[
https://issues.apache.org/jira/browse/NIFI-10456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17653192#comment-17653192
]
ASF subversion and git services commented on NIFI-10456:
--------------------------------------------------------
Commit 4716c8d715918352ebd9e7aa897881127aa37c7d in nifi's branch
refs/heads/main from Esa Lindqvist
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=4716c8d715 ]
NIFI-10456 Added Client Authentication Strategy option to OAuth2 Provider
StandardOauth2AccessTokenProvider has been updated with new property `Client
Authentication Strategy` supporting Basic Authentication as recommended in RFC
6749. The changes maintain the current default implementation using Request
Body parameters
This closes #6782
Co-authored-by: David Handermann <[email protected]>
Signed-off-by: David Handermann <[email protected]>
> StandardOauth2AccessTokenProvider should send client credentials as Basic
> Authentication
> ----------------------------------------------------------------------------------------
>
> Key: NIFI-10456
> URL: https://issues.apache.org/jira/browse/NIFI-10456
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Affects Versions: 1.17.0
> Reporter: Esa Lindqvist
> Priority: Major
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> Currently the StandardOauth2AccessTokenProvider sends client credentials in
> the request body on token request. According to RFC 6749 (the OAuth2 spec)
> the preferred method would be to place the credentials in Basic
> Authentication, i.e. HTTP header
> {{Authorization: Basic base64(`${clientId}:${clientSecret}`)}}
> Furthermore, some authorization servers/identity providers do not support
> transmitting client credentials in the request body at all, making this
> access token provider useless.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
