I do not think UAA currently supports the draft-ietf-oauth-mtls-04 to use a TLS client certificate instead of using client-id/client-secret to authenticate the OAuth client.

Is this or something similar on UAA's future roadmap? 

 

Hi Brian - 

Thanks for the comment/question.  

We're interested in understanding your intentions should UAA support the draft-ietf-oauth-mtls-04?  What value does it provide your organization over the client-id/client-secret authentication workflow?

Regards,
Dan Beneke