[ https://issues.apache.org/jira/browse/NIFI-12550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann updated NIFI-12550: ------------------------------------ Affects Version/s: (was: 1.23.2) Status: Patch Available (was: In Progress) > Support OIDC Device Authorization Grant for API > ----------------------------------------------- > > Key: NIFI-12550 > URL: https://issues.apache.org/jira/browse/NIFI-12550 > Project: Apache NiFi > Issue Type: Improvement > Components: Security > Environment: NiFi with OIDC provider configured > Reporter: Igor Milavec > Assignee: David Handermann > Priority: Major > > Please add support for OIDC Device Authorization Grant. This is useful for > running scripts that access the NiFi API from the CLI. At this time the > options are: > # Copy __Secure-Authorization-Bearer cookie from the browser session: not > really a good practice, work and error prone > # Enable MTLS: painful for the users as the browser starts to frequently > challenge for the client cert and even if it worked fine, client certificate > management process is typically lagging behind OIDC identity management > # Use passwords: insecure and prohibited by policy > Having an API endpoint in the Access group that would allow the caller to > exchange OIDC id or refresh token for a NiFi session token would be perfect > for this use case. -- This message was sent by Atlassian Jira (v8.20.10#820010)