[jira] [Work logged] (KNOX-3312) Client Credentials Flow with HTTP Basic needs Unwrapped Servlet Request

Fri, 01 May 2026 20:28:08 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-3312?focusedWorklogId=1018321&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1018321
 ]

ASF GitHub Bot logged work on KNOX-3312:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 02/May/26 03:26
            Start Date: 02/May/26 03:26
    Worklog Time Spent: 10m 
      Work Description: lmccay opened a new pull request, #1218:
URL: https://github.com/apache/knox/pull/1218

   (It is very **important** that you created an Apache Knox JIRA for this 
change and that the PR title/commit message includes the Apache Knox JIRA ID!)
   
   [KNOX-3312](https://issues.apache.org/jira/browse/KNOX-3312) - A short 
description of the change
   
   ## What changes were proposed in this pull request?
   
   Current implementation can't get to the grant_type request param.
   
   Unit tests mock out the requests and make it hard to tease this out as an 
issue.
   
   When we know that there is an Authorization header and that it is Basic then 
we need to check whether there is the hardcoded username of token or passcode 
and if not, unwrap the request to check for a grant_type for OAuth 
client_credentials and handle it appropriately.
   
   Current implementation tries to check that but the params are hidden by the 
wrappers.
   
   ## How was this patch tested?
   
   All existing unit and integration tests were run and it was manually tested.
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 1018321)
    Remaining Estimate: 0h
            Time Spent: 10m

> Client Credentials Flow with HTTP Basic needs Unwrapped Servlet Request
> -----------------------------------------------------------------------
>
>                 Key: KNOX-3312
>                 URL: https://issues.apache.org/jira/browse/KNOX-3312
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: JWT
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>            Priority: Major
>             Fix For: 3.0.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Current implementation can't get to the grant_type request param.
> Unit tests mock out the requests and make it hard to tease this out as an 
> issue.
> When we know that there is an Authorization header and that it is Basic then 
> we need to check whether there is the hardcoded username of token or passcode 
> and if not, unwrap the request to check for a grant_type for OAuth 
> client_credentials and handle it appropriately.
> Current implementation tries to check that but the params are hidden by the 
> wrappers.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to