Demonstrate client_secret_jwt client auth

josephdecock · josephdecock · commit e74a2de352a5 · 2025-06-13T14:52:47.000-05:00
diff --git a/identity-server/clients/src/ConsolePrivateKeyJwtClient/Program.cs b/identity-server/clients/src/ConsolePrivateKeyJwtClient/Program.cs
@@ -57,27 +57,40 @@
         }
         """;
 
+var hmacKey =
+    """
+        {
+            "kty":"oct",
+            "kid":"10909c7f-d6e0-49eb-9af9-fb06076df8e1",
+            "k":"JXhpjmgEVdhO0OzwyUQ2hCFuuSU9mABtclOcqT1kqaQ",
+            "alg":"HS256"
+        }
+    """;
+
 // X.509 cert
 var certificate = X509CertificateLoader.LoadPkcs12FromFile(path: "client.p12", password: "changeit");
 var x509Credential = new X509SigningCredentials(certificate);
 
 var response = await RequestTokenAsync(x509Credential);
 response.Show();
-
 await CallServiceAsync(response.AccessToken);
 
 // RSA JsonWebkey
 var jwk = new JsonWebKey(rsaKey);
 response = await RequestTokenAsync(new SigningCredentials(jwk, "RS256"));
 response.Show();
+await CallServiceAsync(response.AccessToken);
 
+// EC JsonWebKey
+jwk = new JsonWebKey(hmacKey);
+response = await RequestTokenAsync(new SigningCredentials(jwk, "HS256"));
+response.Show();
 await CallServiceAsync(response.AccessToken);
 
 // EC JsonWebKey
 jwk = new JsonWebKey(ecKey);
 response = await RequestTokenAsync(new SigningCredentials(jwk, "ES256"));
 response.Show();
-
 await CallServiceAsync(response.AccessToken);
 
 // Graceful shutdown
diff --git a/identity-server/hosts/Shared/Configuration/ClientsConsole.cs b/identity-server/hosts/Shared/Configuration/ClientsConsole.cs
@@ -120,9 +120,9 @@ public static class ClientsConsole
                         Value =
                             """
                             {
+                                "kty":"RSA",
                                 "e":"AQAB",
                                 "kid":"ZzAjSnraU3bkWGnnAqLapYGpTyNfLbjbzgAPbbW2GEA",
-                                "kty":"RSA",
                                 "n":"wWwQFtSzeRjjerpEM5Rmqz_DsNaZ9S1Bw6UbZkDLowuuTCjBWUax0vBMMxdy6XjEEK4Oq9lKMvx9JzjmeJf1knoqSNrox3Ka0rnxXpNAz6sATvme8p9mTXyp0cX4lF4U2J54xa2_S9NF5QWvpXvBeC4GAJx7QaSw4zrUkrc6XyaAiFnLhQEwKJCwUw4NOqIuYvYp_IXhw-5Ti_icDlZS-282PcccnBeOcX7vc21pozibIdmZJKqXNsL1Ibx5Nkx1F1jLnekJAmdaACDjYRLL_6n3W4wUp19UvzB1lGtXcJKLLkqB6YDiZNu16OSiSprfmrRXvYmvD8m6Fnl5aetgKw"
                             }
                             """
@@ -141,6 +141,19 @@ public static class ClientsConsole
                                 "kid":"1"
                             }
                             """
+                    },
+                    new Secret
+                    {
+                        Type = IdentityServerConstants.SecretTypes.JsonWebKey,
+                        Value =
+                        """
+                        {
+                            "kty":"oct",
+                            "kid":"10909c7f-d6e0-49eb-9af9-fb06076df8e1",
+                            "k":"JXhpjmgEVdhO0OzwyUQ2hCFuuSU9mABtclOcqT1kqaQ",
+                            "alg":"HS256"
+                        }
+                        """
                     }
                 },
                 AllowedGrantTypes = GrantTypes.ClientCredentials,
