[
https://issues.apache.org/jira/browse/KNOX-3175?focusedWorklogId=977263&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-977263
]
ASF GitHub Bot logged work on KNOX-3175:
----------------------------------------
Author: ASF GitHub Bot
Created on: 01/Aug/25 07:45
Start Date: 01/Aug/25 07:45
Worklog Time Spent: 10m
Work Description: smolnar82 merged PR #1070:
URL: https://github.com/apache/knox/pull/1070
Issue Time Tracking
-------------------
Worklog Id: (was: 977263)
Time Spent: 20m (was: 10m)
> Client credential flow validation drains request body
> -----------------------------------------------------
>
> Key: KNOX-3175
> URL: https://issues.apache.org/jira/browse/KNOX-3175
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 2.0.0
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 2.1.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Testing a simple Passcode token flow between Knox and Hive (using beeline)
> constantly fails because the authentication challenge is aborted due to Knox
> cuts the connection during that operation.
> The reason for that is that Knox consumes the entire request body to find out
> if this is a Client Credentials flow. We don't need to read those parameters
> from the request body because Servlet API extracts parameters from
> form-encoded POST requests (which is the case for OAuth flows).
> We should also preserve the check we added in the scope of KNOX-3037: the
> client secret parameter MUST NOT be present as a query param.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
