OIDC Client should consider Identity Provider configuration for the handling of client secrets

Current Situation

• OIDC Identity Providers offer the /.well-known/openid-configuration endpoint to receive information about the provider's capabilities.
• This includes the handling of client secrets which is specified from the token_endpoint_auth_methods_supported node of the above endpoint response.
  • client_secret_basic: the client secret is added to the HTTP Authorization header.
  • client_secret_post: the client secret is sent along with a post operation to authenticate.
  • none: the client secret remains with the Client and is not used in any request.
• The OIDC Identity Service supports the client_secret_post setting and ignores other settings.

Desired Behavior

• The OIDC Identity Service should support any of the above settings for the handling of client secrets.

Patch

• Download the patch available for Linux and Windows:
  • https://download.sos-berlin.com/patches/2.5.3-patch/js7_joc.2.5.3-PATCH.GUI-2.JOC-1558.tar.gz [sha256] [sig] [tsr]
• Follow the instructions available from the below link.