Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing dpop_signing_alg_values_supported property from Authorization Server metadata #23372

Open
adibmbrk opened this issue Mar 6, 2025 · 0 comments
Open

Missing dpop_signing_alg_values_supported property from Authorization Server metadata #23372

adibmbrk opened this issue Mar 6, 2025 · 0 comments
Labels
Type/Improvement

Comments

@adibmbrk
Copy link
Contributor

adibmbrk commented Mar 6, 2025

Current Limitation

Description:
As per RFC 9449, Authorization Servers that support DPoP, must provide a list of supported DPoP signing algorithms using the metadata property dpop_signing_alg_values_supported. The presence of this property is an indication that the Authorization Server supports DPoP.

Currently when enabling support for DPoP using org.wso2.carbon.identity.dpop, the relevant metadata property is not present in /oauth2/token/.well-known/openid-configuration.

More info can be found here.

Suggested Improvement

Include the DPoP metadata property dpop_signing_alg_values_supported in the /oauth2/token/.well-known/openid-configuration

Version

DPoP Connector Version 1.0.10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type/Improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adibmbrk