Nelson B. created KAFKA-16345:
---------------------------------
Summary: Optionally allow urlencoding clientId and clientSecret in
authorization header
Key: KAFKA-16345
URL: https://issues.apache.org/jira/browse/KAFKA-16345
Project: Kafka
Issue Type: Bug
Reporter: Nelson B.
When a client communicates with OIDC provider to retrieve an access token
RFC-6749 says that clientID and clientSecret must be urlencoded in the
authorization header. (see [https://tools.ietf.org/html/rfc6749#section-2.3.1)]
However, it seems that in practice some OIDC providers do not enforce this, so
I was thinking about introducing a new configuration parameter that will
optionally urlencode clientId & clientSecret in the authorization header.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
