I'm curious about the same site thing too. @aaronpk already dove into the protocol and found pretty vanilla OIDC impl with a ECDSA private_key_jwt authentication type.
So far there's no docs on what you can do with the access token. I suspect using it may require also including the client_secret which is a signed JWT, or who knows. Here's the working code: github.com/aaronpk/sign-in-w…
Jun 3, 2019 · 11:01 PM UTC