[
https://issues.apache.org/jira/browse/NIFI-14618?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Peter Turcsanyi updated NIFI-14618:
-----------------------------------
Status: Patch Available (was: Open)
> JWTBearerOAuth2AccessTokenProvider should evaluate JWT ID property per token
> request
> ------------------------------------------------------------------------------------
>
> Key: NIFI-14618
> URL: https://issues.apache.org/jira/browse/NIFI-14618
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Peter Turcsanyi
> Assignee: Peter Turcsanyi
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The purpose of the JWT ID property is to provide a value for the "jti" claim
> in the token request, which should be a unique identifier for the request. It
> can be used by OAuth servers to detect replay attacks.
> Though it is possible to configure the JWT ID property with EL like
> ${UUID()}, it is evaluated only once in onEnabled() and the same value is
> used in the requests which can lead to
> {noformat}
> HTTP 400
> Response: [{"error":"invalid_client","error_description":"Client
> authentication with signed JWT failed: Token reuse detected"}]{noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
