Eetami opened a new pull request, #6782:
URL: https://github.com/apache/nifi/pull/6782
Both the OAuth2TokenProviderImpl and StandardOauth2AccessTokenProvider
have been updated to send client credentials (client id and secret) as
HTTP Basic authentication, such as
```
Authorization: Basic Zm9vOmJhcgo=
```
According to RFC 6749 (The OAuth2.0 Authorization Framework)...
> The authorization server MUST support the HTTP Basic
authentication scheme for authenticating clients that were issued a
client password.
And...
> [..] the authorization server MAY support including the
client credentials in the request-body [..]
But...
> Including the client credentials in the request-body using the two
parameters is NOT RECOMMENDED and SHOULD be limited to clients unable
to directly utilize the HTTP Basic authentication scheme [..]
<!-- Licensed to the Apache Software Foundation (ASF) under one or more -->
<!-- contributor license agreements. See the NOTICE file distributed with
-->
<!-- this work for additional information regarding copyright ownership. -->
<!-- The ASF licenses this file to You under the Apache License, Version 2.0
-->
<!-- (the "License"); you may not use this file except in compliance with -->
<!-- the License. You may obtain a copy of the License at -->
<!-- http://www.apache.org/licenses/LICENSE-2.0 -->
<!-- Unless required by applicable law or agreed to in writing, software -->
<!-- distributed under the License is distributed on an "AS IS" BASIS, -->
<!-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. -->
<!-- See the License for the specific language governing permissions and -->
<!-- limitations under the License. -->
# Summary
[NIFI-10456](https://issues.apache.org/jira/browse/NIFI-10456)
# Tracking
Please complete the following tracking steps prior to pull request creation.
### Issue Tracking
- [x] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue
created
### Pull Request Tracking
- [x] Pull Request title starts with Apache NiFi Jira issue number, such as
`NIFI-00000`
- [x] Pull Request commit message starts with Apache NiFi Jira issue number,
as such `NIFI-00000`
### Pull Request Formatting
- [x] Pull Request based on current revision of the `main` branch
- [x] Pull Request refers to a feature branch with one commit containing
changes
# Verification
Updated unit tests for StandardOauth2AccessTokenProvider
### Build
Some hiccups in rat check for nifi-grpc-bundle (note that it is unmodified
in this change). Some protobuf dependency had an unrecognized Google license.
Apart from that everything went well.
- [x] Build completed using `mvn clean install -P contrib-check`
- [ ] JDK 8
- [ ] JDK 11
- [x] JDK 17
### Licensing
No new dependencies
- [x] New dependencies are compatible with the [Apache License
2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License
Policy](https://www.apache.org/legal/resolved.html)
- [x] New dependencies are documented in applicable `LICENSE` and `NOTICE`
files
### Documentation
No documentation changes, other than updates to javadoc for
StandardOauth2AccessTokenProvider
- [x] Documentation formatting appears as expected in rendered files
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
