Using X.509 certificates as a mechanism for OAuth client authentication #uaa


I do not think UAA currently supports the draft-ietf-oauth-mtls-04 to use a TLS client certificate instead of using client-id/client-secret to authenticate the OAuth client.

Is this or something similar on UAA's future roadmap? 


Dan Beneke

Hi Brian - 

Thanks for the comment/question.  

We're interested in understanding your intentions should UAA support the draft-ietf-oauth-mtls-04?  What value does it provide your organization over the client-id/client-secret authentication workflow?

Dan Beneke