first draft

2022-04-15 14:07:32 +10:00 · 2022-04-15 14:07:32 +10:00 · 2140cbf33c
commit 2140cbf33c
parent a6ad6604aa
3 changed files with 4 additions and 5 deletions
--- a/pkg/op/config.go
+++ b/pkg/op/config.go
@ -27,6 +27,7 @@ type Configuration interface {
 	GrantTypeRefreshTokenSupported() bool
 	GrantTypeTokenExchangeSupported() bool
 	GrantTypeJWTAuthorizationSupported() bool
+	GrantTypeClientCredentialsSupported() bool
 	IntrospectionAuthMethodPrivateKeyJWTSupported() bool
 	IntrospectionEndpointSigningAlgorithmsSupported() []string
 	RevocationAuthMethodPrivateKeyJWTSupported() bool
--- a/pkg/op/discovery.go
+++ b/pkg/op/discovery.go
@ -75,6 +75,9 @@ func GrantTypes(c Configuration) []oidc.GrantType {
 	if c.GrantTypeRefreshTokenSupported() {
 		grantTypes = append(grantTypes, oidc.GrantTypeRefreshToken)
 	}
+	if c.GrantTypeClientCredentialsSupported() {
+		grantTypes = append(grantTypes, oidc.GrantTypeClientCredentials)
+	}
 	if c.GrantTypeTokenExchangeSupported() {
 		grantTypes = append(grantTypes, oidc.GrantTypeTokenExchange)
 	}
--- a/pkg/op/token_client_credentials.go
+++ b/pkg/op/token_client_credentials.go
@ -98,11 +98,6 @@ func AuthorizeClientCredentialsClient(ctx context.Context, request *oidc.ClientC
 		return nil, oidc.ErrUnauthorizedClient()
 	}

-	am := client.AuthMethod()
-	if am != oidc.AuthMethodBasic || am != oidc.AuthMethodPost {
-		return nil, oidc.ErrInvalidClient().WithDescription("auth_method %s not supported for client_credentials grant.", am)
-	}
-
 	return client, nil
 }