Igor Milavec created NIFI-12550:
-----------------------------------
Summary: Support OIDC Device Authorization Grant for API
Key: NIFI-12550
URL: https://issues.apache.org/jira/browse/NIFI-12550
Project: Apache NiFi
Issue Type: Improvement
Components: Security
Affects Versions: 1.23.2
Environment: NiFi with OIDC provider configured
Reporter: Igor Milavec
Please add support for OIDC Device Authorization Grant. This is useful for
running scripts that access the NiFi API from the CLI. At this time the options
are:
# Copy __Secure-Authorization-Bearer cookie from the browser session: not
really a good practice, work and error prone
# Enable MTLS: painful for the users as the browser starts to frequently
challenge for the client cert and even if it worked fine, client certificate
management process is typically lagging behind OIDC identity management
# Use passwords: insecure and prohibited by policy
Having an API endpoint in the Access group that would allow the caller to
exchange OIDC id or refresh token for a NiFi session token would be perfect for
this use case.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
