[mitreid-connect] Authenticating the Consumer for the authorisation?
Lachezar Dobrev
l.dobrev at paladin.bulgarpress.com
Tue Feb 24 06:09:23 EST 2015
Hey all.
I am developing an OpenID-Connect provider.
After some serious head-banging I've succeeded in making a provider
that the MitreID-Connect simple-web-app can authenticate/authorise via.
Now the problem I'm facing is authenticating the authorisation
requests. The implementation has an authorisation procedure that costs
money. However the authorisation request only contains a client_id that
can be (relatively) easily duplicated and used to perform authorisation
requests on behalf of a real client.
If I understand correctly the authentication/authorisation process
begins with the Client forwarding the User for the Provider, hence no
Headers can be sent with the Authorisation request.
What options do I have to authenticate the Client?
More information about the mitreid-connect
mailing list