Merge pull request #1294 from ahus1/is-1293-update-dpop-docs

Update docs that DPoP requires a private signing key
OpenIDC · Jan 2, 2025 · 4d4b8e0 · 4d4b8e0
2 parents 1a9d348 + afa2335
commit 4d4b8e0
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/auth_openidc.conf b/auth_openidc.conf
@@ -314,6 +314,7 @@
 #  optional: a DPoP token is requested from the OP but we'll continue even if the returned token is Bearer
 #  required: a DPoP token is requested from the OP and we'll fail if the returned token type is not DPoP
 # When not defined "off" is used.
+# To be able to request a DPoP token, OIDCPrivateKeyFiles/OIDCPublicKeyFiles settings require a RSA/EC private signing key.
 # NB: this can be overridden on a per-OP basis in the .conf file using the key: dpop_mode
 # The 2nd parameter is used to optionally enable an API for creating DPoP proofs on:
 #   <redirect_uri>?dpop=<access_token>&url=<url>[&method=<method][&nonce=<nonce>]