[
https://issues.apache.org/jira/browse/NIFI-10456?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Esa Lindqvist updated NIFI-10456:
---------------------------------
Summary: StandardOauth2AccessTokenProvider should send client credentials
as Basic Authentication (was: StandardOauth2AccessTokenProvider should send
credentials as Basic Authentication)
> StandardOauth2AccessTokenProvider should send client credentials as Basic
> Authentication
> ----------------------------------------------------------------------------------------
>
> Key: NIFI-10456
> URL: https://issues.apache.org/jira/browse/NIFI-10456
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Affects Versions: 1.17.0
> Reporter: Esa Lindqvist
> Priority: Major
>
> Currently the StandardOauth2AccessTokenProvider sends client credentials in
> the request body on token request. According to RFC 6749 (the OAuth2 spec)
> the preferred method would be to place the credentials in Basic
> Authentication, i.e. HTTP header
> {{Authorization: Basic base64(`${clientId}:${clientSecret}`)}}
> Furthermore, some authorization servers/identity providers do not support
> transmitting client credentials in the request body at all, making this
> access token provider useless.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
