- changed status to invalid
Create jwt-bearer grant TokenRequest without ClientAuthentication
Issue #306
invalid
Hi,
I’m trying to perform a TokenRequest using a JWTBearerGrant. When initializing the TokenRequest object, it expects a ClientAuthentication object, and explicitly checks that it is not null. However, I have no need for client authentication here and I am under the impression from RFC 7523 that it is not required:
Authentication of the client is optional, as described in
Section 3.2.1 of OAuth 2.0 [RFC6749] and consequently, the
"client_id" is only needed when a form of client authentication that
relies on the parameter is used.
Is this a bug, or should I be doing this another way?
Comments (1)
-
- Log in to comment
Hi Boet,
Use this constructor which takes in a client_id instead of a client authentication object:
https://www.javadoc.io/static/com.nimbusds/oauth2-oidc-sdk/8.19/com/nimbusds/oauth2/sdk/TokenRequest.html#%3Cinit%3E(java.net.URI,com.nimbusds.oauth2.sdk.id.ClientID,com.nimbusds.oauth2.sdk.AuthorizationGrant)
For some examples:
https://connect2id.com/products/nimbus-oauth-openid-connect-sdk/examples/oauth/token-request