[
https://issues.apache.org/jira/browse/KNOX-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandor Molnar updated KNOX-3175:
--------------------------------
Description:
Testing a simple Passcode token flow between Knox and Hive (using beeline)
constantly fails because the authentication challenge is aborted due to Knox
cuts the connection during that operation.
The reason for that is that Knox consumes the entire request body to find out
if this is a Client Credentials flow. We don't need to read those parameters
from the request body because Servlet API extracts parameters from form-encoded
POST requests (which is the case for OAuth flows).
We should also preserve the check we added in the scope of KNOX-3037: the
client secret parameter MUST NOT be present as a query param.
was:TODO
> Client credential flow validation drains request body
> -----------------------------------------------------
>
> Key: KNOX-3175
> URL: https://issues.apache.org/jira/browse/KNOX-3175
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 2.0.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 2.1.0
>
>
> Testing a simple Passcode token flow between Knox and Hive (using beeline)
> constantly fails because the authentication challenge is aborted due to Knox
> cuts the connection during that operation.
> The reason for that is that Knox consumes the entire request body to find out
> if this is a Client Credentials flow. We don't need to read those parameters
> from the request body because Servlet API extracts parameters from
> form-encoded POST requests (which is the case for OAuth flows).
> We should also preserve the check we added in the scope of KNOX-3037: the
> client secret parameter MUST NOT be present as a query param.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
