Description
Description
Hi we need some changes in the Keycloak because we are currently working on a protocol extension based on the FUNKEN challenge for OpenID4VCI: https://www.sprind.org/de/challenges/eudi-wallet-prototypes/
The challenge does not completely apply to the current states of the specification
- https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html
- https://openid.net/specs/openid-4-verifiable-presentations-1_0.html
and therefore we need to customize some parts that will simply be custom-provider implementations.
For this I have already added a few pull-requests that are directly related to the challenge and that have blocked us in developing the customized providers:
At least one of these is a quick-fix because I am missing the time to make everything nice and clean
The changes that are a MUST for us are marked with required change
- Implement DPoP for all grantTypes keycloak#29967 (required change)
- Add getter-methods to OAuth2GrantType.Context keycloak#31077 (required change)
- Manipulate OpenID redirect-response with custom implementation keycloak#31087 (required change - quick-fix)
- Make ProofType a string instead of enum keycloak#31000 (required change)
- Exchange Enum type of Format for String keycloak#30875 (required change)
- Issuer id must be a URL according to specification keycloak#30961 (optional)
- Add required default-context value to VerifiableCredential keycloak#30959 (optional)
- Remove java.util.Date from VerifiableCredential keycloak#30920 (optional but recommeded)
there is also an issue on which a colleague of mine is currently working on. We could provide our own custom-implementaton for this but I think it is a good idea to support this natively in keycloak:
- Authentication Flow Condition : evaluate ACR before authentication keycloak#30572
- Authentication Flow Condition : request attributes keycloak#30573
We will probably provide a few more pull-requests based on this. Would be great if the working group and core-team could support us to make at least the required changes available for keycloak 26.
Discussion
No response
Motivation
No response
Details
No response