Failing test for TokenEndpointAuthenticationSigningAlgorithmsSupported

Author: josephdecock

identity-model/src/IdentityModel/Client/Messages/DiscoveryDocumentResponse.cs

@@ -254,6 +254,13 @@ protected override Task InitializeAsync(object? initializationData = null)
     /// </value>
     public IEnumerable<string> TokenEndpointAuthenticationMethodsSupported => TryGetStringArray(OidcConstants.Discovery.TokenEndpointAuthenticationMethodsSupported);
 
+    /// <summary>
+    /// Gets the signing algorithms supported by the token endpoint for the signature on the JWT used to authenticate
+    /// the client at the token endpoint for the "private_key_jwt" and "client_secret_jwt" authentication methods.
+    /// </summary>
+    public IEnumerable<string> TokenEndpointAuthenticationSigningAlgorithmsSupported => [];
+
+
     /// <summary>
     /// Gets the supported backchannel token delivery modes.
     /// </summary>

identity-model/test/IdentityModel.Tests/HttpClientExtensions/DiscoveryExtensionsTests.cs

@@ -306,6 +306,18 @@ public async Task Strongly_typed_accessors_should_behave_as_expected()
         claims.ShouldContain("phone_number");
         claims.ShouldContain("phone_number_verified");
 
+        // Token Authentication Methods
+        var tokenEndpointAuthMethods = disco.TokenEndpointAuthenticationMethodsSupported.ToList();
+        tokenEndpointAuthMethods.Count.ShouldBe(3);
+        tokenEndpointAuthMethods.ShouldContain("client_secret_post");
+        tokenEndpointAuthMethods.ShouldContain("client_secret_basic");
+        tokenEndpointAuthMethods.ShouldContain("private_key_jwt");
+
+        // Token Authentication Signing Algorithms for private_key_jwt
+        var tokenEndpointAuthSigningAlgorithms = disco.TokenEndpointAuthenticationSigningAlgorithmsSupported.ToList();
+        tokenEndpointAuthSigningAlgorithms.Count.ShouldBe(1);
+        tokenEndpointAuthSigningAlgorithms.ShouldContain("RS256");
+
         // JWKS data
         disco.KeySet.Keys.Count.ShouldBe(1);
         disco.KeySet.Keys.First().Kid.ShouldBe("a3rMUgMFv9tPclLa6yF3zAkfquE");

identity-model/test/IdentityModel.Tests/documents/discovery.json

@@ -79,7 +79,11 @@
   ],
   "token_endpoint_auth_methods_supported": [
     "client_secret_post",
-    "client_secret_basic"
+    "client_secret_basic",
+    "private_key_jwt"
+  ],
+  "token_endpoint_auth_signing_alg_values_supported": [
+    "RS256"
   ],
   "require_pushed_authorization_requests": true
-}
+}