oauth_tls_client_auth.rdoc

doc/oauth_tls_client_auth.rdoc
Last Update: 2024-11-29 16:14:00 +0000

Documentation for OAuth TLS Client Auth feature

The oauth_tls_client_auth feature implements the OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens.

datatracker.ietf.org/doc/html/rfc8705

This feature depends on the oauth_base feature. If the oauth_jwt_base feature is in use (if you require certificate-bound access tokens, for example), it must be loaded after it.

Auth Value Methods

oauth_tls_client_certificate_bound_access_tokens

Enables certificate-bound access tokens for all applications (false by default).

oauth_applications_tls_client_auth_subject_dn_column

the db column where the expected subject distinguished name of the client certificate is stored, :tls_client_auth_subject_dn by default.

oauth_applications_tls_client_auth_san_dns_column

the db column where the expected dnsName SAN entry of the client certificate is stored, :tls_client_auth_san_dns by default.

oauth_applications_tls_client_auth_san_uri_column

the db column where the expected uniformResourceIdentifier SAN entry of the client certificate is stored, :tls_client_auth_san_uri by default.

oauth_applications_tls_client_auth_san_ip_column

the db column where the expected iPAddress SAN entry of the client certificate is stored, :tls_client_auth_san_ip by default.

oauth_applications_tls_client_auth_san_email_column

the db column where the expected rfc822Name SAN entry of the client certificate is stored, :tls_client_auth_san_email by default.

oauth_applications_tls_client_certificate_bound_access_tokens_column

the db column where the certificate bound access tokens can be turned for the client account is stored, false by default.

oauth_grants_certificate_thumbprint_column

the db column where the certificate thumbprint is stored to verify the certificate bound access tokens of an oauth grant, false by default.