[
https://issues.apache.org/jira/browse/NIFI-12550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann reassigned NIFI-12550:
---------------------------------------
Assignee: David Handermann
> Support OIDC Device Authorization Grant for API
> -----------------------------------------------
>
> Key: NIFI-12550
> URL: https://issues.apache.org/jira/browse/NIFI-12550
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Security
> Affects Versions: 1.23.2
> Environment: NiFi with OIDC provider configured
> Reporter: Igor Milavec
> Assignee: David Handermann
> Priority: Major
>
> Please add support for OIDC Device Authorization Grant. This is useful for
> running scripts that access the NiFi API from the CLI. At this time the
> options are:
> # Copy __Secure-Authorization-Bearer cookie from the browser session: not
> really a good practice, work and error prone
> # Enable MTLS: painful for the users as the browser starts to frequently
> challenge for the client cert and even if it worked fine, client certificate
> management process is typically lagging behind OIDC identity management
> # Use passwords: insecure and prohibited by policy
> Having an API endpoint in the Access group that would allow the caller to
> exchange OIDC id or refresh token for a NiFi session token would be perfect
> for this use case.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
