Client Registration with Signed JWT

we have a use case where we want to register new clients on KeyCloak using the Client Registration Service.
We want our client to authenticate through Signed JWT.

The service support different providers, my question is if we go with openid-connect is there a way to set the clientAuthenticatorType or we have to use the default provider?

Hi Guys,

We have a similar use case as @denisky outlined above, but can see no response to date.

We’re working in the Australian Open Banking domain and are looking at implementing a light-weight local mocked “data-holder” (Bank) and are hoping Keycloak will be able to provide the OAuth2 OIDC features we need. One of these features is “Dynamic Client Register” and I can see Keycloak offers the “Client Registration” feature.

I’ve seen examples of a JSON post requests being sent to the “registration_endpoint”, however our requirements, as can been seen from the above link, needs to allow us to pass in a Signed JWT.

We would expect that the signed JWT would be validated against the provided JWKS_URI claim and we’ll also need to be able to validate the “software_statement” claim and possible store and use the values from this SSA as its from a trusted source (ie redirect_uris, jwks_uri etc)

Any advise / guidance on this would be appreciated.