Support for additional client authentication methods at external IdP

Feature: We need Auth0 to support more authentication methods for an external IdP with OIDC/OAuth
Description: One of the identity providers we are using for authentication are depreciating authentication with secrets, and we need to support one of the following:

Shall support client authentication using either:

  • β€œ private_key_jwt ”, as described by OpenID Connect for interactive sessions.
  • Client Assertions as described by RFC 7521 and RFC7523.
  • Mutual-TLS for OAuth Client Authentication as described by RFC 8705 . (This is not supported by HelseID yet)

https://helseid.atlassian.net/wiki/spaces/HELSEID/pages/296583194/Security+profile+for+HelseID+Clients

I found a feature request for mTLS when calling auth0, but no request for other methods when using an external IdP.

Use-case: We are building applications for healthcare providers in the nordics, and need to be conformant to the national identity providers for healthcare professionals, and also citizens.

Hey there!

Thanks for creating this feedback card. Let’s see who else will be interested in such improvement!

1 Like

Hi,

We are in the same situation, developing practice management systems in the nordics and wholeheartedly support this feature request. It’s actually make or break for if we can use auth0 at all.

2 Likes