Support of client certificates for Azure to be used instead of client secrets for OAuth 2.0 and OpenID

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: OAuth 2.0 Client
    • None

      Summary

      Currently, (Jira 9.2) configuration of OAuth 2.0 and OpenID integration requires client ID/secret usage and doesn't have any option to use a certificate instead. However, Azure has an option to use certificates (client assertion) instead of client secrets for additional security.

      For additional security, you can use a client certificate instead of a client secret. The client uses a certificate to prove the token request came from the client. The client certificate is stored in key vault.

      https://learn.microsoft.com/en-us/azure/architecture/multitenant-identity/client-certificate

      Introducing support for certificate usage would be beneficial for customers that require additional security.

            Assignee:
            Unassigned
            Reporter:
            Alexander Artemenko (Inactive)
            Votes:
            5 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated: