[mitreid-connect] Authenticating the Consumer for the authorisation?

Lachezar Dobrev l.dobrev at paladin.bulgarpress.com
Tue Feb 24 06:09:23 EST 2015


  Hey all.

  I am developing an OpenID-Connect provider.
  After some serious head-banging I've succeeded in making a provider
that the MitreID-Connect simple-web-app can authenticate/authorise via.

  Now the problem I'm facing is authenticating the authorisation
requests. The implementation has an authorisation procedure that costs
money. However the authorisation request only contains a client_id that
can be (relatively) easily duplicated and used to perform authorisation
requests on behalf of a real client.
  If I understand correctly the authentication/authorisation process
begins with the Client forwarding the User for the Provider, hence no
Headers can be sent with the Authorisation request.
  What options do I have to authenticate the Client?


More information about the mitreid-connect mailing list