client_assertion Oauth2 auth profile

Question

A project I'm working on is looking to add an Authentication Profile which has a Client Assertion jwt on the Oauth2 call per rfc7523 . The auth server also is requiring a "client_assertion_type" parameter (jwt-bearer) to be passed in addition to the "client_assertion" which is getting populated when going through the access token request form. I've found plenty of examples for adding custom authentication headers to individual test steps, but not on access token requests. What's the best way to go about adding the additional parameter to authentication requests in a profile?

Worst case, we were looking at adding the Access Token requests as new test steps with a script to generate the assertion JWT and needed headers.

Any ideas are appreciated.

linder05 · Answer

Update: figured out that the "assertion" and "assertion_type" are being sent as parameters with those names, and not "client_assertion" and "client_assertion_type" per the spec. Currently investigating parameter forwarding, but would prefer if the IETF spec was supported.

Forum Discussion

client_assertion Oauth2 auth profile

1 Reply

Related Content

Problems with refresh OAuth2 token

Oauth2 bearer

Kafka topic using OAuth2 authentication

automating OAuth2 token retrieval

Specifying Oauth2 Redirect URI in SwaggerHub

Recent Discussions

Parameterising JDBC Connection Settings..Can you do it?

Test Runner - Report All in One File

GroovyScript Help - Repeating JSON Attributes Have Specific Value.....some of the time?

JDBC results are stored in the ReadyAPI project

MyFirstPlugin - button Project menu in Ready Api