jwks for oauth20 protected URLS

[scottdear]

Given that the rest of the config is set up correctly

If I have
<Location /protected>
AuthType openid-connect
Require valid-user

I can call https://myhost.com/protected/oauth2callback?jwks=rsa

And I can get the jwks JSON structure returns.

If I have

<Location /api>
AuthType oauth20
Require valid-user

Calling https://myhost.com/api/oauth2callback?jwks=rsa returns an "Unauthorized" error.

It would be most desirable for the jwks delivery to work on oauth20 protected URL's as well as OpenIDC protected URL's

[zandbelt]

So I've made some improvements here but the fix is not as clean as I would like it to be: you'll still need 3 OpenID Connect specific settings to enable this (e.g. OIDCRedirectURI now needs to point to an oauth20 protected path) but at least you would not need to protect a path using openid-connect anymore; a minimal config could look like:

  OIDCCryptoPassphrase 0123456789
  OIDCRedirectURI https://localhost/protected-api/
  OIDCMetadataDir /var/cache/apache2/mod_auth_openidc/metadata

  OIDCPublicKeyFiles  /opt/local/apache2/certs/localhost.pem
  OIDCPrivateKeyFiles /opt/local/apache2/certs/localhost.key

  OIDCOAuthSSLValidateServer Off
  OIDCOAuthClientID client
  OIDCOAuthClientSecret secret
  OIDCOAuthIntrospectionEndpoint https://localhost/as/token.oauth

  <Location /protected-api>
    Authtype oauth20
    Require valid-user
  </Location>