-
With commit ad28b94f "Validate client_id and client_secret values" the mediator started paying attention to client authentication. Since our integration test cargo-culted some configuration parameter straight from the GitLab configuration examples the mediator ended up implementing what the OpenID-Connect spec calls the `client_secret_post` authentication method, see https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication Unfortunately, the spec also says that the actual default is `client_secret_basic`, so any real world usage is bound to fail unless some specific configuration is applied. To minimize confusion, let's drop the cargo-culted option from the example and add a note pointing to the spec and to the upstream GitLab documentation, while still keeping the `client_secret_post` usage in the GitLab integration test to exercise the codepath. Signed-off-by:
Emanuele Aina <emanuele.aina@collabora.com>With commit ad28b94f "Validate client_id and client_secret values" the mediator started paying attention to client authentication. Since our integration test cargo-culted some configuration parameter straight from the GitLab configuration examples the mediator ended up implementing what the OpenID-Connect spec calls the `client_secret_post` authentication method, see https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication Unfortunately, the spec also says that the actual default is `client_secret_basic`, so any real world usage is bound to fail unless some specific configuration is applied. To minimize confusion, let's drop the cargo-culted option from the example and add a note pointing to the spec and to the upstream GitLab documentation, while still keeping the `client_secret_post` usage in the GitLab integration test to exercise the codepath. Signed-off-by:
Emanuele Aina <emanuele.aina@collabora.com>
