michaeljmarshall commented on a change in pull request #11931:
URL: https://github.com/apache/pulsar/pull/11931#discussion_r704755431
##########
File path:
pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/oauth2/protocol/TokenClient.java
##########
@@ -76,6 +77,9 @@ public TokenResult
exchangeClientCredentials(ClientCredentialsExchangeRequest re
bodyMap.put("client_id", req.getClientId());
bodyMap.put("client_secret", req.getClientSecret());
bodyMap.put("audience", req.getAudience());
Review comment:
I'll submit a PR to change the behavior. My main point is that the RFC
for this flow (https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2)
does not mention `audience`. The only IDP I know of that requires the
`audience` field is Auth0. As such, we shouldn't require that audience be set.
I don't think it will break client compatibility to demote a field from being
required to optional.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
