David Handermann created NIFI-10259:
---------------------------------------
Summary: Improve Error Handling for Invalid JWT Bearer Tokens
Key: NIFI-10259
URL: https://issues.apache.org/jira/browse/NIFI-10259
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework, Core UI, Security
Reporter: David Handermann
Assignee: David Handermann
The default failure handler for Bearer Token authentication returns the
{{WWW-Authenticate}} HTTP response header for invalid tokens, but does not
include any response body. When user interface provides the Bearer Token in a
Cookie header, the failure handler does not remove cookie. This behavior should
be updated to return the error parameters in the response body and return a
Set-Cookie header that instructs the browser to remove the cookie.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
