assertion_type" per the spec. Currently investigating parameter forwarding, but would prefer if the IETF spec was supported.