Context
Per RFC 6749 §2.3 (and AS metadata token_endpoint_auth_methods_supported), the client must send its credentials to the token endpoint using whichever method the AS advertises:
client_secret_basic → HTTP Basic Authorization: Basic base64(client_id:client_secret)client_secret_post → form-encoded client_id + client_secret body paramsnone → public client; only client_id in body, no secret
Scope
- Strategy interface
TokenEndpointAuthInterface + three implementations.
- Auto-select implementation based on AS metadata's preferred method (intersect with what the client supports/has).
Conformance scenarios unblocked
auth/token-endpoint-auth-basic, auth/token-endpoint-auth-post, auth/token-endpoint-auth-none.
Dependencies
Blocked by: #318, #319.
Acceptance
- Unit tests per strategy.
- Conformance: 3 baseline scenarios pass.
cc @soyuka
Context
Per RFC 6749 §2.3 (and AS metadata
token_endpoint_auth_methods_supported), the client must send its credentials to the token endpoint using whichever method the AS advertises:client_secret_basic→ HTTP BasicAuthorization: Basic base64(client_id:client_secret)client_secret_post→ form-encodedclient_id+client_secretbody paramsnone→ public client; onlyclient_idin body, no secretScope
TokenEndpointAuthInterface+ three implementations.Conformance scenarios unblocked
auth/token-endpoint-auth-basic,auth/token-endpoint-auth-post,auth/token-endpoint-auth-none.Dependencies
Blocked by: #318, #319.
Acceptance
cc @soyuka