[jira] [Work logged] (KNOX-3273) Short Lived Tokens for Client Credential Flows

Sun, 08 Mar 2026 16:27:36 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-3273?focusedWorklogId=1008439&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1008439
 ]

ASF GitHub Bot logged work on KNOX-3273:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 08/Mar/26 23:25
            Start Date: 08/Mar/26 23:25
    Worklog Time Spent: 10m 
      Work Description: github-actions[bot] commented on PR #1171:
URL: https://github.com/apache/knox/pull/1171#issuecomment-4020245894

   ## Test Results
   7 tests   7 ✅  1s ⏱️
   1 suites  0 💤
   1 files    0 ❌
   
   Results for commit 596a71fa.
   
   
[test-results]:data:application/gzip;base64,H4sIAGgFrmkC/1WMyw6CMBBFf4V07aKtwFR/xoxTmkwEavpYEf/dgoCwu+fc5EzCcd9Fca/UpRIxc9rB5oCJ/bhiOdJ8wbYfMROdxYvfRchdOOT+JLoQfFhNyOPWm+cx9+N/beFDbOFji/wwcCogmluLoBxaCUbVDdWuRTJ0JSdRw1MasBZBa/H5ApyJiTP7AAAA
   




Issue Time Tracking
-------------------

    Worklog Id:     (was: 1008439)
    Time Spent: 20m  (was: 10m)

> Short Lived Tokens for Client Credential Flows
> ----------------------------------------------
>
>                 Key: KNOX-3273
>                 URL: https://issues.apache.org/jira/browse/KNOX-3273
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: JWT
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>            Priority: Major
>             Fix For: 3.0.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> This change will extend the client credentials flow support to include the 
> use of
> JWT tokens rather than long lived client_id and client_secret.
> This is preferred for scenarios where short lived JWTs are readily available 
> to clients
> such as Service Accounts within k8s clusters and projected JWT credentials.
> Rather than using client_id and client_secret as bearer or HTTP basic 
> credentials,
> we will use the client_assertion param based on the client_assertion_type of 
> "urn:ietf:params:oauth:client-assertion-type:jwt-bearer".
> POST /token.oauth2 HTTP/1.1
> Content-Type: application/x-www-form-urlencoded
> grant_type=client_credentials&
> client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&
> client_assertion=eyJhbGciOiJSUzI1NiJ9...  <- K8s SA JWT
> scope=openid profile email



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to