lmccay commented on code in PR #876:
URL: https://github.com/apache/knox/pull/876#discussion_r1519964319
##########
gateway-provider-security-jwt/src/main/java/org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.java:
##########
@@ -238,10 +241,33 @@ public Pair<TokenType, String> getWireToken(final
ServletRequest request) {
}
}
+ /*
+ POST /{tenant}/oauth2/v2.0/token HTTP/1.1
+ Host: login.microsoftonline.com:443
+ Content-Type: application/x-www-form-urlencoded
+
+ client_id=535fb089-9ff3-47b6-9bfb-4f1264799865
+ &scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
+ &client_secret=sampleCredentials
+ &grant_type=client_credentials
+ */
+
+ // Let's check whether this is a client credentials oauth request or
whether
+ // the token has been configured for another usecase specific header
if (parsed == null) {
- token = request.getParameter(this.paramName);
- if (token != null) {
- parsed = Pair.of(TokenType.JWT, token);
+ String grantType = request.getParameter(GRANT_TYPE);
+ if (CLIENT_CREDENTIALS.equals(grantType)) {
+ // this is indeed a client credentials flow client_id and
+ // client_secret are expected now the client_id will be in
+ // the token as the token_id so we will get that later
+ token = request.getParameter(CLIENT_SECRET);
+ parsed = Pair.of(TokenType.Passcode, token);
+ }
Review Comment:
I can buy that. I'll change that and fix the type in the other comment.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
