OAuth + Digital Certificate

[Leonardo Alexandre Ferreira Leite]

Hi!

I'm studying the OAuth protocol and so far I have learned OAuth is an authorization protocol. It can be used to authentication, but it seems to be not so OK, and in this is case it's even called "pseudo-authentication". So, Open ID Connect would be a better approach, a solution combining Open ID authentication and OAuth authorization mechanisms.

In my company we do not use OAuth yet, but we provide APIs whose clients are authenticated by digital certificate using the SSL protocol.

So the question is: what if I want to use OAuth authorization combined with Digital Certificate authentication (over SSL)? Would this be a smooth combination? Does anyone see any issue? Does anyone have already seen anything like this? In particular... would be not strange to the client authenticate with digital certificate and even though have to handle the OAuth client secrete?

Thanks!!!

Leonardo Leite