[
https://issues.apache.org/jira/browse/NIFI-4244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann resolved NIFI-4244.
------------------------------------
Resolution: Won't Fix
The current StandardOauth2AccessTokenProvider supports Client Credentials and
Password grants. The Implicit Grant flow is not recommend due to security
issues, so any new efforts should focus on NIFI-4243 and the Authorization Code
Grant flow.
https://oauth.net/2/grant-types/implicit/
> OAuth 2 Authorization support - Implicit Grant
> ----------------------------------------------
>
> Key: NIFI-4244
> URL: https://issues.apache.org/jira/browse/NIFI-4244
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Jeremy Dyer
> Priority: Major
>
> If your interacting with REST endpoints on the web chances are you are going
> to run into an OAuth2 secured webservice. The IETF (Internet Engineering Task
> Force) defines 4 methods in which OAuth2 authorization can occur. This JIRA
> is focused solely on the Implicit Grant method defined at
> https://tools.ietf.org/html/rfc6749#section-4.2
> This implementation should provide a ControllerService in which the enduser
> can configure the credentials for obtaining the authorization grant (access
> token) from the resource owner. In turn a new property will be added to the
> InvokeHTTP processor (if it doesn't already exist from one of the other JIRA
> efforts similar to this one) where the processor can reference this
> controller service to obtain the access token and insert the appropriate HTTP
> header (Authorization: Bearer {access_token}) so that the InvokeHTTP
> processor can interact with the OAuth protected resources without having to
> worry about setting up the credentials for each InvokeHTTP processor saving
> time and complexity.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
